for clarity I attempted both downloading these to programs to disk and thumb drive and the reading of both was blocked both in normal and safe mode, which is how I ended up at safe mode with networking. After rogue killer was run, firefox was still being hidden, internet access is limited to within safe mode still.
OTL logfile created on: 2/14/2012 11:55:06 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ken\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.99 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 57.93% Memory free
4.21 Gb Paging File | 3.55 Gb Available in Paging File | 84.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.78 Gb Total Space | 9.45 Gb Free Space | 13.54% Space Free | Partition Type: NTFS
Drive D: | 69.51 Gb Total Space | 50.04 Gb Free Space | 71.99% Space Free | Partition Type: NTFS
Computer Name: GREG-BRADY | User Name: Ken | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2012/02/14 11:28:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ken\Desktop\OTL.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/19 01:33:11 | 000,498,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\HelpPane.exe
========== Modules (No Company Name) ========== MOD - [2009/04/11 00:28:22 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (Symantec RemoteAssist)
SRV - File not found [Auto | Stopped] -- -- (FastUserSwitchingCompatibility)
SRV - [2012/02/12 15:59:10 | 000,156,672 | -H-- | M] (Intel Corporation ) [Auto | Stopped] -- C:\Windows\System32\NCUSBw32.dll -- (NecUsb3)
SRV - [2011/04/16 18:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Stopped] -- C:\Program Files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe -- (N360)
SRV - [2010/11/19 06:57:14 | 001,150,936 | -H-- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/15 14:02:36 | 000,366,840 | -H-- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/10/16 17:26:20 | 000,860,160 | -H-- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/10/16 16:54:34 | 000,466,944 | -H-- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/01/19 01:33:32 | 000,005,632 | -H-- | M] (Oak Technology Inc.) [Auto | Stopped] -- C:\Windows\System32\serial.dll -- (netwg311)
SRV - [2007/05/03 03:48:52 | 000,537,520 | -H-- | M] ( ) [Auto | Stopped] -- C:\Windows\System32\lxbtcoms.exe -- (lxbt_device)
SRV - [2007/04/24 20:17:34 | 000,024,576 | -H-- | M] () [Auto | Stopped] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/02/07 01:04:26 | 000,457,512 | -H-- | M] (HiTRSUT) [Auto | Stopped] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007/01/31 19:18:42 | 000,053,248 | -H-- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007/01/26 15:24:42 | 000,050,688 | -H-- | M] () [Auto | Stopped] -- C:\Acer\ALaunch\ALaunchSvc.exe -- (ALaunchService)
SRV - [2007/01/02 10:33:24 | 000,135,168 | -H-- | M] (acer) [Auto | Stopped] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2006/12/28 21:07:22 | 000,126,976 | -H-- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2006/12/22 15:43:18 | 000,024,576 | -H-- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2006/11/28 19:41:54 | 000,101,152 | -H-- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2006/11/24 13:57:54 | 000,107,008 | -H-- | M] () [Auto | Stopped] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
========== Driver Services (SafeList) ========== DRV - [2012/02/03 21:33:49 | 000,374,392 | -H-- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/02/03 21:33:49 | 000,106,104 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/12/18 07:24:04 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/12/15 17:33:22 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120211.002\IDSvix86.sys -- (IDSVix86)
DRV - [2011/12/15 01:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120213.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/12/15 01:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120213.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/11/30 20:25:03 | 000,820,344 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120207.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/04/20 19:37:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\N360\0502000.00D\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011/03/30 21:04:12 | 000,035,960 | RH-- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2011/03/30 21:00:09 | 000,516,216 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\Drivers\N360\0502000.00D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 21:00:09 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\system32\drivers\N360\0502000.00D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/14 20:31:23 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0502000.00D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/27 00:47:10 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0502000.00D\SYMDS.SYS -- (SymDS)
DRV - [2011/01/26 23:07:05 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\system32\drivers\N360\0502000.00D\Ironx86.SYS -- (SymIRON)
DRV - [2010/12/10 13:24:12 | 000,239,168 | -H-- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/07/16 14:59:54 | 000,338,880 | -H-- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2009/04/10 22:42:52 | 000,031,616 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2008/11/17 07:40:22 | 003,668,480 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008/01/19 00:14:59 | 000,016,896 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/03/22 12:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\elagopro.sys -- (elagopro)
DRV - [2007/03/22 12:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\elaunidr.sys -- (elaunidr)
DRV - [2007/02/24 16:14:00 | 002,216,448 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2006/12/07 19:12:02 | 000,076,584 | -H-- | M] () [Kernel | Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006/11/28 19:39:14 | 001,962,784 | -H-- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2006/11/28 04:41:08 | 001,085,216 | -H-- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Acer OrbiCam(UVC)
DRV - [2006/11/28 04:40:56 | 000,040,352 | -H-- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2006/11/02 07:27:36 | 000,020,112 | -H-- | M] (Dritek System Inc.) [Kernel | System | Stopped] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006/11/02 01:30:53 | 000,045,056 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/10/25 00:36:48 | 000,042,240 | -H-- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006/10/25 00:36:44 | 000,076,928 | -H-- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2006/10/25 00:36:36 | 000,062,208 | -H-- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006/08/04 18:39:10 | 000,008,192 | -H-- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/def ... earch.htmlIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =
http://us.rd.yahoo.com/customize/ie/def ... earch.html IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-443608138-2410991361-87084391-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-443608138-2410991361-87084391-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-443608138-2410991361-87084391-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL =
http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-443608138-2410991361-87084391-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://home.mywebsearch.com/index.jhtml ... Q&si=85188IE - HKU\S-1-5-21-443608138-2410991361-87084391-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-443608138-2410991361-87084391-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-443608138-2410991361-87084391-1000\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - No CLSID value found
IE - HKU\S-1-5-21-443608138-2410991361-87084391-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\S-1-5-21-443608138-2410991361-87084391-1000\..\URLSearchHook: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - No CLSID value found
IE - HKU\S-1-5-21-443608138-2410991361-87084391-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-443608138-2410991361-87084391-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-443608138-2410991361-87084391-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "NCH Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2117678&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "My Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://host.madison.com/"
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems:
moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems:
plugin@yontoo.com:1.20.00
FF - prefs.js..extensions.enabledItems: {c2db4fe6-8409-45ce-8010-189a7b5cce86}:2.7.2.0
FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZNxpt734W2US&ptnrS=ZNxpt734W2US&si=85188&ptb=gHSwwxJJmx5S5nShNc8YbQ&ind=2011122610&n=77df4bb2&psa=&st=kwd&searchfor="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Ken\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2105: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2163: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1212: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll File not found
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Ken\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Ken\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Ken\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ken\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ken\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2012/02/03 09:58:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_5_2
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/06/13 12:08:09 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/06/13 12:08:33 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/02 10:56:31 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/30 10:09:53 | 000,000,000 | -H-D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Ken\AppData\Roaming\Move Networks [2009/11/28 19:30:10 | 000,000,000 | -H-D | M]
[2010/05/06 13:01:06 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Ken\AppData\Roaming\Mozilla\Extensions
[2012/01/08 22:01:55 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\79d3hsjc.default\extensions
[2010/12/27 09:00:28 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\79d3hsjc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/08 22:01:55 | 000,000,000 | -H-D | M] (Crunchdeal) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\79d3hsjc.default\extensions\{C44EFFA6-13EF-4ee2-804C-98BAE7E3F21C}
[2011/06/04 15:19:37 | 000,000,000 | -H-D | M] (Conduit Engine) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\79d3hsjc.default\extensions\engine@conduit.com
[2011/12/26 09:52:01 | 000,000,000 | -H-D | M] (My Web Search) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\79d3hsjc.default\extensions\m3ffxtbr@mywebsearch.com
[2011/04/30 13:36:25 | 000,000,000 | -H-D | M] (Yontoo Layers) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\79d3hsjc.default\extensions\plugin@yontoo.com
[2011/11/18 05:56:20 | 000,000,000 | -H-D | M] (Ask Toolbar) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\79d3hsjc.default\extensions\toolbar@ask.com
[2011/01/17 14:40:58 | 000,000,909 | -H-- | M] () -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\79d3hsjc.default\searchplugins\conduit.xml
[2011/12/26 09:52:11 | 000,009,966 | -H-- | M] () -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\79d3hsjc.default\searchplugins\mywebsearch.xml
[2011/11/24 20:01:58 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/02 10:56:31 | 000,121,816 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/10/06 18:18:35 | 000,091,552 | -H-- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/03/16 05:47:05 | 000,472,808 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/10/06 18:18:37 | 000,091,552 | -H-- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/02/02 10:56:25 | 000,002,252 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/02 10:56:25 | 000,002,040 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
Hosts file not found
O2 - BHO: (Crunchdeal) - {01FEFC77-1031-43C6-BA9A-FEC28E75607C} - C:\Program Files\Crunchdeal\0.0.2.6\crunchdll.dll (Crunchdeal Ltd)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.2.0.13\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)
O2 - BHO: (Updater For Simppull Toolbar) - {C4B8BAB4-1667-11DF-A242-BA9455D89593} - C:\Program Files\simppulltoolbar\auxi\simppulltoolbAu.dll File not found
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (no name) - {E4E6BF2A-1667-11DF-A01F-1F9655D89593} - No CLSID value found.
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll File not found
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-443608138-2410991361-87084391-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKLM..\Run: [AcerOrbicamRibbon] C:\Program Files\Acer\OrbiCam10\OrbiCam.exe ()
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [eDSMSNfix] C:\Acer\Empowering Technology\eDSMSNfix.exe File not found
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 5200 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe (Acer Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe (Logitech Inc.)
O4 - HKLM..\Run: [lxbtmon.exe] C:\Program Files\Lexmark 5200 Series\lxbtmon.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [XAyrXMNieLwFUhF.exe] C:\ProgramData\XAyrXMNieLwFUhF.exe (Mioft)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-443608138-2410991361-87084391-1000..\Run: [InstallIQUpdater] C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
O4 - HKU\S-1-5-21-443608138-2410991361-87084391-1000..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe File not found
O4 - HKU\S-1-5-21-443608138-2410991361-87084391-1000..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - HKU\S-1-5-21-443608138-2410991361-87084391-1000..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-443608138-2410991361-87084391-1000..\Run: [YouSendIt.exe] C:\Program Files\YouSendIt\Express\YouSendIt.exe (YouSendIt)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-443608138-2410991361-87084391-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-443608138-2410991361-87084391-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-443608138-2410991361-87084391-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-443608138-2410991361-87084391-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKU\S-1-5-21-443608138-2410991361-87084391-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKU\S-1-5-21-443608138-2410991361-87084391-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKU\S-1-5-21-443608138-2410991361-87084391-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKU\S-1-5-21-443608138-2410991361-87084391-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\S-1-5-21-443608138-2410991361-87084391-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-443608138-2410991361-87084391-1000\..Trusted Domains: nglic.com ([citrix] https in Trusted sites)
O15 - HKU\S-1-5-21-443608138-2410991361-87084391-1000\..Trusted Domains: nglic.com ([mail] https in Trusted sites)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.196.64.53 68.113.206.10 24.178.162.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D254375-91ED-44D7-921C-1439CC7BB04D}: DhcpNameServer = 24.196.64.53 68.113.206.10 24.178.162.3
O20 - AppInit_DLLs: (eNetHook.dll) -C:\Windows\System32\eNetHook.dll (acer)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Ken\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ken\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1f2fa5ac-3fa4-11e1-8a97-001b3821e963}\Shell - "" = AutoRun
O33 - MountPoints2\{1f2fa5ac-3fa4-11e1-8a97-001b3821e963}\Shell\AutoRun\command - "" = F:\setup.exe -a
O33 - MountPoints2\{a30a448d-c705-11de-973d-001b3821e963}\Shell - "" = AutoRun
O33 - MountPoints2\{a30a448d-c705-11de-973d-001b3821e963}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2012/02/14 11:28:46 | 000,000,000 | ---D | C] -- C:\Users\Ken\Desktop\RK_Quarantine
[2012/02/14 11:28:42 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Ken\Desktop\OTL.exe
[2012/02/13 10:53:45 | 000,939,368 | -H-- | C] (Macromedia, Inc.) -- C:\Windows\System32\flash.ocx
[2012/02/12 23:07:22 | 000,656,320 | -H-- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys
[2012/02/12 23:07:22 | 000,338,880 | -H-- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys
[2012/02/12 23:07:20 | 000,251,560 | -H-- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2012/02/12 23:07:20 | 000,103,232 | -H-- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2012/02/12 23:07:14 | 000,239,168 | -H-- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2012/02/12 23:07:14 | 000,160,448 | -H-- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2012/02/12 23:07:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2012/02/12 23:07:08 | 000,070,536 | -H-- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2012/02/12 23:07:00 | 000,000,000 | -H-D | C] -- C:\Program Files\PC Tools Security
[2012/02/12 23:07:00 | 000,000,000 | -H-D | C] -- C:\Users\Ken\AppData\Roaming\PC Tools
[2012/02/12 23:07:00 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\PC Tools
[2012/02/12 23:05:19 | 000,000,000 | -H-D | C] -- C:\ProgramData\PC Tools
[2012/02/12 22:21:57 | 000,361,984 | -H-- | C] (Mioft) -- C:\ProgramData\YBssaZNY8n2isl.exe
[2012/02/12 15:59:10 | 000,156,672 | -H-- | C] (Intel Corporation ) -- C:\Windows\System32\NCUSBw32.dll
[2012/02/12 15:31:50 | 000,000,000 | -H-D | C] -- C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012/02/12 15:31:09 | 000,361,984 | -H-- | C] (Mioft) -- C:\ProgramData\w0zHb67eoZxCDQ.exe
[2012/02/12 15:06:12 | 000,454,656 | -H-- | C] (Mioft) -- C:\ProgramData\XAyrXMNieLwFUhF.exe
[2012/02/12 15:06:10 | 000,000,000 | -H-D | C] -- C:\Users\Ken\AppData\Local\SanctionedMedia
[2012/02/08 03:09:14 | 000,000,000 | -H-D | C] -- C:\Program Files\Microsoft Works
[2012/01/23 13:20:16 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/01/23 13:19:08 | 000,000,000 | -H-D | C] -- C:\Program Files\iPod
[2012/01/23 13:19:06 | 000,000,000 | -H-D | C] -- C:\Program Files\iTunes
[2010/06/03 18:46:07 | 005,918,400 | -H-- | C] (Discordia Limited.) -- C:\Program Files\jZipV1c.exe
[2008/01/18 19:36:45 | 000,323,584 | -H-- | C] ( ) -- C:\Windows\System32\lxbthcp.dll
[2008/01/18 19:36:44 | 000,995,328 | -H-- | C] ( ) -- C:\Windows\System32\lxbtusb1.dll
[2008/01/18 19:36:44 | 000,413,696 | -H-- | C] ( ) -- C:\Windows\System32\lxbtinpa.dll
[2008/01/18 19:36:44 | 000,397,312 | -H-- | C] ( ) -- C:\Windows\System32\lxbtiesc.dll
[2008/01/18 19:36:43 | 001,224,704 | -H-- | C] ( ) -- C:\Windows\System32\lxbtserv.dll
[2008/01/18 19:36:43 | 000,643,072 | -H-- | C] ( ) -- C:\Windows\System32\lxbtpmui.dll
[2008/01/18 19:36:43 | 000,585,728 | -H-- | C] ( ) -- C:\Windows\System32\lxbtlmpm.dll
[2008/01/18 19:36:43 | 000,163,840 | -H-- | C] ( ) -- C:\Windows\System32\lxbtprox.dll
[2008/01/18 19:36:43 | 000,094,208 | -H-- | C] ( ) -- C:\Windows\System32\lxbtpplc.dll
[2008/01/18 19:36:42 | 000,696,320 | -H-- | C] ( ) -- C:\Windows\System32\lxbthbn3.dll
[2008/01/18 19:36:42 | 000,385,968 | -H-- | C] ( ) -- C:\Windows\System32\lxbtih.exe
[2008/01/18 19:36:41 | 000,684,032 | -H-- | C] ( ) -- C:\Windows\System32\lxbtcomc.dll
[2008/01/18 19:36:41 | 000,537,520 | -H-- | C] ( ) -- C:\Windows\System32\lxbtcoms.exe
[2008/01/18 19:36:41 | 000,421,888 | -H-- | C] ( ) -- C:\Windows\System32\lxbtcomm.dll
[2008/01/18 19:36:41 | 000,381,872 | -H-- | C] ( ) -- C:\Windows\System32\lxbtcfg.exe
[2007/07/09 23:29:49 | 000,016,384 | -H-- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[2007/04/10 03:32:24 | 000,053,248 | -H-- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[3 C:\Users\Ken\Documents\*.tmp files -> C:\Users\Ken\Documents\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
[1 \*.tmp files -> \*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2012/02/14 11:43:27 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/02/14 11:43:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/14 11:36:43 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/14 11:36:43 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/14 11:28:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ken\Desktop\OTL.exe
[2012/02/14 11:27:39 | 001,202,688 | ---- | M] () -- C:\Users\Ken\Desktop\RogueKiller.exe
[2012/02/14 11:03:26 | 000,000,900 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-443608138-2410991361-87084391-1000UA.job
[2012/02/14 11:03:15 | 000,000,848 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-443608138-2410991361-87084391-1000Core.job
[2012/02/14 10:37:32 | 396,880,142 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/02/13 12:26:13 | 000,001,878 | -H-- | M] () -- C:\Users\Ken\Desktop\HijackThis.lnk
[2012/02/13 09:47:47 | 000,002,243 | -H-- | M] () -- C:\Windows\epplauncher.mif
[2012/02/13 09:47:05 | 000,000,036 | -H-- | M] () -- C:\Users\Ken\AppData\Local\housecall.guid.cache
[2012/02/12 23:04:55 | 000,512,992 | -H-- | M] () -- C:\Users\Ken\Desktop\sdsetup(1).exe
[2012/02/12 22:22:51 | 000,000,432 | -H-- | M] () -- C:\ProgramData\YBssaZNY8n2isl
[2012/02/12 22:21:58 | 000,361,984 | -H-- | M] (Mioft) -- C:\ProgramData\YBssaZNY8n2isl.exe
[2012/02/12 22:16:26 | 000,001,889 | -H-- | M] () -- C:\Users\Public\Desktop\Acer OrbiCam.lnk
[2012/02/12 16:03:21 | 000,103,733 | -H-- | M] () -- C:\Windows\System32\itusbcore.dat
[2012/02/12 16:03:21 | 000,000,196 | -H-- | M] () -- C:\Windows\System32\itlsvc.dat
[2012/02/12 15:59:10 | 000,156,672 | -H-- | M] (Intel Corporation ) -- C:\Windows\System32\NCUSBw32.dll
[2012/02/12 15:54:19 | 000,000,448 | -H-- | M] () -- C:\ProgramData\w0zHb67eoZxCDQ
[2012/02/12 15:51:58 | 000,000,304 | -H-- | M] () -- C:\ProgramData\~w0zHb67eoZxCDQ
[2012/02/12 15:51:57 | 000,000,208 | -H-- | M] () -- C:\ProgramData\~w0zHb67eoZxCDQr
[2012/02/12 15:40:40 | 000,000,633 | -H-- | M] () -- C:\Users\Ken\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/02/12 15:31:53 | 000,000,609 | -H-- | M] () -- C:\Users\Ken\Desktop\System Check.lnk
[2012/02/12 15:31:09 | 000,361,984 | -H-- | M] (Mioft) -- C:\ProgramData\w0zHb67eoZxCDQ.exe
[2012/02/12 15:05:55 | 000,454,656 | -H-- | M] (Mioft) -- C:\ProgramData\XAyrXMNieLwFUhF.exe
[2012/02/11 11:29:32 | 000,005,216 | -H-- | M] () -- C:\Users\Ken\AppData\Local\d3d9caps.dat
[2012/02/03 09:57:21 | 002,463,976 | ---- | M] () -- C:\Windows\System32\drivers\N360\0502000.00D\Cat.DB
[2012/01/27 23:27:32 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\N360\0502000.00D\isolate.ini
[2012/01/20 15:04:59 | 001,798,162 | -H-- | M] () -- C:\Users\Ken\Documents\NGL Separation KJ.pdf
[2012/01/19 18:08:52 | 000,654,994 | -H-- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/19 18:08:52 | 000,123,416 | -H-- | M] () -- C:\Windows\System32\perfc009.dat
[3 C:\Users\Ken\Documents\*.tmp files -> C:\Users\Ken\Documents\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ========== [2012/02/14 11:28:42 | 001,202,688 | ---- | C] () -- C:\Users\Ken\Desktop\RogueKiller.exe
[2012/02/14 10:37:32 | 396,880,142 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/02/13 12:26:13 | 000,001,878 | -H-- | C] () -- C:\Users\Ken\Desktop\HijackThis.lnk
[2012/02/13 09:47:47 | 000,002,243 | -H-- | C] () -- C:\Windows\epplauncher.mif
[2012/02/13 09:47:05 | 000,000,036 | -H-- | C] () -- C:\Users\Ken\AppData\Local\housecall.guid.cache
[2012/02/12 23:05:19 | 000,512,992 | -H-- | C] () -- C:\Users\Ken\Desktop\sdsetup(1).exe
[2012/02/12 22:22:13 | 000,000,432 | -H-- | C] () -- C:\ProgramData\YBssaZNY8n2isl
[2012/02/12 22:16:26 | 000,001,889 | -H-- | C] () -- C:\Users\Public\Desktop\Acer OrbiCam.lnk
[2012/02/12 16:03:21 | 000,103,733 | -H-- | C] () -- C:\Windows\System32\itusbcore.dat
[2012/02/12 16:03:21 | 000,000,196 | -H-- | C] () -- C:\Windows\System32\itlsvc.dat
[2012/02/12 15:40:40 | 000,000,633 | -H-- | C] () -- C:\Users\Ken\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/02/12 15:31:54 | 000,000,208 | -H-- | C] () -- C:\ProgramData\~w0zHb67eoZxCDQr
[2012/02/12 15:31:53 | 000,000,304 | -H-- | C] () -- C:\ProgramData\~w0zHb67eoZxCDQ
[2012/02/12 15:31:52 | 000,000,609 | -H-- | C] () -- C:\Users\Ken\Desktop\System Check.lnk
[2012/02/12 15:31:40 | 000,000,448 | -H-- | C] () -- C:\ProgramData\w0zHb67eoZxCDQ
[2012/02/12 15:06:15 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/01/20 15:04:57 | 001,798,162 | -H-- | C] () -- C:\Users\Ken\Documents\NGL Separation KJ.pdf
[2011/05/18 20:09:33 | 000,416,568 | -H-- | C] () -- \Install_Instructions.pdf
[2011/05/18 19:27:52 | 000,001,940 | -H-- | C] () -- C:\Users\Ken\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/05/06 13:01:01 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat
[2010/04/27 18:47:39 | 006,667,264 | -H-- | C] () -- \XenAppWeb.msi
[2010/04/27 18:42:57 | 012,436,848 | -H-- | C] () -- \CitrixOnlinePluginWeb.exe
[2009/09/15 19:31:22 | 000,001,526 | -H-- | C] () -- C:\Windows\fs1234.dat
[2009/09/11 07:36:50 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/11 07:36:50 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 15:07:42 | 000,403,816 | -H-- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | -H-- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2008/10/12 08:06:09 | 000,000,008 | -H-- | C] () -- C:\Windows\System32\winsusrx.dll
[2008/09/21 13:00:59 | 000,005,216 | -H-- | C] () -- C:\Users\Ken\AppData\Local\d3d9caps.dat
[2008/08/01 05:11:28 | 000,000,136 | -H-- | C] () -- C:\Windows\System32\winsusrm.dll
[2008/07/27 02:04:41 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/06/11 08:47:12 | 000,119,296 | -H-- | C] () -- C:\Windows\System32\zlibwapi.dll
[2008/02/11 18:55:18 | 000,147,456 | -H-- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/01/19 08:35:58 | 000,012,288 | -H-- | C] () -- C:\Users\Ken\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/18 19:36:45 | 000,274,432 | -H-- | C] () -- C:\Windows\System32\lxbtinst.dll
[2007/12/30 17:50:49 | 000,000,376 | -H-- | C] () -- C:\Windows\ODBC.INI
[2007/12/30 17:13:13 | 000,000,037 | -H-- | C] () -- C:\Windows\Acer.ini
[2007/07/09 23:29:49 | 000,016,384 | -H-- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2007/07/09 22:50:52 | 000,000,030 | -H-- | C] () -- C:\Windows\SETPANEL.INI
[2007/07/09 22:50:50 | 000,000,092 | -H-- | C] () -- C:\Windows\CLEANUP.INI
[2007/04/10 04:43:43 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007/04/10 04:18:47 | 000,333,257 | RHS- | C] () -- \bootmgr
[2007/04/10 04:18:47 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK
[2007/04/10 03:42:55 | 000,076,584 | -H-- | C] () -- C:\Windows\System32\drivers\int15.sys
[2007/04/10 03:42:55 | 000,015,656 | -H-- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2007/04/10 03:42:00 | 000,065,536 | -H-- | C] () -- C:\Windows\System32\NATTraversal.dll
[2007/04/10 03:32:24 | 000,331,776 | -H-- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007/04/10 03:12:36 | 000,356,352 | -H-- | C] () -- C:\Windows\EMCRI.dll
[2007/04/10 03:04:38 | 000,001,132 | -H-- | C] () -- C:\Windows\RtDefLvl.ini
[2007/04/10 02:29:34 | 000,204,800 | -H-- | C] () -- C:\Windows\System32\igfxCoIn_v1114.dll
[2007/04/10 02:29:31 | 001,060,424 | -H-- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/04/10 02:28:47 | 000,042,594 | -H-- | C] () -- C:\Windows\System32\lvcoinst.ini
[2007/02/22 18:32:00 | 000,344,064 | -H-- | C] () -- C:\Windows\System32\lxbtcoin.dll
[2007/02/07 00:58:10 | 000,204,800 | -H-- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007/02/07 00:57:58 | 000,266,240 | -H-- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007/02/07 00:57:20 | 000,086,016 | -H-- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007/02/07 00:56:30 | 000,028,672 | -H-- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007/02/07 00:56:28 | 000,073,728 | -H-- | C] () -- C:\Windows\System32\APISlice.dll
[2007/02/07 00:52:08 | 000,063,488 | -H-- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006/12/25 16:44:48 | 000,022,016 | -H-- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006/11/13 06:50:06 | 000,071,680 | -H-- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 000,445,816 | -H-- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,654,994 | -H-- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | -H-- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,123,416 | -H-- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | -H-- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:23:21 | 000,215,943 | -H-- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:23:09 | 000,000,024 | -H-- | C] () -- \autoexec.bat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | -H-- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | -H-- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | -H-- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 00:25:08 | 000,000,010 | -H-- | C] () -- \config.sys
[2006/03/05 07:50:48 | 3707,437,055 | -HS- | C] () -- \gobackio.bin
[2006/03/05 07:32:48 | 045,469,528 | -H-- | C] () -- \NIS06910.exe
[2006/02/18 21:23:01 | 000,001,024 | -H-- | C] () -- \IPH.PH
[2005/08/18 06:26:46 | 000,040,960 | -H-- | C] () -- C:\Windows\System32\lxbtvs.dll
[2005/05/25 09:07:26 | 000,061,440 | -H-- | C] () -- C:\Windows\System32\lxbtcnv4.dll
[2002/09/26 13:35:16 | 000,001,024 | -H-- | C] () -- C:\Windows\System32\atsdrve.dll
[2001/12/26 16:12:30 | 000,065,536 | -H-- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/03 23:46:38 | 000,110,592 | -H-- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 16:33:56 | 000,118,784 | -H-- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 000,118,784 | -H-- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[1999/01/22 12:46:56 | 000,065,536 | -H-- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
[1998/01/12 02:00:00 | 000,040,448 | -H-- | C] () -- C:\Windows\System32\REGOBJ.DLL
========== LOP Check ========== [2007/12/30 17:13:55 | 000,000,000 | -H-D | M] -- C:\Users\Ken\AppData\Roaming\Acer
[2011/10/31 16:50:20 | 000,000,000 | -H-D | M] -- C:\Users\Ken\AppData\Roaming\Avery
[2009/02/03 19:29:28 | 000,000,000 | -H-D | M] -- C:\Users\Ken\AppData\Roaming\ICAClient
[2007/12/30 17:13:55 | 000,000,000 | -H-D | M] -- C:\Users\Ken\AppData\Roaming\Leadertech
[2011/05/20 16:39:03 | 000,000,000 | -H-D | M] -- C:\Users\Ken\AppData\Roaming\NCH Swift Sound
[2010/11/28 13:04:14 | 000,000,000 | -H-D | M] -- C:\Users\Ken\AppData\Roaming\Tific
[2011/05/11 18:56:47 | 000,000,000 | -H-D | M] -- C:\Users\Ken\AppData\Roaming\W3i, LLC
[2012/01/08 22:03:51 | 000,000,000 | -H-D | M] -- C:\Users\Ken\AppData\Roaming\WeatherBug
[2011/06/04 07:44:19 | 000,000,000 | -H-D | M] -- C:\Users\Ken\AppData\Roaming\YouSendIt
[2010/04/01 21:47:09 | 000,000,526 | -H-- | M] () -- C:\Windows\Tasks\Install_NSS.job
[2012/02/13 09:56:57 | 000,032,566 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >
OTL Extras logfile created on: 2/14/2012 11:55:06 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ken\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.99 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 57.93% Memory free
4.21 Gb Paging File | 3.55 Gb Available in Paging File | 84.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.78 Gb Total Space | 9.45 Gb Free Space | 13.54% Space Free | Partition Type: NTFS
Drive D: | 69.51 Gb Total Space | 50.04 Gb Free Space | 71.99% Space Free | Partition Type: NTFS
Computer Name: GREG-BRADY | User Name: Ken | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-443608138-2410991361-87084391-1000\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F8203888-F878-4F1F-B2C0-6701BFE99FE5}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0156A47A-8792-43AB-9490-F17EEE6C5BE9}" = protocol=6 | dir=in | app=c:\windows\system32\lxbtcoms.exe |
"{037090E2-6F2A-4940-AD57-D71C3B1BED8A}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbtpswx.exe |
"{0CF6CDFC-42AC-46EF-86A6-ADD561035C3A}" = protocol=17 | dir=in | app=c:\program files\hp\hp photosmart plus b210 series\bin\devicesetup.exe |
"{11C85A7A-D8EB-4911-8B29-402A1EB320B9}" = protocol=17 | dir=in | app=c:\windows\system32\lxbtcoms.exe |
"{21D0D534-947D-45F0-BCDD-C30CD5446A50}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{2564132A-89FC-4665-A9A2-1559BF33012E}" = dir=in | app=c:\program files\acer arcade deluxe\videomagician\magicdirector.exe |
"{4A422A66-60F8-4A85-9A91-D4B6176A3194}" = protocol=6 | dir=in | app=c:\program files\hp\hp photosmart plus b210 series\bin\devicesetup.exe |
"{4BF2179A-A4BB-4E31-8804-F141E1CD74E7}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{5E3F7CBD-3AB4-45AE-B970-76B766E32D08}" = protocol=17 | dir=in | app=c:\users\ken\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{61D6F5A3-DAD3-4E8C-9CE5-63523CC49926}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{639B66E7-F57D-48A7-A8AA-09A2E8BB39CB}" = protocol=6 | dir=in | app=c:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe |
"{6A8B8CE7-F5B2-45F2-90BC-03E065EE4A14}" = protocol=6 | dir=in | app=c:\users\ken\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{747C3ED2-E750-4E85-A57E-490BB56684BA}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{78366228-6280-4C03-AFEC-A1258A7417E4}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{903F8848-53EB-464A-8A81-B3D81AD5C75E}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{919BBC3B-5038-443F-AC50-1340D574A185}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{B112F1E7-4324-4CA2-ADEC-67A268695524}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B9178524-23D8-4218-94C6-0F5E16AC63CD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D7234E07-012D-42D4-AF05-A6748696508A}" = dir=in | app=c:\program files\acer arcade deluxe\dv wizard\powerdv.exe |
"{F17A4E2B-6CD5-407A-AE4F-490404224B91}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbtpswx.exe |
"{F92F3B7D-937B-4CE2-AE67-C63A3EC4BEBC}" = dir=in | app=c:\program files\acer arcade deluxe\dvdivine\dvdivine.exe |
"{FBB2C868-BE99-4B76-B0EF-E678BC7FFE09}" = protocol=17 | dir=in | app=c:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03148D0A-6C27-4204-AE01-CFA089D19618}" = HP Photosmart Plus B210 series Product Improvement Study
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F79C1B2-36B2-4B62-8221-42721CF54638}" = Acer OrbiCam Application
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1AEC7728-1640-4E98-AABC-5EBE3FB57FE4}" = SMSC Fast Infrared Driver
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2BA09774-34F7-4A06-8C7E-B69E44CB9EB0}" = DriverBoost
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{353D20CC-719B-4A60-AD33-D03F88C10330}" = Microsoft Office Accounting PayPal Addin
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel(R) PROSet/Wireless WiFi Software
"{3AF1FB80-21BD-4715-8EE2-AB77925519D9}" = PCsync
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{46614A49-222A-48EF-87A9-BFD603E608E1}" = Microsoft Office Accounting Fixed Asset Manager
"{48B82226-75E3-4E90-92CC-D30F79EA6380}" = Norton Security Scan
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5A8D3524-79DB-11D5-99D1-00010256D40E}" = SD Viewer for DSC
"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{623B8278-8CAD-45C1-B844-58B687C07805}" = Bing Bar Platform
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}" = Zone Deluxe Games
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{6E5A0256-C1BB-4A4E-99CE-B87CC4383744}" = HP Photosmart Plus B210 series Basic Device Software
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{764C0C8F-B1B1-49BF-AEDC-4E48E857A667}" = Lexmark Fax Solutions
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F5FDEA1-D0AC-4D80-9D95-59775FCCFA40}" = HP Photosmart Plus B210 series Help
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{868291A4-229E-4795-B0B0-E60E87AF53CD}" = Sibelius Scorch (ActiveX Only)
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Client 1.10.01
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C711818-076E-475C-B95B-DF11CD9D8DBE}" = Microsoft Office Accounting Equifax Addin
"{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"{8E1CB0F1-67BF-4052-AA23-FA22E94804C1}" = InstallIQ Updater
"{8F018A9E-56DE-4A79-A5EF-25F413F1D538}" = WeatherBug
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1960A82-DB70-474D-A86B-FA74466103C6}" = Drivers Install For Linksys Easylink Advisor
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.6
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B0717D5A-1976-482B-9ADF-F19631A541A4}" = Microsoft Office Accounting 2007
"{B139DD51-C3F1-4583-98B4-D35F64EA847F}" = Windows Easy Transfer Companion (Beta)
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C8E4455F-0F70-4DA2-A9F9-2D56C80E10AD}" = Sibelius Scorch (ActiveX Only)
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CCF13D13-A87B-34E8-B689-1896D0C2DBA2}" = Google Talk Plugin
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint Plus
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDBC8703-AA18-491F-97BE-98D4543A901B}" = PCsync
"{DF3A077E-290A-4089-A446-5720F34D6946}" = Dolet Light for PrintMusic 2006
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F97272B4-82C4-46B2-BCF1-C4D6E8CAB3E6}" = Avery Wizard 4.0
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FDB5E0F3-86EA-4379-8A2F-1BC2436543E9}" = iCloud
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"AcerOrbiCamDrv" = Acer Camera Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Crunchdeal" = Crunchdeal
"Digital Editions" = Adobe Digital Editions
"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.6 (0032)
"Finale PrintMusic 2010" = Finale PrintMusic 2010
"GridVista" = Acer GridVista
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HP Photo Creations" = HP Photo Creations
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{764C0C8F-B1B1-49BF-AEDC-4E48E857A667}" = Lexmark Fax Solutions
"InstallShield_{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"jZip" = jZip
"Lexmark 5200 Series" = Lexmark 5200 Series
"LManager" = Launch Manager
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Office Accounting 2007" = Microsoft Office Accounting 2007
"Microsoft Office Accounting Equifax Addin" = Microsoft Office Accounting Equifax Addin
"Microsoft Office Accounting PayPal Addin" = Microsoft Office Accounting PayPal Addin
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.0
"Musicnotes Player" = Musicnotes Player
"N360" = Norton 360
"ProInst" = Intel PROSet Wireless
"RealPlayer 6.0" = RealPlayer
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"Spyware Doctor" = Spyware Doctor 8.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TTB000001.TTB000001Toolbar" = CouponBar
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"YInstHelper" = Yahoo! Install Manager
========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-443608138-2410991361-87084391-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Smad" = SanctionedMedia
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 2/14/2012 12:47:01 PM | Computer Name = Greg-Brady | Source = EventSystem | ID = 4609
Description =
Error - 2/14/2012 1:01:20 PM | Computer Name = Greg-Brady | Source = LoadPerf | ID = 3013
Description =
Error - 2/14/2012 1:01:21 PM | Computer Name = Greg-Brady | Source = LoadPerf | ID = 3011
Description =
Error - 2/14/2012 1:01:28 PM | Computer Name = Greg-Brady | Source = LoadPerf | ID = 3013
Description =
Error - 2/14/2012 1:01:28 PM | Computer Name = Greg-Brady | Source = LoadPerf | ID = 3009
Description =
Error - 2/14/2012 1:10:42 PM | Computer Name = Greg-Brady | Source = EventSystem | ID = 4609
Description =
Error - 2/14/2012 1:25:12 PM | Computer Name = Greg-Brady | Source = EventSystem | ID = 4609
Description =
Error - 2/14/2012 1:29:23 PM | Computer Name = Greg-Brady | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp
0x49e01da5, faulting module d3d10_1.dll_unloaded, version 0.0.0.0, time stamp 0x4d385de6,
exception code 0xc0000005, fault offset 0x715563ad, process id 0x65c, application
start time 0x01cceb3d954666de.
Error - 2/14/2012 1:29:40 PM | Computer Name = Greg-Brady | Source = EventSystem | ID = 4609
Description =
Error - 2/14/2012 1:44:01 PM | Computer Name = Greg-Brady | Source = EventSystem | ID = 4609
Description =
[ Media Center Events ]
Error - 5/25/2008 9:20:14 AM | Computer Name = Greg-Brady | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Error - 7/31/2008 7:35:51 PM | Computer Name = Greg-Brady | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Error - 8/21/2008 7:13:09 PM | Computer Name = Greg-Brady | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Error - 8/28/2008 7:01:22 PM | Computer Name = Greg-Brady | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Error - 8/30/2008 11:16:43 AM | Computer Name = Greg-Brady | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Error - 2/25/2009 6:51:21 AM | Computer Name = Greg-Brady | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 6/19/2009 6:51:09 PM | Computer Name = Greg-Brady | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 10/7/2009 5:55:51 PM | Computer Name = Greg-Brady | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 6/3/2010 7:47:52 PM | Computer Name = Greg-Brady | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide
Error - 7/12/2011 6:00:37 AM | Computer Name = Greg-Brady | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide
[ OSession Events ]
Error - 6/17/2009 11:58:40 PM | Computer Name = Greg-Brady | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 21
seconds with 0 seconds of active time. This session ended with a crash.
Error - 11/16/2009 12:48:34 AM | Computer Name = Greg-Brady | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 316937
seconds with 5340 seconds of active time. This session ended with a crash.
Error - 4/13/2010 8:06:29 PM | Computer Name = Greg-Brady | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 162
seconds with 120 seconds of active time. This session ended with a crash.
Error - 7/22/2010 2:45:09 PM | Computer Name = Greg-Brady | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 19752
seconds with 540 seconds of active time. This session ended with a crash.
Error - 8/3/2010 8:35:15 PM | Computer Name = Greg-Brady | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 2723
seconds with 360 seconds of active time. This session ended with a crash.
Error - 8/22/2010 12:02:14 PM | Computer Name = Greg-Brady | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.
Error - 9/7/2010 7:33:51 PM | Computer Name = Greg-Brady | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 106
seconds with 60 seconds of active time. This session ended with a crash.
Error - 12/17/2010 7:27:00 PM | Computer Name = Greg-Brady | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6548.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 157845
seconds with 1020 seconds of active time. This session ended with a crash.
Error - 1/30/2011 3:24:21 PM | Computer Name = Greg-Brady | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 413255
seconds with 5340 seconds of active time. This session ended with a crash.
Error - 6/20/2011 9:51:20 PM | Computer Name = Greg-Brady | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 123687
seconds with 9600 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 2/14/2012 1:43:51 PM | Computer Name = Greg-Brady | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =
Error - 2/14/2012 1:43:54 PM | Computer Name = Greg-Brady | Source = DCOM | ID = 10005
Description =
Error - 2/14/2012 1:44:01 PM | Computer Name = Greg-Brady | Source = DCOM | ID = 10005
Description =
Error - 2/14/2012 1:44:02 PM | Computer Name = Greg-Brady | Source = DCOM | ID = 10005
Description =
Error - 2/14/2012 1:44:20 PM | Computer Name = Greg-Brady | Source = Service Control Manager | ID = 7001
Description =
Error - 2/14/2012 1:44:20 PM | Computer Name = Greg-Brady | Source = Service Control Manager | ID = 7003
Description =
Error - 2/14/2012 1:44:20 PM | Computer Name = Greg-Brady | Source = Service Control Manager | ID = 7003
Description =
Error - 2/14/2012 1:44:20 PM | Computer Name = Greg-Brady | Source = Service Control Manager | ID = 7003
Description =
Error - 2/14/2012 1:44:20 PM | Computer Name = Greg-Brady | Source = Service Control Manager | ID = 7026
Description =
Error - 2/14/2012 1:45:35 PM | Computer Name = Greg-Brady | Source = Service Control Manager | ID = 7001
Description =
< End of report >