Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HIJACK This - Log File Post [Closed]


  • This topic is locked This topic is locked

#1
hawaiianbrian410

hawaiianbrian410

    New Member

  • Member
  • Pip
  • 2 posts
I have a HP AMD Quad Core. I installed a new video card a few backs since it was using the integrated graphics. Recently (this may be related, i haven't verified yet) my processes seem to take up 100% of the CPU power on 3 of the 4 CPUs at the same time. It varies across which CPUs but it is killing my machine. A co-worker suggested I run Hijack This and then post the log on here to see if there was anyone much smarter than me that could help me figure this out.

Any help would be immensely appreciated:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:46:58 PM, on 5/2/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Tools\Web Tools\Xmarks\IE Extension\xmarkssync.exe
C:\Program Files (x86)\Security\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Multimedia\PHOTOfunSTUDIO\PhAutoRun.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files (x86)\Multimedia\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe
C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe
C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe
C:\Program Files (x86)\Verizon\McciBrowser.exe
C:\Program Files (x86)\Tools\Web Tools\Mozilla\Firefox\firefox.exe
C:\PROGRA~2\Crawler\Toolbar\CToolbar.exe
C:\Program Files (x86)\Security\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files (x86)\Verizon\McciBrowser.exe
C:\Program Files (x86)\Security\Trend Micro\HijackThis\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.c...a...&tbid=60426
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\Security\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\PRODUC~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Tools\Web Tools\Java\bin\jp2ssv.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\Security\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Productivity\Microsoft Office 2010\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Productivity\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\Multimedia\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\Multimedia\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files (x86)\Security\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Orb] "C:\Program Files (x86)\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [Xmarks] C:\Program Files (x86)\Tools\Web Tools\Xmarks\IE Extension\xmarkssync.exe -q
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files (x86)\Security\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - Startup: BUFFALO NAS Navigator.lnk = C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
O4 - Startup: NAS Scheduler.lnk = C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe
O4 - Global Startup: OfficeSAS.lnk = ?
O4 - Global Startup: PHOTOfunSTUDIO HD Edition.lnk = C:\Program Files (x86)\Multimedia\PHOTOfunSTUDIO\PhAutoRun.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\PRODUC~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res:///105
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\PRODUC~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\PRODUC~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Productivity\Microsoft Office 2010\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Productivity\Microsoft Office 2010\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\PRODUC~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {638F11AA-DF27-433b-BA2E-7281CE561D71} - C:\Program Files (x86)\Tools\Web Tools\Xmarks\IE Extension\xmarkssync.exe (HKCU)
O9 - Extra 'Tools' menuitem: Xmarks for IE... - {638F11AA-DF27-433b-BA2E-7281CE561D71} - C:\Program Files (x86)\Tools\Web Tools\Xmarks\IE Extension\xmarkssync.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.aka...vex-2.2.5.0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Productivity\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\Security\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\Security\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\Security\AVG\AVG9\avgwdsvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\SysWOW64\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS360service - IObit - C:\Program Files (x86)\Security\IObit\IObit Security 360\IS360srv.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
O23 - Service: McciCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NAS PM Service (NasPmService) - BUFFALO INC. - C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files (x86)\Security\Spyware Terminator\sp_rsser.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Zimbra Desktop Service - Unknown owner - C:\Users\Brian\AppData\Local\Zimbra\zdesktop\zdesktop.exe

--
End of file - 13162 bytes
  • 0

Advertisements


#2
Gammo

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hi hawaiianbrian410,

Welcome to Geeks to Go! My name is Gammo and I will be helping you fix your computer problem.
If for any reason you do not understand any of the instructions, or are just unsure then please do not guess, simply post back with your question, and we will go through it again.

I need some more informations first. :)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
  • Double click GMER.exe.
    Posted Image
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
      Posted Image
      Click the image to enlarge it
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
  • Save the log where you can easily find it, such as your desktop.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Please copy and paste the report into your Post.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Posted Image OTL
We don't use HijackThis anymore. OTL is currently our primary tool for searching key areas of the registry and other system locations for the telltale signs of malware. It generates a comprehensive log, and offers an initial diagnosis.

Important note: HijackThis has been replaced by OTL in this guide. Since being acquired by TrendMicro, HijackThis has not been regularly updated. Many infections are now able to hide partly, or completely from a HijackThis scan. OTL is authored by one of our staff members (OldTimer). It includes all the scan locations of HijackThis and more. It's not only a more comprehensive scan tool, but also offers more powerful removal features.

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time

  • 0

#3
hawaiianbrian410

hawaiianbrian410

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Thank you for the reply.

When I click on the gmer.exe I get the following error message:

C:\Windows\system32\config\system: The system cannot find the file specified.

When I ran the gmer scan the message was that "No file modifications were found" and the ark.txt file is blank.

The results of the OTL scan are follows:

OTL.txt
OTL logfile created on: 5/5/2010 12:54:05 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Brian\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 75.00% Memory free
15.00 Gb Paging File | 13.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 685.08 Gb Total Space | 382.34 Gb Free Space | 55.81% Space Free | Partition Type: NTFS
Drive D: | 13.41 Gb Total Space | 1.49 Gb Free Space | 11.14% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 931.28 Gb Total Space | 890.75 Gb Free Space | 95.65% Space Free | Partition Type: FAT32

Computer Name: HOMER
Current User Name: Brian
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/05 12:53:03 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Brian\Desktop\OTL.exe
PRC - [2010/04/29 18:34:53 | 000,488,960 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Security\Spyware Terminator\sp_rsser.exe
PRC - [2010/04/21 09:57:39 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\Security\AVG\AVG9\avgtray.exe
PRC - [2010/04/21 01:07:04 | 002,374,096 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Crawler\Toolbar\CToolbar.exe
PRC - [2010/03/24 13:58:22 | 000,309,760 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/18 11:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/17 16:53:24 | 000,207,872 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe
PRC - [2010/03/17 08:47:22 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\Security\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/17 08:46:57 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\Security\AVG\AVG9\avgemc.exe
PRC - [2010/03/17 08:46:56 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\Security\AVG\AVG9\avgcsrvx.exe
PRC - [2010/01/26 20:58:38 | 000,256,280 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10e.exe
PRC - [2009/12/24 17:02:30 | 000,311,568 | ---- | M] (IObit) -- C:\Program Files (x86)\Security\IObit\IObit Security 360\is360srv.exe
PRC - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/09/26 05:00:52 | 000,202,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office14\OfficeSAS\OfficeSASScheduler.exe
PRC - [2009/08/27 17:08:28 | 000,139,264 | ---- | M] () -- C:\Users\Brian\AppData\Local\Zimbra\zdesktop\zdesktop.exe
PRC - [2008/07/11 09:22:58 | 000,251,184 | R--- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe
PRC - [2008/05/27 09:36:20 | 000,206,128 | R--- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe
PRC - [2007/06/15 13:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\SysWOW64\bgsvcgen.exe


========== Modules (SafeList) ==========

MOD - [2010/05/05 12:53:03 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Brian\Desktop\OTL.exe
MOD - [2009/07/13 21:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/04/28 03:01:44 | 001,255,736 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV:64bit: - [2009/09/26 04:28:30 | 004,924,336 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV:64bit: - [2009/07/30 04:03:42 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009/07/13 21:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009/07/13 21:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/13 21:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009/07/13 21:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/13 21:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009/07/13 21:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009/07/13 21:41:54 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\StorSvc.dll -- (StorSvc)
SRV:64bit: - [2009/07/13 21:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009/07/13 21:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009/07/13 21:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009/07/13 21:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/07/13 21:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009/07/13 21:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009/07/13 21:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/13 21:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009/07/13 21:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009/07/13 21:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/13 21:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009/07/13 21:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009/07/13 21:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009/07/13 21:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV:64bit: - [2009/03/30 18:19:56 | 002,297,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010/04/29 18:34:53 | 000,488,960 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files (x86)\Security\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/17 08:47:22 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\Security\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/17 08:46:57 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\Security\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/12/24 17:02:30 | 000,311,568 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\Security\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/08/27 17:08:28 | 000,139,264 | ---- | M] () [Auto | Running] -- C:\Users\Brian\AppData\Local\Zimbra\zdesktop\zdesktop.exe -- (Yahoo! Zimbra Desktop Service)
SRV - [2009/08/05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/07/13 23:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009/07/13 23:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009/07/13 21:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 21:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 16:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009/06/10 16:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008/10/25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Productivity\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/07/11 09:22:58 | 000,251,184 | R--- | M] (BUFFALO INC.) [Auto | Running] -- C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe -- (NasPmService)
SRV - [2007/06/15 13:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\SysWOW64\bgsvcgen.exe -- (bgsvcgen)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/04/21 09:57:34 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2010/03/17 08:47:26 | 000,035,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2010/03/17 08:46:57 | 000,269,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2010/02/05 18:05:09 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2009/12/11 06:29:27 | 000,153,160 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg)
DRV:64bit: - [2009/09/26 02:20:38 | 000,223,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol)
DRV:64bit: - [2009/09/22 21:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009/09/22 21:46:17 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009/09/22 21:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009/09/22 21:32:35 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd)
DRV:64bit: - [2009/09/22 21:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009/08/06 00:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/07/30 14:11:24 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/16 05:20:26 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy)
DRV:64bit: - [2009/07/13 21:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount)
DRV:64bit: - [2009/07/13 21:45:55 | 000,217,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp)
DRV:64bit: - [2009/07/13 21:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/13 21:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/13 21:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot)
DRV:64bit: - [2009/07/13 21:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 21:45:46 | 000,214,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost)
DRV:64bit: - [2009/07/13 21:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw)
DRV:64bit: - [2009/07/13 21:43:14 | 000,460,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG)
DRV:64bit: - [2009/07/13 20:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus)
DRV:64bit: - [2009/07/13 20:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV:64bit: - [2009/07/13 20:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV:64bit: - [2009/07/13 20:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf)
DRV:64bit: - [2009/07/13 20:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap)
DRV:64bit: - [2009/07/13 20:07:22 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vwififlt.sys -- (vwififlt)
DRV:64bit: - [2009/07/13 20:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus)
DRV:64bit: - [2009/07/13 20:07:13 | 000,227,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci)
DRV:64bit: - [2009/07/13 20:07:00 | 000,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2009/07/13 20:07:00 | 000,184,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbvideo.sys -- (usbvideo) USB Video Device (WDM)
DRV:64bit: - [2009/07/13 20:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass)
DRV:64bit: - [2009/07/13 20:06:32 | 000,109,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV:64bit: - [2009/07/13 20:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV:64bit: - [2009/07/13 20:05:37 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf)
DRV:64bit: - [2009/07/13 20:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig)
DRV:64bit: - [2009/07/13 20:00:34 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2009/07/13 20:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep)
DRV:64bit: - [2009/07/13 19:52:39 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID)
DRV:64bit: - [2009/07/13 19:50:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter)
DRV:64bit: - [2009/07/13 19:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/13 19:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/13 19:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache)
DRV:64bit: - [2009/07/13 19:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt)
DRV:64bit: - [2009/07/13 19:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2009/07/13 19:27:17 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi)
DRV:64bit: - [2009/07/13 19:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/07/13 19:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/20 09:53:32 | 000,716,288 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009/05/18 22:32:26 | 000,231,224 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/02 00:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2006/08/25 15:36:52 | 000,039,208 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cdrbsdrv.sys -- (cdrbsdrv)
DRV - [2010/03/17 16:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 16:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/01/31 13:49:45 | 000,000,000 | ---D | M] [Kernel | System | Running] -- C:\Windows\CSC -- (CSC)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 21:16:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\netbios.dll -- (NetBIOS)
DRV - [2009/06/10 17:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2009/06/10 17:15:18 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006/09/18 09:50:10 | 000,022,784 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\afc.sys -- (Afc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B2 3C F2 0D 21 E7 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files (x86)\Crawler\Toolbar\ctbr.dll (Crawler.com)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files (x86)\Crawler\Toolbar\firefox\ [2010/04/29 18:35:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Tools\Web Tools\Mozilla\Firefox\components [2010/04/16 08:48:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Tools\Web Tools\Mozilla\Firefox\plugins [2010/04/24 14:43:17 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\Security\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files (x86)\Crawler\Toolbar\ctbr.dll (Crawler.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\Security\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Productivity\Microsoft Office 2010\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Tools\Web Tools\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files (x86)\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKCU\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files (x86)\Crawler\Toolbar\ctbr.dll (Crawler.com)
O4:64bit: - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\Security\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files (x86)\Productivity\Microsoft Office 2010\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Productivity\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files (x86)\Security\IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKCU..\Run: [Orb] C:\Program Files (x86)\Winamp Remote\bin\OrbTray.exe (Orb Networks)
O4 - HKCU..\Run: [SpywareTerminatorUpdate] C:\Program Files (x86)\Security\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - HKCU..\Run: [Xmarks] C:\Program Files (x86)\Tools\Web Tools\Xmarks\IE Extension\xmarkssync.exe (Xmarks.com)
O4 - Startup: C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator.lnk = C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.)
O4 - Startup: C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NAS Scheduler.lnk = C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Productivity\Microsoft Office 2010\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Productivity\Microsoft Office 2010\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Productivity\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Productivity\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Productivity\Microsoft Office 2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Productivity\Microsoft Office 2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Productivity\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.242.0.12
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\Security\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Productivity\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\Security\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files (x86)\Crawler\Toolbar\ctbr.dll (Crawler.com)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/05 13:19:36 | 000,000,052 | RHS- | M] () - L:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2009/07/13 23:20:14 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
NetSvcs:64bit: Themes - C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
NetSvcs:64bit: BDESVC - C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
NetSvcs: Ias - C:\Windows\SysWOW64\ias.dll (Microsoft Corporation)
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/05/05 12:52:59 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\Brian\Desktop\OTL.exe
[2010/05/05 11:22:41 | 000,000,000 | ---D | C] -- C:\Users\Brian\Desktop\gmer
[2010/05/01 11:21:35 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2010/04/29 18:34:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Crawler
[2010/04/29 18:34:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2010/04/28 03:17:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/04/28 03:17:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/04/22 20:38:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010/04/22 20:38:25 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2010/04/22 20:38:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010/04/16 08:50:13 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/04/16 08:50:12 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/04/16 08:50:12 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/04/16 08:47:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010/04/16 08:47:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/04/16 08:47:06 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/04/16 08:47:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/04/13 16:05:18 | 000,000,000 | --SD | C] -- C:\Users\Brian\Documents\My Shapes
[2010/04/04 22:53:19 | 000,000,000 | ---D | C] -- C:\Users\Brian\Documents\Financial
[2010/03/24 11:28:36 | 000,000,000 | ---D | C] -- C:\Users\Brian\Documents\Outlook Files
[2010/03/24 08:39:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2010/03/24 08:38:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2010/03/24 08:35:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2010/03/24 08:34:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2010/03/23 20:47:15 | 000,000,000 | ---D | C] -- C:\Users\Brian\Tracing
[2010/03/18 17:55:35 | 000,000,000 | ---D | C] -- C:\Program Files\Verizon
[2010/03/18 17:54:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Verizon
[2010/03/18 17:53:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Motive
[2010/03/18 17:53:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motive
[2010/03/18 17:53:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Motive
[2010/03/17 08:47:26 | 000,012,976 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/03/17 08:46:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\avg
[2010/03/07 16:22:23 | 000,000,000 | ---D | C] -- C:\Users\Brian\Documents\TurboTax
[2010/03/07 16:08:24 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\IsolatedStorage
[2010/03/07 16:04:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TurboTax
[2010/03/07 11:33:18 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\Xmarks
[2010/03/02 00:59:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Panasonic
[2010/02/28 19:33:28 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\Diagnostics
[2010/02/28 10:52:49 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/02/20 20:25:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenVPN
[2010/02/19 16:04:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nitro PDF
[2010/02/10 15:04:27 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\MediaMonkey
[2010/02/10 08:59:33 | 000,000,000 | ---D | C] -- C:\Users\Brian\Documents\NasNavi
[2010/02/07 20:20:12 | 000,000,000 | ---D | C] -- C:\ProgramData\ArcSoft
[2010/02/07 20:19:49 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\Programs
[2010/02/07 19:44:25 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\ArcSoft
[2010/02/07 19:42:25 | 000,022,784 | ---- | C] (Arcsoft, Inc.) -- C:\Windows\SysWow64\drivers\afc.sys
[2010/02/07 19:42:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ArcSoft
[2010/02/07 19:42:21 | 000,126,976 | ---- | C] (ArcSoft Inc.) -- C:\Windows\SysWow64\MediaImpression Slideshow.scr
[2010/02/07 19:41:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\MediaImpression Slideshow
[2010/02/07 19:39:20 | 000,145,504 | ---- | C] (B.H.A Corporation) -- C:\Windows\SysWow64\bgsvcgen.exe
[2010/02/07 19:39:20 | 000,059,488 | ---- | C] (B.H.A Corporation) -- C:\Windows\SysWow64\GenSvcInst.exe
[2010/02/07 19:39:20 | 000,039,208 | ---- | C] (B.H.A Corporation) -- C:\Windows\SysNative\drivers\cdrbsdrv.sys
[2010/02/07 19:38:47 | 000,045,056 | ---- | C] (Matsushita Electric Industrial Co., Ltd.) -- C:\Windows\SysWow64\PhDi2.sys
[2010/02/06 23:04:09 | 000,000,000 | ---D | C] -- C:\Users\Brian\Documents\Vuze Downloads
[2010/02/06 23:04:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Azureus
[2010/02/06 22:54:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze
[2010/02/06 22:49:36 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2010/02/06 22:08:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2010/02/06 22:07:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2010/02/06 22:07:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2010/02/06 22:07:27 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/02/06 22:07:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010/02/06 22:05:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/02/06 22:05:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2010/02/06 22:02:51 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/02/06 22:02:51 | 000,000,000 | RH-D | C] -- \MSOCache
[2010/02/06 21:10:07 | 000,000,000 | ---D | C] -- C:\Program Files\Windows XP Mode
[2010/02/06 17:10:24 | 001,003,008 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\SysWow64\libeay32.dll
[2010/02/06 17:10:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010/02/06 17:10:21 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/02/06 17:09:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/02/06 17:08:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2010/02/06 17:08:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2010/02/06 17:04:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU
[2010/02/06 17:04:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia
[2010/02/06 16:58:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2010/02/06 16:54:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2010/02/06 16:53:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/02/05 18:53:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Verizon Stub Installer
[2010/02/05 18:06:20 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\MagicSoftware
[2010/02/05 18:05:09 | 000,082,816 | ---- | C] (VSO Software) -- C:\Windows\SysNative\drivers\pcouffin.sys
[2010/02/05 09:39:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/02/05 09:39:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

========== Files - Modified Within 90 Days ==========

[2010/05/05 12:57:57 | 006,029,312 | -HS- | M] () -- C:\Users\Brian\NTUSER.DAT
[2010/05/05 12:53:03 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Brian\Desktop\OTL.exe
[2010/05/05 12:52:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/05 12:07:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/05 11:22:17 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/05 11:22:17 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/05 11:19:41 | 000,284,915 | ---- | M] () -- C:\Users\Brian\Desktop\gmer.zip
[2010/05/05 11:16:06 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/05 11:14:39 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/05 11:14:15 | 1939,922,943 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/05 08:09:51 | 059,590,935 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/05/04 05:58:20 | 003,832,566 | -H-- | M] () -- C:\Users\Brian\AppData\Local\IconCache.db
[2010/05/02 12:46:20 | 000,003,039 | ---- | M] () -- C:\Users\Brian\Desktop\HiJackThis.lnk
[2010/04/29 19:44:09 | 000,003,584 | ---- | M] () -- C:\Users\Brian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/29 19:43:26 | 000,002,835 | ---- | M] () -- C:\Users\Public\Desktop\Verizon Media Manager.lnk
[2010/04/29 18:34:53 | 000,142,592 | ---- | M] () -- C:\Windows\SysWow64\drivers\sp_rsdrv2.sys
[2010/04/29 17:18:56 | 000,007,605 | ---- | M] () -- C:\Users\Brian\AppData\Local\Resmon.ResmonCfg
[2010/04/29 16:23:49 | 000,002,290 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/04/24 14:43:41 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/04/24 14:43:41 | 000,616,714 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/04/24 14:43:41 | 000,104,078 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/04/24 14:43:17 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/04/24 12:08:01 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010/04/22 20:38:26 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/04/21 09:57:34 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/04/13 00:33:58 | 000,012,922 | ---- | M] () -- C:\Users\Brian\Documents\closing_downpayment.xlsx
[2010/04/08 22:21:21 | 000,000,362 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/04/05 23:57:27 | 000,112,128 | ---- | M] () -- C:\Users\Brian\Documents\Mozart Case Test Worksheet - 04.05.10.xls
[2010/04/05 23:54:24 | 000,112,128 | ---- | M] () -- C:\Users\Brian\Documents\Mozart Case Test Worksheet.xls
[2010/04/05 23:54:24 | 000,112,128 | ---- | M] () -- C:\Users\Brian\Documents\Mozart Case Test Worksheet - Copy.xls
[2010/04/05 22:58:24 | 001,008,074 | ---- | M] () -- C:\Users\Brian\Documents\ProcessManager_04052010-100700.xml
[2010/04/05 21:46:54 | 000,021,504 | ---- | M] () -- C:\Users\Brian\Documents\Mozart Case Test Worksheet - Quick App.xls
[2010/03/27 13:34:12 | 000,943,616 | ---- | M] () -- C:\Users\Public\Documents\Correspondent_Loan_Data_-_614(1).xls
[2010/03/27 13:34:08 | 003,407,872 | ---- | M] () -- C:\Users\Brian\Documents\GMAC Loan Data.accdb
[2010/03/26 19:59:09 | 000,014,553 | ---- | M] () -- C:\Users\Brian\Documents\Word Doc Template.docx
[2010/03/24 15:52:25 | 000,120,323 | ---- | M] () -- C:\Users\Brian\Documents\Project 2010 - Product Key.pdf
[2010/03/24 15:27:31 | 000,000,039 | ---- | M] () -- C:\Windows\vbaddin.ini
[2010/03/24 15:19:08 | 000,079,869 | ---- | M] () -- C:\Users\Brian\Documents\Visio 2010 Product Key.pdf
[2010/03/24 15:18:49 | 000,116,640 | ---- | M] () -- C:\Users\Brian\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/03/24 11:25:23 | 000,441,144 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/03/24 08:44:22 | 000,001,178 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OfficeSAS.lnk
[2010/03/24 08:43:49 | 000,000,478 | ---- | M] () -- C:\Windows\win.ini
[2010/03/24 08:20:41 | 000,120,835 | ---- | M] () -- C:\Users\Brian\Documents\Office 2010 Beta - Product Key.pdf
[2010/03/23 20:40:59 | 000,002,529 | ---- | M] () -- C:\Users\Public\Desktop\Vz In-Home Agent.lnk
[2010/03/22 06:07:24 | 000,029,696 | ---- | M] () -- C:\Users\Brian\Documents\Rule Process Flow.xls
[2010/03/17 08:47:26 | 000,035,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/03/17 08:47:26 | 000,012,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/03/17 08:46:57 | 000,269,320 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/03/15 22:07:32 | 000,030,720 | ---- | M] () -- C:\Users\Brian\Documents\FHA Project Tasks.xls
[2010/03/15 21:48:35 | 000,016,214 | ---- | M] () -- C:\Users\Brian\Documents\test case sample.xlsx
[2010/03/13 15:06:13 | 000,002,523 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/03/07 17:35:17 | 000,035,840 | ---- | M] () -- C:\Users\Brian\test worksheet.xls
[2010/03/07 16:09:40 | 000,002,535 | ---- | M] () -- C:\Users\Public\Desktop\TurboTax 2009.lnk
[2010/03/02 21:11:45 | 000,010,452 | ---- | M] () -- C:\Users\Public\Documents\gradys menu.docx
[2010/02/28 10:52:34 | 458,412,419 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/02/19 16:04:31 | 000,001,156 | ---- | M] () -- C:\Users\Public\Desktop\PrimoPDF - Drop Files Here to Convert!.lnk
[2010/02/19 16:04:29 | 000,000,326 | ---- | M] () -- C:\Windows\primopdf.ini
[2010/02/15 23:54:20 | 003,848,192 | ---- | M] () -- C:\Users\Public\Documents\FHLMC Pricing Test Case Template_021510.doc
[2010/02/09 18:41:16 | 000,008,342 | ---- | M] () -- C:\Users\Public\Documents\Book1.xlsx
[2010/02/07 19:42:29 | 000,002,287 | ---- | M] () -- C:\Users\Public\Desktop\Panorama Maker 4.lnk
[2010/02/07 19:42:25 | 000,002,516 | ---- | M] () -- C:\Users\Public\Desktop\Media Impression.lnk
[2010/02/07 19:40:28 | 000,002,044 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO HD Edition.lnk
[2010/02/06 22:55:07 | 000,001,859 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2010/02/06 18:42:50 | 000,001,304 | ---- | M] () -- C:\Users\Brian\Desktop\AVS4YOU Software Navigator.lnk
[2010/02/05 18:05:09 | 000,082,816 | ---- | M] (VSO Software) -- C:\Windows\SysNative\drivers\pcouffin.sys

========== Files Created - No Company Name ==========

[2010/05/05 11:19:27 | 000,284,915 | ---- | C] () -- C:\Users\Brian\Desktop\gmer.zip
[2010/05/02 12:46:20 | 000,003,039 | ---- | C] () -- C:\Users\Brian\Desktop\HiJackThis.lnk
[2010/04/29 19:44:08 | 000,003,584 | ---- | C] () -- C:\Users\Brian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/29 19:43:26 | 000,002,835 | ---- | C] () -- C:\Users\Public\Desktop\Verizon Media Manager.lnk
[2010/04/29 18:34:53 | 000,142,592 | ---- | C] () -- C:\Windows\SysWow64\drivers\sp_rsdrv2.sys
[2010/04/29 16:23:49 | 000,002,290 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/04/24 14:43:17 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/04/24 12:08:01 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/04/22 20:38:26 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/04/18 18:47:47 | 000,091,648 | ---- | C] () -- C:\Users\Brian\Documents\Monthly Bill Tracker_12.29.08.xls
[2010/04/16 08:36:50 | 000,007,605 | ---- | C] () -- C:\Users\Brian\AppData\Local\Resmon.ResmonCfg
[2010/04/12 22:46:26 | 000,012,922 | ---- | C] () -- C:\Users\Brian\Documents\closing_downpayment.xlsx
[2010/04/08 22:21:20 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/04/05 23:58:18 | 000,112,128 | ---- | C] () -- C:\Users\Brian\Documents\Mozart Case Test Worksheet - Copy.xls
[2010/04/05 23:57:25 | 000,112,128 | ---- | C] () -- C:\Users\Brian\Documents\Mozart Case Test Worksheet - 04.05.10.xls
[2010/04/05 22:58:16 | 001,008,074 | ---- | C] () -- C:\Users\Brian\Documents\ProcessManager_04052010-100700.xml
[2010/04/05 18:46:26 | 000,112,128 | ---- | C] () -- C:\Users\Brian\Documents\Mozart Case Test Worksheet.xls
[2010/04/05 18:46:24 | 000,021,504 | ---- | C] () -- C:\Users\Brian\Documents\Mozart Case Test Worksheet - Quick App.xls
[2010/03/27 10:57:07 | 000,943,616 | ---- | C] () -- C:\Users\Public\Documents\Correspondent_Loan_Data_-_614(1).xls
[2010/03/27 10:56:36 | 003,407,872 | ---- | C] () -- C:\Users\Brian\Documents\GMAC Loan Data.accdb
[2010/03/26 19:59:09 | 000,014,553 | ---- | C] () -- C:\Users\Brian\Documents\Word Doc Template.docx
[2010/03/24 15:52:25 | 000,120,323 | ---- | C] () -- C:\Users\Brian\Documents\Project 2010 - Product Key.pdf
[2010/03/24 15:19:08 | 000,079,869 | ---- | C] () -- C:\Users\Brian\Documents\Visio 2010 Product Key.pdf
[2010/03/24 08:44:22 | 000,001,178 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OfficeSAS.lnk
[2010/03/24 08:20:41 | 000,120,835 | ---- | C] () -- C:\Users\Brian\Documents\Office 2010 Beta - Product Key.pdf
[2010/03/23 20:40:59 | 000,002,529 | ---- | C] () -- C:\Users\Public\Desktop\Vz In-Home Agent.lnk
[2010/03/19 12:05:51 | 000,029,696 | ---- | C] () -- C:\Users\Brian\Documents\Rule Process Flow.xls
[2010/03/15 21:48:35 | 000,016,214 | ---- | C] () -- C:\Users\Brian\Documents\test case sample.xlsx
[2010/03/13 15:06:13 | 000,002,523 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/03/11 12:32:34 | 000,030,720 | ---- | C] () -- C:\Users\Brian\Documents\FHA Project Tasks.xls
[2010/03/07 16:09:40 | 000,002,535 | ---- | C] () -- C:\Users\Public\Desktop\TurboTax 2009.lnk
[2010/03/07 09:26:56 | 000,035,840 | ---- | C] () -- C:\Users\Brian\test worksheet.xls
[2010/03/02 21:11:45 | 000,010,452 | ---- | C] () -- C:\Users\Public\Documents\gradys menu.docx
[2010/02/28 10:52:34 | 458,412,419 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/02/19 16:04:31 | 000,001,156 | ---- | C] () -- C:\Users\Public\Desktop\PrimoPDF - Drop Files Here to Convert!.lnk
[2010/02/19 16:04:29 | 000,090,624 | ---- | C] () -- C:\Windows\SysNative\Primomonnt.dll
[2010/02/15 23:51:58 | 003,848,192 | ---- | C] () -- C:\Users\Public\Documents\FHLMC Pricing Test Case Template_021510.doc
[2010/02/09 18:41:16 | 000,008,342 | ---- | C] () -- C:\Users\Public\Documents\Book1.xlsx
[2010/02/07 19:42:29 | 000,002,287 | ---- | C] () -- C:\Users\Public\Desktop\Panorama Maker 4.lnk
[2010/02/07 19:42:25 | 000,002,516 | ---- | C] () -- C:\Users\Public\Desktop\Media Impression.lnk
[2010/02/07 19:40:28 | 000,002,044 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO HD Edition.lnk
[2010/02/07 19:40:24 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2010/02/07 19:40:24 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2010/02/07 19:40:24 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2010/02/07 19:40:24 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2010/02/07 19:40:24 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2010/02/07 19:40:24 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2010/02/07 19:40:24 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2010/02/07 19:40:24 | 000,013,732 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_EN.cfg
[2010/02/07 19:40:24 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2010/02/07 19:40:24 | 000,006,442 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_IT.cfg
[2010/02/07 19:40:24 | 000,006,335 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_GE.cfg
[2010/02/07 19:40:24 | 000,006,195 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_CF.cfg
[2010/02/07 19:40:24 | 000,006,122 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_DU.cfg
[2010/02/07 19:40:24 | 000,006,103 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_ES.cfg
[2010/02/07 19:40:24 | 000,005,817 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_KO.cfg
[2010/02/07 19:40:24 | 000,005,436 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_SC.cfg
[2010/02/07 19:40:24 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2010/02/07 19:40:24 | 000,002,889 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_RU.cfg
[2010/02/07 19:40:24 | 000,002,426 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_TC.cfg
[2010/02/07 19:40:24 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2010/02/07 19:40:24 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2010/02/07 19:40:24 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2010/02/07 19:40:24 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2010/02/07 19:40:24 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2010/02/07 19:40:24 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2010/02/07 19:40:24 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2010/02/07 19:40:24 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2010/02/07 19:40:24 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2010/02/07 19:40:24 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2010/02/07 19:40:23 | 000,006,347 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_PT.cfg
[2010/02/07 19:40:23 | 000,006,347 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_BP.cfg
[2010/02/07 19:40:23 | 000,006,195 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_FR.cfg
[2010/02/06 22:55:07 | 000,001,859 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk
[2010/02/06 18:40:54 | 000,156,910 | ---- | C] () -- C:\Windows\WMSysPr8.prx
[2010/02/06 17:05:07 | 000,001,304 | ---- | C] () -- C:\Users\Brian\Desktop\AVS4YOU Software Navigator.lnk
[2010/02/02 21:12:35 | 000,000,141 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2009/07/30 21:58:42 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/07/28 12:06:48 | 000,014,344 | ---- | C] () -- C:\Windows\UN060501.INI
[2008/01/31 05:18:34 | 000,005,404 | ---- | C] () -- C:\Windows\UN070209.INI

========== LOP Check ==========

[2009/07/14 01:08:49 | 000,018,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/07/13 21:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/01/31 13:47:11 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/05/05 11:14:15 | 1939,922,943 | -HS- | M] () -- C:\hiberfil.sys
[2005/09/23 04:39:38 | 000,894,976 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2010/05/05 11:14:22 | 4018,221,055 | -HS- | M] () -- C:\pagefile.sys
[2008/11/14 07:04:13 | 000,000,361 | ---- | M] () -- C:\updatedatfix.log
[2009/12/25 21:29:06 | 000,000,026 | ---- | M] () -- C:\UpdaterforApp.ini

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/13 21:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtmsft.dll
[2009/07/13 21:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtrans.dll
[2009/08/29 02:59:32 | 011,406,336 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\wmp.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/29 18:34:53 | 000,142,592 | ---- | M] () -- C:\Windows\SysWOW64\drivers\sp_rsdrv2.sys

< >

< >
< End of report >


Extras.txt

OTL Extras logfile created on: 5/5/2010 12:54:05 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Brian\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 75.00% Memory free
15.00 Gb Paging File | 13.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 685.08 Gb Total Space | 382.34 Gb Free Space | 55.81% Space Free | Partition Type: NTFS
Drive D: | 13.41 Gb Total Space | 1.49 Gb Free Space | 11.14% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 931.28 Gb Total Space | 890.75 Gb Free Space | 95.65% Space Free | Partition Type: FAT32

Computer Name: HOMER
Current User Name: Brian
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Tools\Web Tools\Mozilla\Firefox\firefox.exe (Mozilla Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Tools\Web Tools\Mozilla\Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Tools\Web Tools\Mozilla\Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Productivity\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Productivity\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Tools\Web Tools\Mozilla\Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Tools\Web Tools\Mozilla\Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\Multimedia\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\Multimedia\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\Multimedia\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [OneNote.Open] -- C:\PROGRA~2\PRODUC~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Multimedia\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Multimedia\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Multimedia\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Productivity\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Productivity\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Tools\Web Tools\Mozilla\Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Tools\Web Tools\Mozilla\Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\Multimedia\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\Multimedia\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\Multimedia\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [OneNote.Open] -- C:\PROGRA~2\PRODUC~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Multimedia\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Multimedia\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Multimedia\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{20140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 (Beta)
"{20140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 (Beta)
"{20140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Beta)
"{4CE36E6A-300B-427C-BEC7-B261CC13814E}" = iTunes
"{877924AA-E044-4266-B37D-E974CD799934}" = Bonjour
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B0EFB716-085B-4564-8060-212E41F5CE50}" = Windows Live ID Sign-in Assistant
"{CA4AF936-3312-4AF4-A191-527531490DCD}" = Apple Mobile Device Support
"{F7513E19-6224-485E-988D-9BF45BE64B53}" = Windows Live Family Safety

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{20140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 (Beta)
"{20140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 (Beta)
"{20140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 (Beta)
"{20140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 (Beta)
"{20140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 (Beta)
"{20140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 (Beta)
"{20140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 (Beta)
"{20140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 (Beta)
"{20140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 (Beta)
"{20140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 (Beta)
"{20140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 (Beta)
"{20140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010 (Beta)
"{20140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 (Beta)
"{20140000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010 (Beta)
"{20140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 (Beta)
"{20140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 (Beta)
"{20140000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2010 (Beta)
"{20140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 (Beta)
"{20140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta)
"{20140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 (Beta)
"{20140000-011A-0000-0000-0000000FF1CE}" = Microsoft Office Send-a-Smile
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010 (Beta)
"{2266312B-3502-41EE-82CD-8DC62276D87B}" = Vz In Home Agent
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{25140000-0048-0409-0000-0000000FF1CE}" = Microsoft Outlook Hotmail Connector 32-bit (Beta)
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{376FA830-EAA2-012B-AD6B-000000000000}" = TurboTax 2009 whiiper
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{39940ED0-EAA2-012B-ADF1-000000000000}" = TurboTax 2009 wmdiper
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3D26C5D1-754D-4F42-AFAF-F7DDDD61B738}" = Verizon Media Manager
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO HD Edition
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E590A51C-4303-4A28-99DB-799FE1E25E0D}" = Xmarks for IE
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}" = Quicken 2009
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG9Uninstall" = AVG Free 9.0
"AVS Audio Converter 5.1_is1" = AVS Audio Converter version 5.1
"AVS Audio Editor_is1" = AVS Audio Editor version 5.2
"AVS Disc Creator_is1" = AVS Disc Creator version 3.5
"AVS DVD Authoring_is1" = AVS DVD Authoring
"AVS DVD Copy_is1" = AVS DVD Copy version 3.1
"AVS DVDMenu Editor_is1" = AVS DVDMenu Editor 1.2.1.20
"AVS Image Converter_is1" = AVS Image Converter 1.1.3.71
"AVS Media Player_is1" = AVS Media Player 3.1
"AVS Photo Editor_is1" = AVS Photo Editor
"AVS Registry Cleaner 1.1_is1" = AVS Registry Cleaner version 1.1
"AVS Ringtone Maker 1.6_is1" = AVS Ringtone Maker version 1.6
"AVS Slideshow Maker Beta_is1" = AVS Slideshow Maker
"AVS SystemInfo_is1" = AVS System Info
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Recorder_is1" = AVS Video Recorder 2.4
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"AVS4YOU Video Editor 4_is1" = AVS Video Editor 4
"AVS4YOU Video ReMaker_is1" = AVS Video ReMaker 2.4
"AVSCoverEditor_AVS4YOU_is1" = AVS Cover Editor 1.3.1.96 (AVS4YOU)
"AVSCoverEditor2_is1" = AVS Cover Editor 2.0.0.68
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CToolbar_UNINSTALL" = Crawler Toolbar with Web Security Guard
"ENTERPRISE" = Microsoft Office Enterprise 2007
"IObit Security 360_is1" = IObit Security 360
"Magic DVD Copier_is1" = Magic DVD Copier Version 4.9.3
"Magic DVD Ripper_is1" = Magic DVD Ripper V5.4.2
"MediaMonkey_is1" = MediaMonkey 3.2
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Office14.PRJPRO" = Microsoft Project Professional 2010
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Office14.VISIOR" = Microsoft Visio 2010
"Orb" = Winamp Remote
"PrimoPDF" = PrimoPDF -- by Nitro PDF Software
"Spyware Terminator_is1" = Spyware Terminator
"TurboTax 2009" = TurboTax 2009
"UN060501" = BUFFALO NAS Navigator
"UN070209" = Uninstall of File Security Tool
"Verizon Help and Support" = Verizon Help and Support Tool
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"XML Marker_is1" = XML Marker version 1.1
"Yahoo! Zimbra Desktop 1.0.3" = Yahoo! Zimbra Desktop 1.0.3

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/4/2010 8:53:11 PM | Computer Name = Homer | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13026

Error - 5/4/2010 8:53:12 PM | Computer Name = Homer | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/4/2010 8:53:12 PM | Computer Name = Homer | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 14024

Error - 5/4/2010 8:53:12 PM | Computer Name = Homer | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14024

Error - 5/4/2010 10:27:02 PM | Computer Name = Homer | Source = Desktop Window Manager | ID = 9020
Description = The Desktop Window Manager has encountered a fatal error (0x8898009b)

Error - 5/4/2010 10:27:11 PM | Computer Name = Homer | Source = Desktop Window Manager | ID = 9020
Description = The Desktop Window Manager has encountered a fatal error (0x8898009b)

Error - 5/5/2010 12:31:00 AM | Computer Name = Homer | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 5/5/2010 12:32:25 AM | Computer Name = Homer | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 5/5/2010 12:52:00 PM | Computer Name = Homer | Source = Desktop Window Manager | ID = 9020
Description = The Desktop Window Manager has encountered a fatal error (0x8898009b)

Error - 5/5/2010 12:52:01 PM | Computer Name = Homer | Source = Desktop Window Manager | ID = 9020
Description = The Desktop Window Manager has encountered a fatal error (0x8898009b)

[ Media Center Events ]
Error - 4/26/2010 7:44:15 PM | Computer Name = Homer | Source = MCUpdate | ID = 0
Description = 7:44:15 PM - Error connecting to the internet. 7:44:15 PM - Unable
to contact server..

Error - 4/26/2010 7:44:30 PM | Computer Name = Homer | Source = MCUpdate | ID = 0
Description = 7:44:20 PM - Error connecting to the internet. 7:44:20 PM - Unable
to contact server..

Error - 4/26/2010 8:44:37 PM | Computer Name = Homer | Source = MCUpdate | ID = 0
Description = 8:44:37 PM - Error connecting to the internet. 8:44:37 PM - Unable
to contact server..

Error - 4/26/2010 8:44:43 PM | Computer Name = Homer | Source = MCUpdate | ID = 0
Description = 8:44:42 PM - Error connecting to the internet. 8:44:42 PM - Unable
to contact server..

Error - 4/26/2010 9:44:49 PM | Computer Name = Homer | Source = MCUpdate | ID = 0
Description = 9:44:49 PM - Error connecting to the internet. 9:44:49 PM - Unable
to contact server..

Error - 4/26/2010 9:44:56 PM | Computer Name = Homer | Source = MCUpdate | ID = 0
Description = 9:44:54 PM - Error connecting to the internet. 9:44:54 PM - Unable
to contact server..

Error - 4/26/2010 10:45:02 PM | Computer Name = Homer | Source = MCUpdate | ID = 0
Description = 10:45:02 PM - Error connecting to the internet. 10:45:02 PM - Unable
to contact server..

Error - 4/26/2010 10:45:08 PM | Computer Name = Homer | Source = MCUpdate | ID = 0
Description = 10:45:07 PM - Error connecting to the internet. 10:45:07 PM - Unable
to contact server..

Error - 4/27/2010 4:46:25 AM | Computer Name = Homer | Source = MCUpdate | ID = 0
Description = 4:46:25 AM - Error connecting to the internet. 4:46:25 AM - Unable
to contact server..

Error - 4/27/2010 4:46:31 AM | Computer Name = Homer | Source = MCUpdate | ID = 0
Description = 4:46:30 AM - Error connecting to the internet. 4:46:30 AM - Unable
to contact server..

[ System Events ]
Error - 5/1/2010 11:30:16 AM | Computer Name = Homer | Source = Application Popup | ID = 1060
Description = \??\C:\ProgramData\Spyware Terminator\FileObjInfo.sys has been blocked
from loading due to incompatibility with this system. Please contact your software
vendor for a compatible version of the driver.

Error - 5/3/2010 11:15:34 AM | Computer Name = Homer | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 5/3/2010 11:15:34 AM | Computer Name = Homer | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 5/4/2010 7:47:47 PM | Computer Name = Homer | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 5/4/2010 7:47:47 PM | Computer Name = Homer | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 5/4/2010 10:27:03 PM | Computer Name = Homer | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 5/5/2010 11:14:33 AM | Computer Name = Homer | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:37:13 AM on ?5/?5/?2010 was unexpected.

Error - 5/5/2010 11:14:32 AM | Computer Name = Homer | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 5/5/2010 11:14:32 AM | Computer Name = Homer | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 5/5/2010 12:51:59 PM | Computer Name = Homer | Source = atikmdag | ID = 43029
Description = Display is not active


< End of report >
  • 0

#4
Gammo

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hi,

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\..\URLSearchHook: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files (x86)\Crawler\Toolbar\ctbr.dll (Crawler.com)
    FF - HKLM\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files (x86)\Crawler\Toolbar\firefox\ [2010/04/29 18:35:18 | 000,000,000 | ---D | M]
    O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files (x86)\Crawler\Toolbar\ctbr.dll (Crawler.com)
    O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files (x86)\Crawler\Toolbar\ctbr.dll (Crawler.com)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files (x86)\Crawler\Toolbar\ctbr.dll (Crawler.com)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O18:64bit: - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files (x86)\Crawler\Toolbar\ctbr.dll (Crawler.com)
    O32 - AutoRun File - [2008/11/05 13:19:36 | 000,000,052 | RHS- | M] () - L:\autorun.inf -- [ FAT32 ]
    [2010/04/29 18:34:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Crawler
    
    :Services
    
    :Reg
    
    :Files
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [emptyflash]
    [createrestorepoint]
    [reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once the program has loaded, click the "Update" tab and click the "Check For updates" button.
  • Once the updates were downloaded, click the "Scanner" tab, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

  • 0

#5
Gammo

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP