Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

System Check Malware manual removal

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

System Check Malware manual removal

Unread postby phmcad » February 13th, 2012, 2:55 pm

I am looking for assistance in manually removing "system check" from my other laptop.
It has blocked me from accessing the internet, with the exception of when I am in safe mode.

I ran hijackthis, but it is not allowing me to save the scan and has blocked other attempts I have made.

Thanks,
Ken
phmcad
Active Member
 
Posts: 5
Joined: February 13th, 2012, 2:45 pm
Advertisement
Register to Remove

Re: System Check Malware manual removal

Unread postby mambass » February 13th, 2012, 4:01 pm

Hi Ken, :)

Welcome to the forum.

My nickname is mambass and I'll be helping you with any malware problems.

Before we begin...please read and follow these important guidelines so things will proceed smoothly.

  1. If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
  2. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  3. Please read all instructions carefully before executing them and perform the steps in the order given.
    lf you have any questions or problems executing these instructions then <<STOP>> do not proceed but rather post back with the question or problem.
  4. Your security programs may give warnings for some of the tools I will ask you to use. Be assured that any links I give are safe.
  5. You must have Administrator rights permissions for this computer.
  6. DO NOT run any other fix or removal tools unless instructed to do so!
  7. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  8. Only post your problem at one (1) help site. Applying fixes from multiple help sites can cause problems.
  9. Only reply to this thread. Do not start another thread.
  10. The absence of symptoms does not imply the absence of malware. Please continue responding until I give you the "All Clean".
  11. You might want to place a link to this thread in your Favorites/Bookmarks for easy access.
  12. No Reply Within 3 Days Will Result In Your Topic Being Closed! Please let me know in advance if you will not be able to reply within this time limit.
  13. The logs I request can take a while to research so please be patient.
  14. I am currently in training at Malware Removal University. Each set of instructions that I provide will be reviewed by a faculty member before being posted to this thread. This process may add a small amount of time to my replies. On the positive side you will have two people working together to resolve your malware issues.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection. I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system or to necessitate you taking your computer to a repair shop.

Because of this I advise you to backup any personal files and folders before you start.

How to back up or transfer your data on a Windows-based computer

-----------------------------------------------------------

I am currently reviewing your situation and will return as soon as possible with additional instructions.

Thanks,

mambass
User avatar
mambass
Retired Graduate
 
Posts: 826
Joined: April 23rd, 2010, 9:26 am

Re: System Check Malware manual removal

Unread postby mambass » February 13th, 2012, 10:39 pm

Hi Ken, :)
PM from Ken wrote: Thanks, FYI I actually completed a file backup the morning of the infection no new files were created in between. That's the one piece of good news.
Thank you for the additional information. However, please post all communications in this thread rather than via a Private Message.

I'm at a bit of a disadvantage in that I do not know what operating system you are using or whether your computer is using a 32-bit or a 64-bit processor. The instructions below are written for Windows XP. If you are running either Vista or Windows 7 on the infected computer then, when the instructions tell you to double-click on an icon to run a program, you will need to right-click the icon and select "Run As Administrator" instead of double-clicking the icon.

Try to execute these instructions on the infected machine while that machine is booted into Normal Mode. If the programs will not run then please try again after booting into Safe Mode.

  1. Download programs to be transferred to the infected computer
    Perform these steps on the laptop that is functioning properly.
    1. Click here to download RogueKiller.exe and save it to your Desktop.
    2. Click here to download OTL.exe by Old Timer and save it to your Desktop.

  2. Transfer programs to the infected computer
    Using a USB Flash Drive, a CD/DVD or an external drive, transfer RogueKiller.exe and OTL.exe to the Desktop of the infected computer.

    The remaining steps should be performed on the infected computer. If you have Internet access on that computer after running the scans then reply with the requested logs from that computer otherwise transfer the logs back to the good computer and reply from there.

  3. Run RogueKiller
    1. Quit all running programs.
    2. Double click RogueKiller.exe to run it.
    3. When prompted, type 1 and hit Enter.
    4. A RKreport.txt should appear on your desktop.
    5. Note: If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe .
    6. Please post the contents of the RKreport.txt in your next Reply.

  4. Run a Scan with OTL
    Note:The "Include 64 bit scans" checkbox in Step 2 below will only be available if your computer is running on a 64-bit processor. Please ignore this one checkbox if your computer is running on a 32-bit processor.
    1. Double-click the OTL icon on your Desktop to run the program.
    2. Check the boxes labeled :
      • Include 64 bit scans <-- 64 bit processor only
      • Scan All Users
      • LOP check
      • Purity check
      • Extra Registry > Use SafeList
    3. Make sure all other windows are closed so that it can run uninterrupted.
    4. Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan won't take long.
    5. When the scan completes, it will open two notepad windows. OTL.Txt will be displayed and Extras.Txt will be minimized. These are saved in the same location as OTL. (desktop)
    6. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

  5. Internet access status
    Please let me know in your reply if you were able to access the Internet from the infected computer after executing the above steps.


Please include in your reply (use separate posts if more convenient):
  1. The text of any error messages and/or a description of any problems you encountered while performing these steps.
  2. The contents of the RKreport.txt log.
  3. The contents of the OTL.txt and Extras.txt logs.
  4. An indication as to whether you are now able to access the Internet from the infected computer.


mambass
User avatar
mambass
Retired Graduate
 
Posts: 826
Joined: April 23rd, 2010, 9:26 am

Re: System Check Malware manual removal

Unread postby phmcad » February 14th, 2012, 1:52 pm

I had to go into safe mode with networking to download roguekiller and OTL onto this computer here is the first report. Shortly after I ran roguekiller windows shut down in safe mode and rebooted in normal, several icons had returned to the desktop, but the window under the start button was still cloaked. Internet was still blocked so I am back in safe mode with networking.


RogueKiller V7.0.4 [02/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Safe mode with network support
User: Ken [Admin rights]
Mode: Scan -- Date : 02/14/2012 11:29:01

¤¤¤ Bad processes: 2 ¤¤¤
[BLACKLIST] d3d10_1.dll -- C:\Windows\system32\d3d10_1.dll -> UNLOADED
[SUSP PATH] HelpPane.exe -- C:\Windows\helppane.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 24 ¤¤¤
[SUSP PATH] HKLM\[...]\Run : XAyrXMNieLwFUhF.exe (C:\ProgramData\XAyrXMNieLwFUhF.exe) -> FOUND
[HJPOL] HKCU\[...]\System : DisableTaskMgr (1) -> FOUND
[HJPOL] HKLM\[...]\System : DisableTaskMgr (1) -> FOUND
[HJ] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyComputer (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSearch (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowControlPanel (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9160821AS ATA Device +++++
--- User ---
[MBR] 48054ccb3d033d147493768a2cb75a66
[BSP] a1aeceb1fbc56af8823bed480c7825a2 : Acer tatooed MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 9993 Mo
1 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 20466810 | Size: 71453 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 166802895 | Size: 71178 Mo
User != LL1 ... KO!
--- LL1 ---
[MBR] 4e2646b2478b9e481449ff6d4ce9164b
[BSP] a1aeceb1fbc56af8823bed480c7825a2 : Acer tatooed MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 9993 Mo
1 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 20466810 | Size: 71453 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 166802895 | Size: 71178 Mo
3 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 312576705 | Size: 2 Mo
User != LL2 ... KO!
--- LL2 ---
[MBR] 4e2646b2478b9e481449ff6d4ce9164b
[BSP] a1aeceb1fbc56af8823bed480c7825a2 : Acer tatooed MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 9993 Mo
1 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 20466810 | Size: 71453 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 166802895 | Size: 71178 Mo
3 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 312576705 | Size: 2 Mo

Finished : << RKreport[1].txt >>
RKreport[1].txt
phmcad
Active Member
 
Posts: 5
Joined: February 13th, 2012, 2:45 pm

Re: System Check Malware manual removal

Unread postby phmcad » February 14th, 2012, 2:12 pm

for clarity I attempted both downloading these to programs to disk and thumb drive and the reading of both was blocked both in normal and safe mode, which is how I ended up at safe mode with networking. After rogue killer was run, firefox was still being hidden, internet access is limited to within safe mode still.

OTL logfile created on: 2/14/2012 11:55:06 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ken\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 57.93% Memory free
4.21 Gb Paging File | 3.55 Gb Available in Paging File | 84.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.78 Gb Total Space | 9.45 Gb Free Space | 13.54% Space Free | Partition Type: NTFS
Drive D: | 69.51 Gb Total Space | 50.04 Gb Free Space | 71.99% Space Free | Partition Type: NTFS

Computer Name: GREG-BRADY | User Name: Ken | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/14 11:28:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ken\Desktop\OTL.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/19 01:33:11 | 000,498,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\HelpPane.exe


========== Modules (No Company Name) ==========

MOD - [2009/04/11 00:28:22 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (Symantec RemoteAssist)
SRV - File not found [Auto | Stopped] -- -- (FastUserSwitchingCompatibility)
SRV - [2012/02/12 15:59:10 | 000,156,672 | -H-- | M] (Intel Corporation ) [Auto | Stopped] -- C:\Windows\System32\NCUSBw32.dll -- (NecUsb3)
SRV - [2011/04/16 18:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Stopped] -- C:\Program Files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe -- (N360)
SRV - [2010/11/19 06:57:14 | 001,150,936 | -H-- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/15 14:02:36 | 000,366,840 | -H-- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/10/16 17:26:20 | 000,860,160 | -H-- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/10/16 16:54:34 | 000,466,944 | -H-- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/01/19 01:33:32 | 000,005,632 | -H-- | M] (Oak Technology Inc.) [Auto | Stopped] -- C:\Windows\System32\serial.dll -- (netwg311)
SRV - [2007/05/03 03:48:52 | 000,537,520 | -H-- | M] ( ) [Auto | Stopped] -- C:\Windows\System32\lxbtcoms.exe -- (lxbt_device)
SRV - [2007/04/24 20:17:34 | 000,024,576 | -H-- | M] () [Auto | Stopped] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/02/07 01:04:26 | 000,457,512 | -H-- | M] (HiTRSUT) [Auto | Stopped] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007/01/31 19:18:42 | 000,053,248 | -H-- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007/01/26 15:24:42 | 000,050,688 | -H-- | M] () [Auto | Stopped] -- C:\Acer\ALaunch\ALaunchSvc.exe -- (ALaunchService)
SRV - [2007/01/02 10:33:24 | 000,135,168 | -H-- | M] (acer) [Auto | Stopped] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2006/12/28 21:07:22 | 000,126,976 | -H-- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2006/12/22 15:43:18 | 000,024,576 | -H-- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2006/11/28 19:41:54 | 000,101,152 | -H-- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2006/11/24 13:57:54 | 000,107,008 | -H-- | M] () [Auto | Stopped] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)


========== Driver Services (SafeList) ==========

DRV - [2012/02/03 21:33:49 | 000,374,392 | -H-- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/02/03 21:33:49 | 000,106,104 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/12/18 07:24:04 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/12/15 17:33:22 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120211.002\IDSvix86.sys -- (IDSVix86)
DRV - [2011/12/15 01:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120213.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/12/15 01:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120213.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/11/30 20:25:03 | 000,820,344 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120207.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/04/20 19:37:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\N360\0502000.00D\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011/03/30 21:04:12 | 000,035,960 | RH-- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2011/03/30 21:00:09 | 000,516,216 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\Drivers\N360\0502000.00D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 21:00:09 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\system32\drivers\N360\0502000.00D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/14 20:31:23 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0502000.00D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/27 00:47:10 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0502000.00D\SYMDS.SYS -- (SymDS)
DRV - [2011/01/26 23:07:05 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\system32\drivers\N360\0502000.00D\Ironx86.SYS -- (SymIRON)
DRV - [2010/12/10 13:24:12 | 000,239,168 | -H-- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/07/16 14:59:54 | 000,338,880 | -H-- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2009/04/10 22:42:52 | 000,031,616 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2008/11/17 07:40:22 | 003,668,480 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008/01/19 00:14:59 | 000,016,896 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/03/22 12:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\elagopro.sys -- (elagopro)
DRV - [2007/03/22 12:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\elaunidr.sys -- (elaunidr)
DRV - [2007/02/24 16:14:00 | 002,216,448 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2006/12/07 19:12:02 | 000,076,584 | -H-- | M] () [Kernel | Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006/11/28 19:39:14 | 001,962,784 | -H-- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2006/11/28 04:41:08 | 001,085,216 | -H-- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Acer OrbiCam(UVC)
DRV - [2006/11/28 04:40:56 | 000,040,352 | -H-- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2006/11/02 07:27:36 | 000,020,112 | -H-- | M] (Dritek System Inc.) [Kernel | System | Stopped] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006/11/02 01:30:53 | 000,045,056 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/10/25 00:36:48 | 000,042,240 | -H-- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006/10/25 00:36:44 | 000,076,928 | -H-- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2006/10/25 00:36:36 | 000,062,208 | -H-- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006/08/04 18:39:10 | 000,008,192 | -H-- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/def ... earch.html


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-443608138-2410991361-87084391-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-443608138-2410991361-87084391-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-443608138-2410991361-87084391-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-443608138-2410991361-87084391-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml ... Q&si=85188
IE - HKU\S-1-5-21-443608138-2410991361-87084391-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-443608138-2410991361-87084391-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-443608138-2410991361-87084391-1000\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - No CLSID value found
IE - HKU\S-1-5-21-443608138-2410991361-87084391-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\S-1-5-21-443608138-2410991361-87084391-1000\..\URLSearchHook: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - No CLSID value found
IE - HKU\S-1-5-21-443608138-2410991361-87084391-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-443608138-2410991361-87084391-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-443608138-2410991361-87084391-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "NCH Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2117678&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "My Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://host.madison.com/"
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.20.00
FF - prefs.js..extensions.enabledItems: {c2db4fe6-8409-45ce-8010-189a7b5cce86}:2.7.2.0
FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZNxpt734W2US&ptnrS=ZNxpt734W2US&si=85188&ptb=gHSwwxJJmx5S5nShNc8YbQ&ind=2011122610&n=77df4bb2&psa=&st=kwd&searchfor="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Ken\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2105: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2163: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1212: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll File not found
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Ken\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Ken\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Ken\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ken\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ken\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2012/02/03 09:58:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_5_2
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/06/13 12:08:09 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/06/13 12:08:33 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/02 10:56:31 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/30 10:09:53 | 000,000,000 | -H-D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Ken\AppData\Roaming\Move Networks [2009/11/28 19:30:10 | 000,000,000 | -H-D | M]

[2010/05/06 13:01:06 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Ken\AppData\Roaming\Mozilla\Extensions
[2012/01/08 22:01:55 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\79d3hsjc.default\extensions
[2010/12/27 09:00:28 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\79d3hsjc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/08 22:01:55 | 000,000,000 | -H-D | M] (Crunchdeal) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\79d3hsjc.default\extensions\{C44EFFA6-13EF-4ee2-804C-98BAE7E3F21C}
[2011/06/04 15:19:37 | 000,000,000 | -H-D | M] (Conduit Engine) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\79d3hsjc.default\extensions\engine@conduit.com
[2011/12/26 09:52:01 | 000,000,000 | -H-D | M] (My Web Search) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\79d3hsjc.default\extensions\m3ffxtbr@mywebsearch.com
[2011/04/30 13:36:25 | 000,000,000 | -H-D | M] (Yontoo Layers) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\79d3hsjc.default\extensions\plugin@yontoo.com
[2011/11/18 05:56:20 | 000,000,000 | -H-D | M] (Ask Toolbar) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\79d3hsjc.default\extensions\toolbar@ask.com
[2011/01/17 14:40:58 | 000,000,909 | -H-- | M] () -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\79d3hsjc.default\searchplugins\conduit.xml
[2011/12/26 09:52:11 | 000,009,966 | -H-- | M] () -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\79d3hsjc.default\searchplugins\mywebsearch.xml
[2011/11/24 20:01:58 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/02 10:56:31 | 000,121,816 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/10/06 18:18:35 | 000,091,552 | -H-- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/03/16 05:47:05 | 000,472,808 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/10/06 18:18:37 | 000,091,552 | -H-- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/02/02 10:56:25 | 000,002,252 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/02 10:56:25 | 000,002,040 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

Hosts file not found
O2 - BHO: (Crunchdeal) - {01FEFC77-1031-43C6-BA9A-FEC28E75607C} - C:\Program Files\Crunchdeal\0.0.2.6\crunchdll.dll (Crunchdeal Ltd)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.2.0.13\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)
O2 - BHO: (Updater For Simppull Toolbar) - {C4B8BAB4-1667-11DF-A242-BA9455D89593} - C:\Program Files\simppulltoolbar\auxi\simppulltoolbAu.dll File not found
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (no name) - {E4E6BF2A-1667-11DF-A01F-1F9655D89593} - No CLSID value found.
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll File not found
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-443608138-2410991361-87084391-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKLM..\Run: [AcerOrbicamRibbon] C:\Program Files\Acer\OrbiCam10\OrbiCam.exe ()
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [eDSMSNfix] C:\Acer\Empowering Technology\eDSMSNfix.exe File not found
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 5200 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe (Acer Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe (Logitech Inc.)
O4 - HKLM..\Run: [lxbtmon.exe] C:\Program Files\Lexmark 5200 Series\lxbtmon.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [XAyrXMNieLwFUhF.exe] C:\ProgramData\XAyrXMNieLwFUhF.exe (Mioft)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-443608138-2410991361-87084391-1000..\Run: [InstallIQUpdater] C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
O4 - HKU\S-1-5-21-443608138-2410991361-87084391-1000..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe File not found
O4 - HKU\S-1-5-21-443608138-2410991361-87084391-1000..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - HKU\S-1-5-21-443608138-2410991361-87084391-1000..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-443608138-2410991361-87084391-1000..\Run: [YouSendIt.exe] C:\Program Files\YouSendIt\Express\YouSendIt.exe (YouSendIt)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-443608138-2410991361-87084391-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-443608138-2410991361-87084391-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-443608138-2410991361-87084391-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-443608138-2410991361-87084391-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKU\S-1-5-21-443608138-2410991361-87084391-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKU\S-1-5-21-443608138-2410991361-87084391-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKU\S-1-5-21-443608138-2410991361-87084391-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKU\S-1-5-21-443608138-2410991361-87084391-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\S-1-5-21-443608138-2410991361-87084391-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-443608138-2410991361-87084391-1000\..Trusted Domains: nglic.com ([citrix] https in Trusted sites)
O15 - HKU\S-1-5-21-443608138-2410991361-87084391-1000\..Trusted Domains: nglic.com ([mail] https in Trusted sites)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.196.64.53 68.113.206.10 24.178.162.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D254375-91ED-44D7-921C-1439CC7BB04D}: DhcpNameServer = 24.196.64.53 68.113.206.10 24.178.162.3
O20 - AppInit_DLLs: (eNetHook.dll) -C:\Windows\System32\eNetHook.dll (acer)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Ken\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ken\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1f2fa5ac-3fa4-11e1-8a97-001b3821e963}\Shell - "" = AutoRun
O33 - MountPoints2\{1f2fa5ac-3fa4-11e1-8a97-001b3821e963}\Shell\AutoRun\command - "" = F:\setup.exe -a
O33 - MountPoints2\{a30a448d-c705-11de-973d-001b3821e963}\Shell - "" = AutoRun
O33 - MountPoints2\{a30a448d-c705-11de-973d-001b3821e963}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/14 11:28:46 | 000,000,000 | ---D | C] -- C:\Users\Ken\Desktop\RK_Quarantine
[2012/02/14 11:28:42 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Ken\Desktop\OTL.exe
[2012/02/13 10:53:45 | 000,939,368 | -H-- | C] (Macromedia, Inc.) -- C:\Windows\System32\flash.ocx
[2012/02/12 23:07:22 | 000,656,320 | -H-- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys
[2012/02/12 23:07:22 | 000,338,880 | -H-- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys
[2012/02/12 23:07:20 | 000,251,560 | -H-- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2012/02/12 23:07:20 | 000,103,232 | -H-- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2012/02/12 23:07:14 | 000,239,168 | -H-- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2012/02/12 23:07:14 | 000,160,448 | -H-- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2012/02/12 23:07:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2012/02/12 23:07:08 | 000,070,536 | -H-- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2012/02/12 23:07:00 | 000,000,000 | -H-D | C] -- C:\Program Files\PC Tools Security
[2012/02/12 23:07:00 | 000,000,000 | -H-D | C] -- C:\Users\Ken\AppData\Roaming\PC Tools
[2012/02/12 23:07:00 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\PC Tools
[2012/02/12 23:05:19 | 000,000,000 | -H-D | C] -- C:\ProgramData\PC Tools
[2012/02/12 22:21:57 | 000,361,984 | -H-- | C] (Mioft) -- C:\ProgramData\YBssaZNY8n2isl.exe
[2012/02/12 15:59:10 | 000,156,672 | -H-- | C] (Intel Corporation ) -- C:\Windows\System32\NCUSBw32.dll
[2012/02/12 15:31:50 | 000,000,000 | -H-D | C] -- C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012/02/12 15:31:09 | 000,361,984 | -H-- | C] (Mioft) -- C:\ProgramData\w0zHb67eoZxCDQ.exe
[2012/02/12 15:06:12 | 000,454,656 | -H-- | C] (Mioft) -- C:\ProgramData\XAyrXMNieLwFUhF.exe
[2012/02/12 15:06:10 | 000,000,000 | -H-D | C] -- C:\Users\Ken\AppData\Local\SanctionedMedia
[2012/02/08 03:09:14 | 000,000,000 | -H-D | C] -- C:\Program Files\Microsoft Works
[2012/01/23 13:20:16 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/01/23 13:19:08 | 000,000,000 | -H-D | C] -- C:\Program Files\iPod
[2012/01/23 13:19:06 | 000,000,000 | -H-D | C] -- C:\Program Files\iTunes
[2010/06/03 18:46:07 | 005,918,400 | -H-- | C] (Discordia Limited.) -- C:\Program Files\jZipV1c.exe
[2008/01/18 19:36:45 | 000,323,584 | -H-- | C] ( ) -- C:\Windows\System32\lxbthcp.dll
[2008/01/18 19:36:44 | 000,995,328 | -H-- | C] ( ) -- C:\Windows\System32\lxbtusb1.dll
[2008/01/18 19:36:44 | 000,413,696 | -H-- | C] ( ) -- C:\Windows\System32\lxbtinpa.dll
[2008/01/18 19:36:44 | 000,397,312 | -H-- | C] ( ) -- C:\Windows\System32\lxbtiesc.dll
[2008/01/18 19:36:43 | 001,224,704 | -H-- | C] ( ) -- C:\Windows\System32\lxbtserv.dll
[2008/01/18 19:36:43 | 000,643,072 | -H-- | C] ( ) -- C:\Windows\System32\lxbtpmui.dll
[2008/01/18 19:36:43 | 000,585,728 | -H-- | C] ( ) -- C:\Windows\System32\lxbtlmpm.dll
[2008/01/18 19:36:43 | 000,163,840 | -H-- | C] ( ) -- C:\Windows\System32\lxbtprox.dll
[2008/01/18 19:36:43 | 000,094,208 | -H-- | C] ( ) -- C:\Windows\System32\lxbtpplc.dll
[2008/01/18 19:36:42 | 000,696,320 | -H-- | C] ( ) -- C:\Windows\System32\lxbthbn3.dll
[2008/01/18 19:36:42 | 000,385,968 | -H-- | C] ( ) -- C:\Windows\System32\lxbtih.exe
[2008/01/18 19:36:41 | 000,684,032 | -H-- | C] ( ) -- C:\Windows\System32\lxbtcomc.dll
[2008/01/18 19:36:41 | 000,537,520 | -H-- | C] ( ) -- C:\Windows\System32\lxbtcoms.exe
[2008/01/18 19:36:41 | 000,421,888 | -H-- | C] ( ) -- C:\Windows\System32\lxbtcomm.dll
[2008/01/18 19:36:41 | 000,381,872 | -H-- | C] ( ) -- C:\Windows\System32\lxbtcfg.exe
[2007/07/09 23:29:49 | 000,016,384 | -H-- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[2007/04/10 03:32:24 | 000,053,248 | -H-- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[3 C:\Users\Ken\Documents\*.tmp files -> C:\Users\Ken\Documents\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
[1 \*.tmp files -> \*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/14 11:43:27 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/02/14 11:43:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/14 11:36:43 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/14 11:36:43 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/14 11:28:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ken\Desktop\OTL.exe
[2012/02/14 11:27:39 | 001,202,688 | ---- | M] () -- C:\Users\Ken\Desktop\RogueKiller.exe
[2012/02/14 11:03:26 | 000,000,900 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-443608138-2410991361-87084391-1000UA.job
[2012/02/14 11:03:15 | 000,000,848 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-443608138-2410991361-87084391-1000Core.job
[2012/02/14 10:37:32 | 396,880,142 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/02/13 12:26:13 | 000,001,878 | -H-- | M] () -- C:\Users\Ken\Desktop\HijackThis.lnk
[2012/02/13 09:47:47 | 000,002,243 | -H-- | M] () -- C:\Windows\epplauncher.mif
[2012/02/13 09:47:05 | 000,000,036 | -H-- | M] () -- C:\Users\Ken\AppData\Local\housecall.guid.cache
[2012/02/12 23:04:55 | 000,512,992 | -H-- | M] () -- C:\Users\Ken\Desktop\sdsetup(1).exe
[2012/02/12 22:22:51 | 000,000,432 | -H-- | M] () -- C:\ProgramData\YBssaZNY8n2isl
[2012/02/12 22:21:58 | 000,361,984 | -H-- | M] (Mioft) -- C:\ProgramData\YBssaZNY8n2isl.exe
[2012/02/12 22:16:26 | 000,001,889 | -H-- | M] () -- C:\Users\Public\Desktop\Acer OrbiCam.lnk
[2012/02/12 16:03:21 | 000,103,733 | -H-- | M] () -- C:\Windows\System32\itusbcore.dat
[2012/02/12 16:03:21 | 000,000,196 | -H-- | M] () -- C:\Windows\System32\itlsvc.dat
[2012/02/12 15:59:10 | 000,156,672 | -H-- | M] (Intel Corporation ) -- C:\Windows\System32\NCUSBw32.dll
[2012/02/12 15:54:19 | 000,000,448 | -H-- | M] () -- C:\ProgramData\w0zHb67eoZxCDQ
[2012/02/12 15:51:58 | 000,000,304 | -H-- | M] () -- C:\ProgramData\~w0zHb67eoZxCDQ
[2012/02/12 15:51:57 | 000,000,208 | -H-- | M] () -- C:\ProgramData\~w0zHb67eoZxCDQr
[2012/02/12 15:40:40 | 000,000,633 | -H-- | M] () -- C:\Users\Ken\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/02/12 15:31:53 | 000,000,609 | -H-- | M] () -- C:\Users\Ken\Desktop\System Check.lnk
[2012/02/12 15:31:09 | 000,361,984 | -H-- | M] (Mioft) -- C:\ProgramData\w0zHb67eoZxCDQ.exe
[2012/02/12 15:05:55 | 000,454,656 | -H-- | M] (Mioft) -- C:\ProgramData\XAyrXMNieLwFUhF.exe
[2012/02/11 11:29:32 | 000,005,216 | -H-- | M] () -- C:\Users\Ken\AppData\Local\d3d9caps.dat
[2012/02/03 09:57:21 | 002,463,976 | ---- | M] () -- C:\Windows\System32\drivers\N360\0502000.00D\Cat.DB
[2012/01/27 23:27:32 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\N360\0502000.00D\isolate.ini
[2012/01/20 15:04:59 | 001,798,162 | -H-- | M] () -- C:\Users\Ken\Documents\NGL Separation KJ.pdf
[2012/01/19 18:08:52 | 000,654,994 | -H-- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/19 18:08:52 | 000,123,416 | -H-- | M] () -- C:\Windows\System32\perfc009.dat
[3 C:\Users\Ken\Documents\*.tmp files -> C:\Users\Ken\Documents\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/14 11:28:42 | 001,202,688 | ---- | C] () -- C:\Users\Ken\Desktop\RogueKiller.exe
[2012/02/14 10:37:32 | 396,880,142 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/02/13 12:26:13 | 000,001,878 | -H-- | C] () -- C:\Users\Ken\Desktop\HijackThis.lnk
[2012/02/13 09:47:47 | 000,002,243 | -H-- | C] () -- C:\Windows\epplauncher.mif
[2012/02/13 09:47:05 | 000,000,036 | -H-- | C] () -- C:\Users\Ken\AppData\Local\housecall.guid.cache
[2012/02/12 23:05:19 | 000,512,992 | -H-- | C] () -- C:\Users\Ken\Desktop\sdsetup(1).exe
[2012/02/12 22:22:13 | 000,000,432 | -H-- | C] () -- C:\ProgramData\YBssaZNY8n2isl
[2012/02/12 22:16:26 | 000,001,889 | -H-- | C] () -- C:\Users\Public\Desktop\Acer OrbiCam.lnk
[2012/02/12 16:03:21 | 000,103,733 | -H-- | C] () -- C:\Windows\System32\itusbcore.dat
[2012/02/12 16:03:21 | 000,000,196 | -H-- | C] () -- C:\Windows\System32\itlsvc.dat
[2012/02/12 15:40:40 | 000,000,633 | -H-- | C] () -- C:\Users\Ken\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/02/12 15:31:54 | 000,000,208 | -H-- | C] () -- C:\ProgramData\~w0zHb67eoZxCDQr
[2012/02/12 15:31:53 | 000,000,304 | -H-- | C] () -- C:\ProgramData\~w0zHb67eoZxCDQ
[2012/02/12 15:31:52 | 000,000,609 | -H-- | C] () -- C:\Users\Ken\Desktop\System Check.lnk
[2012/02/12 15:31:40 | 000,000,448 | -H-- | C] () -- C:\ProgramData\w0zHb67eoZxCDQ
[2012/02/12 15:06:15 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/01/20 15:04:57 | 001,798,162 | -H-- | C] () -- C:\Users\Ken\Documents\NGL Separation KJ.pdf
[2011/05/18 20:09:33 | 000,416,568 | -H-- | C] () -- \Install_Instructions.pdf
[2011/05/18 19:27:52 | 000,001,940 | -H-- | C] () -- C:\Users\Ken\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/05/06 13:01:01 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat
[2010/04/27 18:47:39 | 006,667,264 | -H-- | C] () -- \XenAppWeb.msi
[2010/04/27 18:42:57 | 012,436,848 | -H-- | C] () -- \CitrixOnlinePluginWeb.exe
[2009/09/15 19:31:22 | 000,001,526 | -H-- | C] () -- C:\Windows\fs1234.dat
[2009/09/11 07:36:50 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/11 07:36:50 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 15:07:42 | 000,403,816 | -H-- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | -H-- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2008/10/12 08:06:09 | 000,000,008 | -H-- | C] () -- C:\Windows\System32\winsusrx.dll
[2008/09/21 13:00:59 | 000,005,216 | -H-- | C] () -- C:\Users\Ken\AppData\Local\d3d9caps.dat
[2008/08/01 05:11:28 | 000,000,136 | -H-- | C] () -- C:\Windows\System32\winsusrm.dll
[2008/07/27 02:04:41 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/06/11 08:47:12 | 000,119,296 | -H-- | C] () -- C:\Windows\System32\zlibwapi.dll
[2008/02/11 18:55:18 | 000,147,456 | -H-- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/01/19 08:35:58 | 000,012,288 | -H-- | C] () -- C:\Users\Ken\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/18 19:36:45 | 000,274,432 | -H-- | C] () -- C:\Windows\System32\lxbtinst.dll
[2007/12/30 17:50:49 | 000,000,376 | -H-- | C] () -- C:\Windows\ODBC.INI
[2007/12/30 17:13:13 | 000,000,037 | -H-- | C] () -- C:\Windows\Acer.ini
[2007/07/09 23:29:49 | 000,016,384 | -H-- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2007/07/09 22:50:52 | 000,000,030 | -H-- | C] () -- C:\Windows\SETPANEL.INI
[2007/07/09 22:50:50 | 000,000,092 | -H-- | C] () -- C:\Windows\CLEANUP.INI
[2007/04/10 04:43:43 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007/04/10 04:18:47 | 000,333,257 | RHS- | C] () -- \bootmgr
[2007/04/10 04:18:47 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK
[2007/04/10 03:42:55 | 000,076,584 | -H-- | C] () -- C:\Windows\System32\drivers\int15.sys
[2007/04/10 03:42:55 | 000,015,656 | -H-- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2007/04/10 03:42:00 | 000,065,536 | -H-- | C] () -- C:\Windows\System32\NATTraversal.dll
[2007/04/10 03:32:24 | 000,331,776 | -H-- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007/04/10 03:12:36 | 000,356,352 | -H-- | C] () -- C:\Windows\EMCRI.dll
[2007/04/10 03:04:38 | 000,001,132 | -H-- | C] () -- C:\Windows\RtDefLvl.ini
[2007/04/10 02:29:34 | 000,204,800 | -H-- | C] () -- C:\Windows\System32\igfxCoIn_v1114.dll
[2007/04/10 02:29:31 | 001,060,424 | -H-- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/04/10 02:28:47 | 000,042,594 | -H-- | C] () -- C:\Windows\System32\lvcoinst.ini
[2007/02/22 18:32:00 | 000,344,064 | -H-- | C] () -- C:\Windows\System32\lxbtcoin.dll
[2007/02/07 00:58:10 | 000,204,800 | -H-- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007/02/07 00:57:58 | 000,266,240 | -H-- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007/02/07 00:57:20 | 000,086,016 | -H-- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007/02/07 00:56:30 | 000,028,672 | -H-- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007/02/07 00:56:28 | 000,073,728 | -H-- | C] () -- C:\Windows\System32\APISlice.dll
[2007/02/07 00:52:08 | 000,063,488 | -H-- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006/12/25 16:44:48 | 000,022,016 | -H-- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006/11/13 06:50:06 | 000,071,680 | -H-- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 000,445,816 | -H-- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,654,994 | -H-- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | -H-- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,123,416 | -H-- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | -H-- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:23:21 | 000,215,943 | -H-- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:23:09 | 000,000,024 | -H-- | C] () -- \autoexec.bat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | -H-- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | -H-- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | -H-- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 00:25:08 | 000,000,010 | -H-- | C] () -- \config.sys
[2006/03/05 07:50:48 | 3707,437,055 | -HS- | C] () -- \gobackio.bin
[2006/03/05 07:32:48 | 045,469,528 | -H-- | C] () -- \NIS06910.exe
[2006/02/18 21:23:01 | 000,001,024 | -H-- | C] () -- \IPH.PH
[2005/08/18 06:26:46 | 000,040,960 | -H-- | C] () -- C:\Windows\System32\lxbtvs.dll
[2005/05/25 09:07:26 | 000,061,440 | -H-- | C] () -- C:\Windows\System32\lxbtcnv4.dll
[2002/09/26 13:35:16 | 000,001,024 | -H-- | C] () -- C:\Windows\System32\atsdrve.dll
[2001/12/26 16:12:30 | 000,065,536 | -H-- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/03 23:46:38 | 000,110,592 | -H-- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 16:33:56 | 000,118,784 | -H-- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 000,118,784 | -H-- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[1999/01/22 12:46:56 | 000,065,536 | -H-- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
[1998/01/12 02:00:00 | 000,040,448 | -H-- | C] () -- C:\Windows\System32\REGOBJ.DLL

========== LOP Check ==========

[2007/12/30 17:13:55 | 000,000,000 | -H-D | M] -- C:\Users\Ken\AppData\Roaming\Acer
[2011/10/31 16:50:20 | 000,000,000 | -H-D | M] -- C:\Users\Ken\AppData\Roaming\Avery
[2009/02/03 19:29:28 | 000,000,000 | -H-D | M] -- C:\Users\Ken\AppData\Roaming\ICAClient
[2007/12/30 17:13:55 | 000,000,000 | -H-D | M] -- C:\Users\Ken\AppData\Roaming\Leadertech
[2011/05/20 16:39:03 | 000,000,000 | -H-D | M] -- C:\Users\Ken\AppData\Roaming\NCH Swift Sound
[2010/11/28 13:04:14 | 000,000,000 | -H-D | M] -- C:\Users\Ken\AppData\Roaming\Tific
[2011/05/11 18:56:47 | 000,000,000 | -H-D | M] -- C:\Users\Ken\AppData\Roaming\W3i, LLC
[2012/01/08 22:03:51 | 000,000,000 | -H-D | M] -- C:\Users\Ken\AppData\Roaming\WeatherBug
[2011/06/04 07:44:19 | 000,000,000 | -H-D | M] -- C:\Users\Ken\AppData\Roaming\YouSendIt
[2010/04/01 21:47:09 | 000,000,526 | -H-- | M] () -- C:\Windows\Tasks\Install_NSS.job
[2012/02/13 09:56:57 | 000,032,566 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

OTL Extras logfile created on: 2/14/2012 11:55:06 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ken\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 57.93% Memory free
4.21 Gb Paging File | 3.55 Gb Available in Paging File | 84.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.78 Gb Total Space | 9.45 Gb Free Space | 13.54% Space Free | Partition Type: NTFS
Drive D: | 69.51 Gb Total Space | 50.04 Gb Free Space | 71.99% Space Free | Partition Type: NTFS

Computer Name: GREG-BRADY | User Name: Ken | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-443608138-2410991361-87084391-1000\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F8203888-F878-4F1F-B2C0-6701BFE99FE5}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0156A47A-8792-43AB-9490-F17EEE6C5BE9}" = protocol=6 | dir=in | app=c:\windows\system32\lxbtcoms.exe |
"{037090E2-6F2A-4940-AD57-D71C3B1BED8A}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbtpswx.exe |
"{0CF6CDFC-42AC-46EF-86A6-ADD561035C3A}" = protocol=17 | dir=in | app=c:\program files\hp\hp photosmart plus b210 series\bin\devicesetup.exe |
"{11C85A7A-D8EB-4911-8B29-402A1EB320B9}" = protocol=17 | dir=in | app=c:\windows\system32\lxbtcoms.exe |
"{21D0D534-947D-45F0-BCDD-C30CD5446A50}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{2564132A-89FC-4665-A9A2-1559BF33012E}" = dir=in | app=c:\program files\acer arcade deluxe\videomagician\magicdirector.exe |
"{4A422A66-60F8-4A85-9A91-D4B6176A3194}" = protocol=6 | dir=in | app=c:\program files\hp\hp photosmart plus b210 series\bin\devicesetup.exe |
"{4BF2179A-A4BB-4E31-8804-F141E1CD74E7}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{5E3F7CBD-3AB4-45AE-B970-76B766E32D08}" = protocol=17 | dir=in | app=c:\users\ken\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{61D6F5A3-DAD3-4E8C-9CE5-63523CC49926}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{639B66E7-F57D-48A7-A8AA-09A2E8BB39CB}" = protocol=6 | dir=in | app=c:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe |
"{6A8B8CE7-F5B2-45F2-90BC-03E065EE4A14}" = protocol=6 | dir=in | app=c:\users\ken\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{747C3ED2-E750-4E85-A57E-490BB56684BA}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{78366228-6280-4C03-AFEC-A1258A7417E4}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{903F8848-53EB-464A-8A81-B3D81AD5C75E}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{919BBC3B-5038-443F-AC50-1340D574A185}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{B112F1E7-4324-4CA2-ADEC-67A268695524}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B9178524-23D8-4218-94C6-0F5E16AC63CD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D7234E07-012D-42D4-AF05-A6748696508A}" = dir=in | app=c:\program files\acer arcade deluxe\dv wizard\powerdv.exe |
"{F17A4E2B-6CD5-407A-AE4F-490404224B91}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbtpswx.exe |
"{F92F3B7D-937B-4CE2-AE67-C63A3EC4BEBC}" = dir=in | app=c:\program files\acer arcade deluxe\dvdivine\dvdivine.exe |
"{FBB2C868-BE99-4B76-B0EF-E678BC7FFE09}" = protocol=17 | dir=in | app=c:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03148D0A-6C27-4204-AE01-CFA089D19618}" = HP Photosmart Plus B210 series Product Improvement Study
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F79C1B2-36B2-4B62-8221-42721CF54638}" = Acer OrbiCam Application
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1AEC7728-1640-4E98-AABC-5EBE3FB57FE4}" = SMSC Fast Infrared Driver
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2BA09774-34F7-4A06-8C7E-B69E44CB9EB0}" = DriverBoost
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{353D20CC-719B-4A60-AD33-D03F88C10330}" = Microsoft Office Accounting PayPal Addin
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel(R) PROSet/Wireless WiFi Software
"{3AF1FB80-21BD-4715-8EE2-AB77925519D9}" = PCsync
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{46614A49-222A-48EF-87A9-BFD603E608E1}" = Microsoft Office Accounting Fixed Asset Manager
"{48B82226-75E3-4E90-92CC-D30F79EA6380}" = Norton Security Scan
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5A8D3524-79DB-11D5-99D1-00010256D40E}" = SD Viewer for DSC
"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{623B8278-8CAD-45C1-B844-58B687C07805}" = Bing Bar Platform
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}" = Zone Deluxe Games
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{6E5A0256-C1BB-4A4E-99CE-B87CC4383744}" = HP Photosmart Plus B210 series Basic Device Software
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{764C0C8F-B1B1-49BF-AEDC-4E48E857A667}" = Lexmark Fax Solutions
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F5FDEA1-D0AC-4D80-9D95-59775FCCFA40}" = HP Photosmart Plus B210 series Help
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{868291A4-229E-4795-B0B0-E60E87AF53CD}" = Sibelius Scorch (ActiveX Only)
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Client 1.10.01
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C711818-076E-475C-B95B-DF11CD9D8DBE}" = Microsoft Office Accounting Equifax Addin
"{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"{8E1CB0F1-67BF-4052-AA23-FA22E94804C1}" = InstallIQ Updater
"{8F018A9E-56DE-4A79-A5EF-25F413F1D538}" = WeatherBug
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1960A82-DB70-474D-A86B-FA74466103C6}" = Drivers Install For Linksys Easylink Advisor
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.6
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B0717D5A-1976-482B-9ADF-F19631A541A4}" = Microsoft Office Accounting 2007
"{B139DD51-C3F1-4583-98B4-D35F64EA847F}" = Windows Easy Transfer Companion (Beta)
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C8E4455F-0F70-4DA2-A9F9-2D56C80E10AD}" = Sibelius Scorch (ActiveX Only)
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CCF13D13-A87B-34E8-B689-1896D0C2DBA2}" = Google Talk Plugin
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint Plus
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDBC8703-AA18-491F-97BE-98D4543A901B}" = PCsync
"{DF3A077E-290A-4089-A446-5720F34D6946}" = Dolet Light for PrintMusic 2006
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F97272B4-82C4-46B2-BCF1-C4D6E8CAB3E6}" = Avery Wizard 4.0
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FDB5E0F3-86EA-4379-8A2F-1BC2436543E9}" = iCloud
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"AcerOrbiCamDrv" = Acer Camera Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Crunchdeal" = Crunchdeal
"Digital Editions" = Adobe Digital Editions
"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.6 (0032)
"Finale PrintMusic 2010" = Finale PrintMusic 2010
"GridVista" = Acer GridVista
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HP Photo Creations" = HP Photo Creations
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{764C0C8F-B1B1-49BF-AEDC-4E48E857A667}" = Lexmark Fax Solutions
"InstallShield_{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"jZip" = jZip
"Lexmark 5200 Series" = Lexmark 5200 Series
"LManager" = Launch Manager
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Office Accounting 2007" = Microsoft Office Accounting 2007
"Microsoft Office Accounting Equifax Addin" = Microsoft Office Accounting Equifax Addin
"Microsoft Office Accounting PayPal Addin" = Microsoft Office Accounting PayPal Addin
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.0
"Musicnotes Player" = Musicnotes Player
"N360" = Norton 360
"ProInst" = Intel PROSet Wireless
"RealPlayer 6.0" = RealPlayer
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"Spyware Doctor" = Spyware Doctor 8.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TTB000001.TTB000001Toolbar" = CouponBar
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-443608138-2410991361-87084391-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Smad" = SanctionedMedia

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/14/2012 12:47:01 PM | Computer Name = Greg-Brady | Source = EventSystem | ID = 4609
Description =

Error - 2/14/2012 1:01:20 PM | Computer Name = Greg-Brady | Source = LoadPerf | ID = 3013
Description =

Error - 2/14/2012 1:01:21 PM | Computer Name = Greg-Brady | Source = LoadPerf | ID = 3011
Description =

Error - 2/14/2012 1:01:28 PM | Computer Name = Greg-Brady | Source = LoadPerf | ID = 3013
Description =

Error - 2/14/2012 1:01:28 PM | Computer Name = Greg-Brady | Source = LoadPerf | ID = 3009
Description =

Error - 2/14/2012 1:10:42 PM | Computer Name = Greg-Brady | Source = EventSystem | ID = 4609
Description =

Error - 2/14/2012 1:25:12 PM | Computer Name = Greg-Brady | Source = EventSystem | ID = 4609
Description =

Error - 2/14/2012 1:29:23 PM | Computer Name = Greg-Brady | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp
0x49e01da5, faulting module d3d10_1.dll_unloaded, version 0.0.0.0, time stamp 0x4d385de6,
exception code 0xc0000005, fault offset 0x715563ad, process id 0x65c, application
start time 0x01cceb3d954666de.

Error - 2/14/2012 1:29:40 PM | Computer Name = Greg-Brady | Source = EventSystem | ID = 4609
Description =

Error - 2/14/2012 1:44:01 PM | Computer Name = Greg-Brady | Source = EventSystem | ID = 4609
Description =

[ Media Center Events ]
Error - 5/25/2008 9:20:14 AM | Computer Name = Greg-Brady | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 7/31/2008 7:35:51 PM | Computer Name = Greg-Brady | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 8/21/2008 7:13:09 PM | Computer Name = Greg-Brady | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 8/28/2008 7:01:22 PM | Computer Name = Greg-Brady | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 8/30/2008 11:16:43 AM | Computer Name = Greg-Brady | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 2/25/2009 6:51:21 AM | Computer Name = Greg-Brady | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/19/2009 6:51:09 PM | Computer Name = Greg-Brady | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/7/2009 5:55:51 PM | Computer Name = Greg-Brady | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/3/2010 7:47:52 PM | Computer Name = Greg-Brady | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 7/12/2011 6:00:37 AM | Computer Name = Greg-Brady | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

[ OSession Events ]
Error - 6/17/2009 11:58:40 PM | Computer Name = Greg-Brady | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 21
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/16/2009 12:48:34 AM | Computer Name = Greg-Brady | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 316937
seconds with 5340 seconds of active time. This session ended with a crash.

Error - 4/13/2010 8:06:29 PM | Computer Name = Greg-Brady | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 162
seconds with 120 seconds of active time. This session ended with a crash.

Error - 7/22/2010 2:45:09 PM | Computer Name = Greg-Brady | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 19752
seconds with 540 seconds of active time. This session ended with a crash.

Error - 8/3/2010 8:35:15 PM | Computer Name = Greg-Brady | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 2723
seconds with 360 seconds of active time. This session ended with a crash.

Error - 8/22/2010 12:02:14 PM | Computer Name = Greg-Brady | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/7/2010 7:33:51 PM | Computer Name = Greg-Brady | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 106
seconds with 60 seconds of active time. This session ended with a crash.

Error - 12/17/2010 7:27:00 PM | Computer Name = Greg-Brady | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6548.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 157845
seconds with 1020 seconds of active time. This session ended with a crash.

Error - 1/30/2011 3:24:21 PM | Computer Name = Greg-Brady | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 413255
seconds with 5340 seconds of active time. This session ended with a crash.

Error - 6/20/2011 9:51:20 PM | Computer Name = Greg-Brady | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 123687
seconds with 9600 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2/14/2012 1:43:51 PM | Computer Name = Greg-Brady | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =

Error - 2/14/2012 1:43:54 PM | Computer Name = Greg-Brady | Source = DCOM | ID = 10005
Description =

Error - 2/14/2012 1:44:01 PM | Computer Name = Greg-Brady | Source = DCOM | ID = 10005
Description =

Error - 2/14/2012 1:44:02 PM | Computer Name = Greg-Brady | Source = DCOM | ID = 10005
Description =

Error - 2/14/2012 1:44:20 PM | Computer Name = Greg-Brady | Source = Service Control Manager | ID = 7001
Description =

Error - 2/14/2012 1:44:20 PM | Computer Name = Greg-Brady | Source = Service Control Manager | ID = 7003
Description =

Error - 2/14/2012 1:44:20 PM | Computer Name = Greg-Brady | Source = Service Control Manager | ID = 7003
Description =

Error - 2/14/2012 1:44:20 PM | Computer Name = Greg-Brady | Source = Service Control Manager | ID = 7003
Description =

Error - 2/14/2012 1:44:20 PM | Computer Name = Greg-Brady | Source = Service Control Manager | ID = 7026
Description =

Error - 2/14/2012 1:45:35 PM | Computer Name = Greg-Brady | Source = Service Control Manager | ID = 7001
Description =


< End of report >
phmcad
Active Member
 
Posts: 5
Joined: February 13th, 2012, 2:45 pm

Re: System Check Malware manual removal

Unread postby phmcad » February 14th, 2012, 2:42 pm

After the OTC scan I am now able to access the internet in normal mode. Firefox is above the cloak although it is sluggish, possibly due to the constant popups that the malware is pushing out. malware still attempted to load at startup, although I stopped the scan.
phmcad
Active Member
 
Posts: 5
Joined: February 13th, 2012, 2:45 pm

Re: System Check Malware manual removal

Unread postby mambass » February 15th, 2012, 2:39 pm

Hi Ken, :)

Could you please let me know if this computer is used for any business purposes?

mambass
User avatar
mambass
Retired Graduate
 
Posts: 826
Joined: April 23rd, 2010, 9:26 am

Re: System Check Malware manual removal

Unread postby phmcad » February 15th, 2012, 3:09 pm

yes although it is my personal computer and most of my work is an independent contractor, if there is something specific that you are seeing. For example a previous job had me access though both citrix and a vpn. That job ended a few weeks ago and I will not need those again.

Does this cover what you were looking for?
phmcad
Active Member
 
Posts: 5
Joined: February 13th, 2012, 2:45 pm

Re: System Check Malware manual removal

Unread postby mambass » February 15th, 2012, 4:10 pm

Hi Ken,

Entries in your log indicate that you are requesting help for a "Business" computer.

May I draw your attention to THIS topic which identifies the rules for receiving help from our site.

The following sections explain why we do not offer help for such computers:

This topic is now closed


mambass
User avatar
mambass
Retired Graduate
 
Posts: 826
Joined: April 23rd, 2010, 9:26 am

Re: System Check Malware manual removal

Unread postby Elrond » February 15th, 2012, 4:14 pm

The entries in your HJT log strongly suggest that your computer is used for business purposes.

May I draw your attention to THIS topic, which you should have read before posting for help.

The section Posting for help for business machines explains why we do not offer help for such computers.

This topic is now closed
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: M2Judy and 45 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware