Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Certain programs not opening/windows explorer not responding

Started by sckathryn , Aug 18 2011 01:18 PM

  • Please log in to reply

#1
sckathryn
Posted 18 August 2011 - 01:18 PM

sckathryn

    Member

  • Member
  • PipPip
  • 58 posts
I am not sure if I have a virus or not that is making this happen. my computer seems to be running fine, but I do have an issue with certain programs not opening. i have wordperfect and firefox not wanting to opening. i will click on the icon and it will just sit there and try to load. also, the exe file is open in the task manager, but the program is just not opening.

I'll be happy to post this elsewhere if this is not a virus/malware issue.

thanks in advance so much!

ETA: i also have just installed a new printer. in the task manager, it says brstswnd.exe, which i thought was my brother printer. now, after i googled it, it seems like might be something else.

sorry, i'm adding my OTL log now...

OTL logfile created on: 8/18/2011 3:46:27 PM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\kat\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.84 Gb Available Physical Memory | 47.83% Memory free
3.75 Gb Paging File | 2.16 Gb Available in Paging File | 57.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 32.52 Gb Total Space | 3.21 Gb Free Space | 9.87% Space Free | Partition Type: NTFS
Drive D: | 32.25 Gb Total Space | 11.06 Gb Free Space | 34.29% Space Free | Partition Type: NTFS
Drive E: | 627.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: KATHRYN | User Name: kat | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/18 15:38:42 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\kat\Desktop\OTL.exe
PRC - [2011/08/18 14:57:08 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\kat\AppData\Local\temp\RtkBtMnt.exe
PRC - [2011/01/30 11:45:14 | 001,306,008 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
PRC - [2010/02/09 16:17:54 | 000,139,264 | R--- | M] () -- C:\Program Files\MioNet\MioNetManager.exe
PRC - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\BrYNSvc.exe
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/08/05 17:56:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/07/16 22:23:34 | 000,984,352 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2009/07/16 21:03:26 | 000,024,576 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/07/16 07:50:30 | 000,181,544 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer3\TeamViewer_Host.exe
PRC - [2008/07/09 23:38:22 | 000,131,072 | ---- | M] (Intuit, Inc.) -- C:\Program Files\Intuit\QuickBooks 2009\QBDBMgr.exe
PRC - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2008/01/19 03:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/19 03:38:32 | 000,319,544 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe
PRC - [2008/01/08 09:28:02 | 000,864,256 | ---- | M] (brother) -- C:\Program Files\Brownie\BrStsWnd.exe
PRC - [2007/08/03 11:10:00 | 000,394,856 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2007/07/12 00:22:04 | 000,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\MioNet\jvm\bin\MioNet.exe
PRC - [2007/04/24 22:17:34 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007/03/20 15:22:06 | 000,114,344 | ---- | M] ( ) -- C:\Program Files\Maxtor\Utils\SyncServices.exe
PRC - [2007/02/27 17:57:48 | 000,716,456 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Maxtor\ManagerApp\OneTouch.exe
PRC - [2007/02/09 09:35:54 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2007/02/08 13:40:00 | 000,013,312 | ---- | M] (HiTRUST co.) -- C:\Acer\Empowering Technology\eDSMSNfix.exe
PRC - [2007/02/07 03:04:26 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
PRC - [2007/02/07 03:04:16 | 000,464,168 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
PRC - [2007/01/31 21:18:42 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007/01/26 17:24:42 | 000,050,688 | ---- | M] () -- C:\Acer\ALaunch\ALaunchSvc.exe
PRC - [2007/01/24 13:27:42 | 000,319,488 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
PRC - [2007/01/10 19:20:34 | 000,462,848 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2007/01/09 22:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2007/01/09 08:02:08 | 000,483,328 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE
PRC - [2007/01/02 12:33:24 | 000,135,168 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2006/12/28 23:07:22 | 000,724,992 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNMTray.exe
PRC - [2006/12/28 23:07:22 | 000,126,976 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2006/12/22 17:43:18 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2006/12/01 01:37:00 | 004,186,112 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/11/24 15:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/17 10:19:11 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\4117485024b0f652b9fbb66ff5025896\System.Management.ni.dll
MOD - [2011/08/17 10:17:29 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\1cc11918d8dd561391bba05c61de7573\System.ServiceProcess.ni.dll
MOD - [2011/08/17 10:17:23 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c50d9d540acecdef29c31201e203a331\System.Windows.Forms.ni.dll
MOD - [2011/08/17 10:16:56 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d8d83838f9840bde901df516ba3de588\System.Drawing.ni.dll
MOD - [2011/08/17 10:16:53 | 011,804,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5aa9131000876de66160ff713b543d99\System.Web.ni.dll
MOD - [2011/08/17 10:16:44 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a6d889aa69fd51c100352f23c7cebd22\System.Runtime.Remoting.ni.dll
MOD - [2011/08/17 10:16:30 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\4c3cda96b8f12220da20f2f8d1b9439c\System.Xml.ni.dll
MOD - [2011/08/17 10:16:24 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29c6ef7f07d89496c72a1bbf718aed5d\System.Configuration.ni.dll
MOD - [2011/08/17 10:06:40 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll
MOD - [2011/08/17 10:06:33 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll
MOD - [2010/02/09 16:20:52 | 000,081,920 | R--- | M] () -- C:\Program Files\MioNet\WindowSourceDll2.dll
MOD - [2010/02/09 16:19:50 | 000,036,864 | R--- | M] () -- C:\Program Files\MioNet\WindowsUtil.dll
MOD - [2010/02/09 16:19:20 | 000,028,672 | R--- | M] () -- C:\Program Files\MioNet\RegistryDll.dll
MOD - [2010/02/09 16:19:06 | 000,045,056 | R--- | M] () -- C:\Program Files\MioNet\TrayIconDll.dll
MOD - [2009/03/23 21:30:33 | 000,270,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
MOD - [2007/04/24 22:17:38 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll
MOD - [2007/04/24 22:17:18 | 000,131,072 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll
MOD - [2007/04/24 22:17:08 | 000,966,656 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.View.dll
MOD - [2007/04/24 22:16:58 | 000,032,768 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll
MOD - [2007/02/07 02:56:30 | 000,028,672 | ---- | M] () -- C:\Windows\System32\BatchCrypto.dll
MOD - [2007/02/07 02:52:08 | 000,063,488 | ---- | M] () -- C:\Windows\System32\ShowErrMsg.dll
MOD - [2007/01/31 21:18:16 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll
MOD - [2007/01/24 13:27:40 | 000,057,344 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll
MOD - [2007/01/24 13:27:24 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll
MOD - [2007/01/10 16:23:10 | 000,245,760 | ---- | M] () -- C:\Acer\Empowering Technology\ePresentation\ePresentationCTL.dll
MOD - [2007/01/08 16:08:56 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2006/12/28 23:07:24 | 000,339,968 | ---- | M] () -- C:\Acer\Empowering Technology\eNet\eNMWidget.dll
MOD - [2006/12/28 23:07:22 | 000,237,568 | ---- | M] () -- C:\Acer\Empowering Technology\eNet\eNetPlugin.dll
MOD - [2006/12/22 19:37:30 | 000,724,992 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\eLockCTL.dll
MOD - [2006/09/04 13:41:14 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll
MOD - [2006/08/04 12:44:12 | 000,331,776 | ---- | M] () -- C:\Acer\Empowering Technology\scrollbarlib.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (81F88EAC)
SRV - [2010/02/09 16:17:54 | 000,139,264 | R--- | M] () [Auto | Running] -- C:\Program Files\MioNet\MioNetManager.exe -- (MioNet)
SRV - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Start_Pending] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/08/05 17:56:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/07/16 21:03:26 | 000,024,576 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/08/08 21:10:46 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/07/16 07:50:30 | 000,181,544 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer3\TeamViewer_Host.exe -- (TeamViewer)
SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/04/24 22:17:34 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/03/20 15:22:06 | 000,114,344 | ---- | M] ( ) [Auto | Running] -- C:\Program Files\Maxtor\Utils\SyncServices.exe -- (NTService1)
SRV - [2007/02/07 03:04:26 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007/01/31 21:18:42 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007/01/26 17:24:42 | 000,050,688 | ---- | M] () [Auto | Running] -- C:\Acer\ALaunch\ALaunchSvc.exe -- (ALaunchService)
SRV - [2007/01/09 22:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
SRV - [2007/01/09 22:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2007/01/09 22:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2007/01/09 22:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007/01/02 12:33:24 | 000,135,168 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2006/12/28 23:07:22 | 000,126,976 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2006/12/22 17:43:18 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2006/11/24 15:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)


========== Driver Services (SafeList) ==========

DRV - [2010/07/08 10:52:32 | 000,231,424 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2010/07/08 10:52:32 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser2_000.sys -- (NWUSBPort2_000) Novatel Wireless USB Status2 Port Driver (vGEN)
DRV - [2010/07/08 10:52:32 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser_000.sys -- (NWUSBPort_000) Novatel Wireless USB Status Port Driver (vGEN)
DRV - [2010/07/08 10:52:32 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbmdm_000.sys -- (NWUSBModem_000) Novatel Wireless USB Modem Driver (vGEN)
DRV - [2010/07/08 10:52:32 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2010/02/09 16:18:48 | 000,020,480 | R--- | M] (NT Kernel Resources) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndisrd.sys -- (Ndisrd)
DRV - [2009/12/08 13:06:23 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/07/02 15:13:26 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/05/11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/03/20 20:03:36 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/01/19 02:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/02/18 23:58:02 | 000,691,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/01/08 16:16:50 | 002,313,216 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/12/07 21:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006/11/28 20:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/12 22:02:00 | 000,076,928 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2006/11/12 22:02:00 | 000,062,208 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006/11/12 22:02:00 | 000,042,240 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006/11/02 03:30:56 | 000,047,104 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/04/06 14:05:24 | 000,015,360 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2002/09/06 12:08:00 | 000,016,896 | ---- | M] (First International Digital, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ir100.sys -- (ir100)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin: C:\Program Files\Musicnotes\npsibelius.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/23 10:51:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/23 10:51:18 | 000,000,000 | ---D | M]

[2010/11/17 16:54:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/12 18:19:54 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2011/04/12 18:19:54 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol500.dll
[2011/03/18 14:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/03/18 14:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2010/11/16 19:01:37 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [eDSMSNfix] C:\Acer\Empowering Technology\eDSMSNfix.exe (HiTRUST co.)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [MioNet] C:\Program Files\MioNet\MioNetLauncher.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: mercerhrs.com ([ibenefitcenter] https in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~1\GOOGLEDESKTOPNETWORK3.DLL) - File not found
O20 - AppInit_DLLs: (C:\WINDOWS\SYSTEM32\ENETHOOK.DLL) - C:\Windows\System32\eNetHook.dll (acer)
O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~1\GOOGLEDESKTOPNETWORK3.DLL) - File not found
O20 - AppInit_DLLs: (C:\WINDOWS\SYSTEM32\ENETHOOK.DLL) - C:\Windows\System32\eNetHook.dll (acer)
O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~1\GOOGLEDESKTOPNETWORK3.DLL) - File not found
O20 - AppInit_DLLs: (C:\WINDOWS\SYSTEM32\ENETHOOK.DLL) - C:\Windows\System32\eNetHook.dll (acer)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\kat\Pictures\254792005306_0_ALB.jpg
O24 - Desktop BackupWallPaper: C:\Users\kat\Pictures\254792005306_0_ALB.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/10/20 01:14:28 | 000,000,043 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{bf9bfb30-0248-11dc-8c0b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{bf9bfb30-0248-11dc-8c0b-806e6f6e6963}\Shell\AutoRun\command - "" = E:\start.exe -- [2010/04/01 04:40:27 | 002,052,921 | R--- | M] (Macromedia, Inc.)
O33 - MountPoints2\{d36fcd9b-ef64-11de-ac12-001b24329bdb}\Shell\AutoRun\command - "" = F:\install.bat
O33 - MountPoints2\{ef68143d-2c46-11df-a477-001b24329bdb}\Shell - "" = AutoRun
O33 - MountPoints2\{ef68143d-2c46-11df-a477-001b24329bdb}\Shell\AutoRun\command - "" = G:\VZAccess_Manager.exe /z detect
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\start.exe -- [2010/04/01 04:40:27 | 002,052,921 | R--- | M] (Macromedia, Inc.)
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\VZAccess_Manager.exe /z detect
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/18 15:38:37 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\kat\Desktop\OTL.exe
[2011/08/17 10:02:35 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/08/14 22:36:43 | 000,000,000 | ---D | C] -- C:\Users\kat\Documents\movingweek
[2011/08/14 22:16:26 | 000,000,000 | ---D | C] -- C:\Brother
[2011/08/14 22:16:11 | 000,000,000 | ---D | C] -- C:\Program Files\Browny02
[2011/08/14 22:16:05 | 000,103,736 | ---- | C] (Brother Industries Ltd) -- C:\Windows\System32\BRRBTOOL.EXE
[2011/08/14 22:16:03 | 000,025,299 | ---- | C] (Brother Industries, Ltd) -- C:\Windows\System32\BRLM03A.DLL
[2011/08/14 22:15:59 | 000,217,088 | ---- | C] (brother) -- C:\Windows\System32\NSSearch.dll
[2011/08/14 22:15:59 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\BrDctF2.dll
[2011/08/14 22:15:59 | 000,005,120 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\BrDctF2L.dll
[2011/08/14 22:15:59 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\BrDctF2S.dll
[2007/05/14 14:42:54 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[2007/03/16 09:18:48 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll

========== Files - Modified Within 30 Days ==========

[2011/08/18 15:38:42 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\kat\Desktop\OTL.exe
[2011/08/18 15:35:54 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/18 15:35:54 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/18 15:35:04 | 010,694,656 | R--- | M] () -- C:\Users\kat\Desktop\Bostrom reporting.QBW
[2011/08/18 15:35:04 | 000,851,968 | R--- | M] () -- C:\Users\kat\Desktop\Bostrom reporting.QBW.TLG
[2011/08/18 15:24:12 | 000,000,376 | ---- | M] () -- C:\Users\kat\Desktop\Bostrom reporting.QBW.nd
[2011/08/18 14:57:15 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/18 14:57:15 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/18 14:56:54 | 000,000,511 | ---- | M] () -- C:\Windows\Brownie.ini
[2011/08/18 14:56:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/18 14:26:17 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/08/17 20:12:45 | 000,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2011/08/17 19:50:16 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{851913E1-76B5-4916-B2F4-A87DCD5A7737}.job
[2011/08/16 22:04:41 | 000,082,466 | ---- | M] () -- C:\Users\kat\Documents\youngkevin.wpd
[2011/08/14 22:18:30 | 000,001,925 | ---- | M] () -- C:\Users\Public\Desktop\Brother Creative Center.lnk
[2011/08/14 10:28:52 | 000,006,499 | ---- | M] () -- C:\Users\kat\Documents\SCWCC JUDICIAL DEPARTMENTFULL COMMISSION CALL SHEETTime.wpd
[2011/08/07 13:55:48 | 000,707,072 | ---- | M] () -- C:\Users\kat\Desktop\Bostrom reporting (Portable).QBM
[2011/08/04 14:33:40 | 000,072,913 | ---- | M] () -- C:\Users\kat\Documents\young.wpd
[2011/08/04 13:46:47 | 000,062,548 | ---- | M] () -- C:\Users\kat\Documents\MICHNIAK.wpd
[2011/08/01 14:46:10 | 000,070,074 | ---- | M] () -- C:\Users\kat\Documents\MICHNIAKS.wpd
[2011/08/01 14:16:20 | 000,011,444 | ---- | M] () -- C:\Users\kat\Documents\tempoconsent.wpd
[2011/07/29 13:20:22 | 000,010,181 | ---- | M] () -- C:\Users\kat\Documents\REYESA.wpd
[2011/07/29 12:08:31 | 000,004,199 | ---- | M] () -- C:\Users\kat\Documents\july2011.kathrynbostrom.rtf
[2011/07/26 21:09:40 | 000,057,229 | ---- | M] () -- C:\Users\kat\Documents\UPTONR.wpd
[2011/07/26 13:51:19 | 000,057,651 | ---- | M] () -- C:\Users\kat\Documents\lowery.wpd
[2011/07/25 15:46:36 | 000,057,154 | ---- | M] () -- C:\Users\kat\Documents\STEWART.wpd
[2011/07/22 22:19:31 | 000,181,273 | ---- | M] () -- C:\Users\kat\Documents\ALLENS.wpd
[2011/07/19 16:17:21 | 000,057,575 | ---- | M] () -- C:\Users\kat\Documents\GARYM.wpd

========== Files Created - No Company Name ==========

[2011/08/14 22:18:30 | 000,001,925 | ---- | C] () -- C:\Users\Public\Desktop\Brother Creative Center.lnk
[2011/08/14 22:16:07 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2011/08/14 22:16:01 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADM10A.DAT
[2011/08/14 10:28:52 | 000,006,499 | ---- | C] () -- C:\Users\kat\Documents\SCWCC JUDICIAL DEPARTMENTFULL COMMISSION CALL SHEETTime.wpd
[2011/08/11 14:46:58 | 000,082,466 | ---- | C] () -- C:\Users\kat\Documents\youngkevin.wpd
[2011/08/07 13:59:41 | 000,851,968 | R--- | C] () -- C:\Users\kat\Desktop\Bostrom reporting.QBW.TLG
[2011/08/07 13:59:38 | 000,000,376 | ---- | C] () -- C:\Users\kat\Desktop\Bostrom reporting.QBW.nd
[2011/08/07 13:59:37 | 010,694,656 | R--- | C] () -- C:\Users\kat\Desktop\Bostrom reporting.QBW
[2011/08/07 13:55:41 | 000,707,072 | ---- | C] () -- C:\Users\kat\Desktop\Bostrom reporting (Portable).QBM
[2011/08/01 14:47:00 | 000,062,548 | ---- | C] () -- C:\Users\kat\Documents\MICHNIAK.wpd
[2011/07/31 13:55:42 | 000,070,074 | ---- | C] () -- C:\Users\kat\Documents\MICHNIAKS.wpd
[2011/07/29 13:20:22 | 000,010,181 | ---- | C] () -- C:\Users\kat\Documents\REYESA.wpd
[2011/07/26 12:57:10 | 000,004,199 | ---- | C] () -- C:\Users\kat\Documents\july2011.kathrynbostrom.rtf
[2011/07/25 21:16:48 | 000,072,913 | ---- | C] () -- C:\Users\kat\Documents\young.wpd
[2011/07/25 21:16:08 | 000,057,651 | ---- | C] () -- C:\Users\kat\Documents\lowery.wpd
[2011/07/25 15:46:36 | 000,057,154 | ---- | C] () -- C:\Users\kat\Documents\STEWART.wpd
[2011/07/22 14:55:35 | 000,057,229 | ---- | C] () -- C:\Users\kat\Documents\UPTONR.wpd
[2011/07/20 13:57:00 | 000,181,273 | ---- | C] () -- C:\Users\kat\Documents\ALLENS.wpd
[2010/11/17 16:55:11 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/09/16 21:52:46 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/16 21:52:46 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/12 15:05:06 | 000,007,376 | ---- | C] () -- C:\Users\kat\AppData\Local\d3d9caps.dat
[2009/04/02 22:09:21 | 000,006,550 | ---- | C] () -- C:\Windows\jautoexp.dat
[2009/04/02 22:07:37 | 000,098,136 | ---- | C] () -- C:\Windows\gzip.exe
[2009/03/31 22:54:52 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/03/31 22:54:51 | 000,000,034 | ---- | C] () -- C:\Windows\System32\bd2170w.dat
[2009/03/31 22:53:57 | 000,000,146 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2009/03/31 22:53:57 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2009/03/31 22:53:06 | 000,000,114 | ---- | C] () -- C:\Windows\System32\brlmw03a.ini
[2009/03/31 22:53:05 | 000,009,853 | ---- | C] () -- C:\Windows\HL-2170W.INI
[2009/03/31 22:52:08 | 000,000,511 | ---- | C] () -- C:\Windows\Brownie.ini
[2009/03/23 21:23:40 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2009/01/27 04:02:13 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/12/06 00:28:54 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
[2007/10/24 14:16:12 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/10/23 22:29:33 | 000,026,624 | ---- | C] () -- C:\Users\kat\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/07/21 07:11:06 | 000,000,037 | ---- | C] () -- C:\Windows\Acer.ini
[2007/05/14 14:42:54 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2007/05/14 14:26:47 | 000,000,030 | ---- | C] () -- C:\Windows\SETPANEL.INI
[2007/05/14 14:26:45 | 000,000,094 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2007/03/16 10:42:18 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007/03/16 09:34:22 | 000,198,144 | ---- | C] () -- C:\Windows\System32\_psisdecd.dll
[2007/03/16 09:25:09 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2007/03/16 09:25:09 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2007/03/16 09:24:17 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2007/03/16 09:18:48 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007/03/16 09:04:02 | 000,356,352 | ---- | C] () -- C:\Windows\EMCRI.dll
[2007/03/16 07:24:01 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2007/03/16 07:24:01 | 000,145,112 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007/03/16 07:23:47 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/02/07 02:58:10 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007/02/07 02:57:58 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007/02/07 02:57:20 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007/02/07 02:56:30 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007/02/07 02:56:28 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007/02/07 02:52:08 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006/12/25 18:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006/11/13 08:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,410,376 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/12/26 18:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 01:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 18:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 00:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2011/08/18 14:29:23 | 000,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/08/17 19:50:16 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{851913E1-76B5-4916-B2F4-A87DCD5A7737}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\kat\Documents\TGTS7.pdf:Roxio EMC Stream

< End of report >

and here is the extra.txt file

OTL Extras logfile created on: 8/18/2011 3:46:27 PM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\kat\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.84 Gb Available Physical Memory | 47.83% Memory free
3.75 Gb Paging File | 2.16 Gb Available in Paging File | 57.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 32.52 Gb Total Space | 3.21 Gb Free Space | 9.87% Space Free | Partition Type: NTFS
Drive D: | 32.25 Gb Total Space | 11.06 Gb Free Space | 34.29% Space Free | Partition Type: NTFS
Drive E: | 627.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: KATHRYN | User Name: kat | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.pif [@ = piffile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09952930-6E77-48D1-A807-212171A14C96}" = lport=1706 | protocol=6 | dir=in | name=mionet remote drive access 6 |
"{145C3B4A-0811-4A7B-8349-2458840BCAE3}" = lport=1705 | protocol=6 | dir=in | name=mionet remote drive access 5 |
"{21595FEE-B9AB-41D1-A152-88CA88C5326B}" = lport=5432 | protocol=17 | dir=in | name=mionet storage device discovery |
"{3314211B-73EF-42CB-8056-ABE38CFEE894}" = lport=1700 | protocol=6 | dir=in | name=mionet remote drive access 0 |
"{33E13381-29BC-495A-AB6D-EB8CB4667BF8}" = lport=1702 | protocol=6 | dir=in | name=mionet remote drive access 2 |
"{40F9DE04-390F-404D-9836-C34A31D8E697}" = lport=1707 | protocol=6 | dir=in | name=mionet remote drive access 7 |
"{55C7EDB5-854C-456B-8BEB-8C30C6219E60}" = lport=1703 | protocol=6 | dir=in | name=mionet remote drive access 3 |
"{6D4CB0AC-7EEC-4DE6-A6C8-8ECE775F4033}" = lport=1704 | protocol=6 | dir=in | name=mionet remote drive access 4 |
"{A0B95D84-42C3-4212-8D7A-0BB64B05C87F}" = lport=1641 | protocol=6 | dir=in | name=mionet remote drive verification |
"{AB547E0F-F21B-4234-983A-871B2BDC48F7}" = lport=1701 | protocol=6 | dir=in | name=mionet remote drive access 1 |
"{B694B247-B11B-4980-B1BA-49E20CF28EB7}" = lport=1647 | protocol=6 | dir=in | name=mionet storage device configuration |
"{D7FBD36F-0184-4608-B9C2-6D603C5C2BA2}" = lport=1709 | protocol=6 | dir=in | name=mionet remote drive access 9 |
"{EFCDC14C-FA50-4C4C-9D6F-AB2EEE253868}" = lport=1708 | protocol=6 | dir=in | name=mionet remote drive access 8 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0066FCD5-1018-4B78-9EF7-AC6E08569ADB}" = protocol=17 | dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\mce deluxe suite.exe |
"{06F35D3F-13FD-45F4-B383-2169BC1403A6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{251B51D5-355C-4549-B047-F5192B3C1B8D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2DD39A62-200E-4694-AAB3-ABB97988C394}" = protocol=6 | dir=in | app=c:\program files\mionet\jvm\bin\mionet.exe |
"{4157219E-2390-443A-ACE5-F282C885ECEE}" = protocol=6 | dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\mce deluxe suite.exe |
"{6A93ECA1-AFB4-4E4C-9331-CAC21AF2077E}" = protocol=17 | dir=in | app=c:\program files\mionet\mionetmanager.exe |
"{B8DDD7E4-88F0-4538-9840-889079793C44}" = protocol=6 | dir=in | app=c:\program files\mionet\mionetmanager.exe |
"{FA711A15-DDFA-49D4-BD97-828CC0ECC531}" = protocol=17 | dir=in | app=c:\program files\mionet\jvm\bin\mionet.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07AA014C-25AF-468A-BBC3-E7AF5FB3BE24}" = Brother HL-2170W
"{0BE8E6DE-BCCD-645F-781A-E25D46523C69}" = Catalyst Control Center Localization Chinese Standard
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{12BC816B-8F68-CAB4-867E-FA0FEF15FB36}" = ccc-core-static
"{1947BE8A-015E-054A-4C2B-2D1F70594DD4}" = CCC Help Japanese
"{1B182EF5-011E-A0EC-D22F-8D279763A921}" = ccc-utility
"{1B5D82CA-77FD-44A9-8F98-7691AC40706A}" = DigiWare
"{1D4B8F37-30C6-F67B-A812-60CBCE6471D8}" = Catalyst Control Center Core Implementation
"{1EF76089-FEEC-9FEA-AE75-E67BF9015F8B}" = Catalyst Control Center Localization German
"{234C4E43-A53D-435A-A8EA-13A7CB21816F}" = Catalyst Control Center Localization Arabic
"{24256DFB-ECCE-45D3-3A6C-33FC947AFC6A}" = CCC Help Spanish
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{2DADCB1C-D758-AB6A-D523-A6F021BD32B4}" = CCC Help Korean
"{305C7D69-18C1-5219-E6AF-09F4AB2B470A}" = CCC Help Chinese Traditional
"{32655698-54AE-0061-A662-2EC34B7E5F24}" = CCC Help German
"{35F63BBB-0D00-FD76-96C6-66D9B4126788}" = Catalyst Control Center Localization Arabic
"{36F0C5CD-C50B-F098-22F1-E1822B83F008}" = CCC Help English
"{38126AC8-D7B0-7DA1-CBB0-30E56AE0F428}" = Catalyst Control Center Localization Arabic
"{3864FA17-51A6-7CBB-EB67-84A6B9BE6867}" = CCC Help Swedish
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3BE5D166-0AC6-E8F6-DB61-BB32BDD418C4}" = Catalyst Control Center Graphics Light
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D7A11F6-72F6-DFB3-05CF-9A6D0336251E}" = Catalyst Control Center Localization Greek
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{507F635D-CCB8-B8E1-9278-8B4AC1D43DC9}" = Catalyst Control Center Localization Italian
"{50CE6FB8-23DF-42B1-98CE-AA17A0905C7A}" = Learning QuickBooks 2009
"{5228179A-6DA6-12F1-1287-322E38FFEBCA}" = CCC Help Turkish
"{53AF3638-DDB4-4755-B3DC-259981689DB7}" = MioNet
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5E0B99FE-DA5E-A31F-EDB8-62605F2292A6}" = Catalyst Control Center Localization Chinese Traditional
"{5E513EF7-69F4-E458-E777-7BBACB7FAE0D}" = CCC Help Dutch
"{61A1E611-2039-E14F-7842-6BF89370DDC1}" = Catalyst Control Center Localization Korean
"{630CC87A-57A3-45DC-A5A4-08CE98E0BCB7}" = Branding
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67820D1D-7387-F081-D90C-EE12D28BCF00}" = CCC Help Portuguese
"{68A0D07E-0F93-AAB4-9F79-184CA54963DE}" = Catalyst Control Center Localization Arabic
"{6B3AD9C7-9B15-881E-B132-B924334DE57C}" = Catalyst Control Center Localization Arabic
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F74557B-9B57-A942-235D-EEC40FA5009A}" = CCC Help French
"{70A23B86-F5C9-FD1C-1F1B-FB37715442DB}" = Catalyst Control Center Localization French
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7641FD7D-E94E-424E-A95C-0593C84DC0C0}" = VZAccess Manager
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{788261EE-204C-BE01-F02D-51B89A1BB929}" = Catalyst Control Center Localization Spanish
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B577E09-C0C6-7C31-7E3B-9EAE6D2F477B}" = CCC Help Thai
"{7FFDACF9-FB80-B850-FD13-9282CBEDB146}" = CCC Help Russian
"{80A6D4BB-63C1-3DFD-DA6E-EE690812284D}" = Catalyst Control Center Graphics Full Existing
"{849E535E-9603-8142-9B2C-4EE38DEE8008}" = CCC Help Danish
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86E3BF8E-5F49-F4CD-3B82-B91A73B0BC74}" = Catalyst Control Center Localization Arabic
"{8765A391-F170-107B-7893-8529F226672E}" = CCC Help Czech
"{882181E4-9102-A1C0-27B3-56A83C363583}" = Catalyst Control Center Graphics Previews Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E4FF8EF-94E3-E9F8-B01D-31082ED9EED2}" = CCC Help Italian
"{90C5B334-AC20-C1C4-8C3C-BF74A3087D03}" = CCC Help Finnish
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{94C8432D-9C75-03E9-3AB0-C5B0709D95CF}" = Catalyst Control Center Localization Finnish
"{95BFF219-80F6-AD1D-22F9-A1722A37055D}" = Catalyst Control Center Graphics Full New
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A2F0810-3622-4E86-9072-973FBE1679C5}" = QuickBooks Pro 2009
"{9A2F0810-369F-4E86-9072-973FBE1679C5}" = QuickBooks
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CB7F92D-B82D-4A51-5551-33F6E967E5F8}" = CCC Help Chinese Standard
"{A51080B6-6564-3246-F105-01CD96B6CA27}" = Catalyst Control Center Localization Hungarian
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B607E77A-5B42-BA12-F51E-433C7370D376}" = Catalyst Control Center Localization Czech
"{B695C12D-427E-7E00-2EF8-00EE77E58DA0}" = CCC Help Greek
"{B8BCC092-DCD1-A3CF-9A24-1A96C7E44F0F}" = Skins
"{BB6928B4-1C6F-695E-2EF3-4AC539B077FA}" = Catalyst Control Center Localization Arabic
"{BBB34DD8-A775-548B-B87E-7C493A364918}" = CCC Help Norwegian
"{BCBC2A14-9AD7-E067-B925-D400B945B0C5}" = ccc-localization-da
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{DB75941E-30C4-4D97-B000-D17C764B998C}" = Brother BRAdmin Light 1.11
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E2A97415-BD97-4867-B906-05E39E9EE51F}" = HL-2270DW
"{E8C95FCB-88B3-B83D-E825-0CEDE5135940}" = Catalyst Control Center Localization Japanese
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F19553C5-F843-4C27-BF9F-9DE4D901B895}" = Verizon Mobile Broadband Drivers
"{F23C105B-582C-8A9F-88F2-B5E9B1124C4B}" = CCC Help Polish
"{F362902D-BC94-4187-8960-3B51F55B2EB0}" = Verizon Wireless USB760 Firmware Updates
"{F463F699-2B14-2B53-C7CC-0B7F220F7450}" = Catalyst Control Center Localization Arabic
"{FDFA99CA-B5F9-13EF-8DCA-58257C3CED79}" = CCC Help Hungarian
"{FF268652-B3E8-494F-8343-1FC6DD0FF523}" = Maxtor OneTouch III
"7-Zip" = 7-Zip 4.57
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATI Uninstaller" = ATI Uninstaller
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"Express" = Express Dictate
"GridVista" = Acer GridVista
"Homestead SiteBuilder" = Homestead SiteBuilder
"InstallShield_{FF268652-B3E8-494F-8343-1FC6DD0FF523}" = Maxtor OneTouch III
"Learning QuickBooks 2009" = Learning QuickBooks 2009
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.5.5
"OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
"Scribe" = Express Scribe
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 3" = TeamViewer 3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/18/2011 3:23:45 PM | Computer Name = kathryn | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 8/18/2011 3:23:45 PM | Computer Name = kathryn | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 8/18/2011 3:23:45 PM | Computer Name = kathryn | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 8/18/2011 3:23:45 PM | Computer Name = kathryn | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 8/18/2011 3:24:05 PM | Computer Name = kathryn | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2009": Connection
Error:Invalid user ID or passwo

Error - 8/18/2011 3:24:05 PM | Computer Name = kathryn | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2009": Connection
String:CON=QBConnectionPool-Probe-QB_data_engine_19; ;DBF=C:\Users\kat\Desktop\Bostrom
reporting.QBW;ENG=QB_data_engine_19;DBN=df5dc6e2e8734b7dabd8a25c94a6a2

Error - 8/18/2011 3:24:05 PM | Computer Name = kathryn | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2009": DBConnPool::HandleConnectionError
errorCode:-6069, dbCode:-103 from file:'.\.\src\ConnPool.cpp' at line 994 from
function:'DBMgr::DBConnPool::ini

Error - 8/18/2011 3:24:24 PM | Computer Name = kathryn | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2009": An attempt
to LogOff without a logo

Error - 8/18/2011 3:35:02 PM | Computer Name = kathryn | Source = Application Hang | ID = 1002
Description = The program qbw32.exe version 19.0.4008.703 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: c90 Start Time: 01cc5ddc4efe1bf2 Termination Time: 63

Error - 8/18/2011 3:42:08 PM | Computer Name = kathryn | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.26.5 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 1868 Start Time: 01cc5dde800ccdd6 Termination Time: 15

[ System Events ]
Error - 8/18/2011 2:39:03 PM | Computer Name = kathryn | Source = Service Control Manager | ID = 7001
Description =

Error - 8/18/2011 2:39:03 PM | Computer Name = kathryn | Source = Service Control Manager | ID = 7001
Description =

Error - 8/18/2011 2:39:14 PM | Computer Name = kathryn | Source = Service Control Manager | ID = 7001
Description =

Error - 8/18/2011 2:39:16 PM | Computer Name = kathryn | Source = DCOM | ID = 10005
Description =

Error - 8/18/2011 2:39:17 PM | Computer Name = kathryn | Source = DCOM | ID = 10005
Description =

Error - 8/18/2011 2:39:18 PM | Computer Name = kathryn | Source = Service Control Manager | ID = 7001
Description =

Error - 8/18/2011 2:39:48 PM | Computer Name = kathryn | Source = Service Control Manager | ID = 7001
Description =

Error - 8/18/2011 2:45:23 PM | Computer Name = kathryn | Source = DCOM | ID = 10005
Description =

Error - 8/18/2011 2:48:10 PM | Computer Name = kathryn | Source = Service Control Manager | ID = 7001
Description =

Error - 8/18/2011 2:56:46 PM | Computer Name = kathryn | Source = Print | ID = 54
Description = Document Intuit failed to print and was deleted because of corruption
in the spooled file. The associated driver is: Brother HL-2170W series. Try printing
the document again.


< End of report >

Edited by sckathryn, 18 August 2011 - 02:10 PM.

  • 0

Advertisements

#2
RKinner
Posted 19 August 2011 - 11:17 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
brstswnd.exe is a brother printer program. Nothing to worry about.

What I see in your logs is that you have both Symantec and Avira running. This can cause all sorts of odd problems.

First:
1. Open Avira AntiVir Personal. (There is likely an icon on your desktop, or in your system tray by the clock.)
2. Click the "Configuration" link on the main screen. This opens the configuration panel.
3. Check the "Expert mode" option.
4. Click on General > Security.
5. *Uncheck* the option titled "Protect files and registry entries from manipulation".
6. Click the "OK" button.

Second:

Uninstall Symantec then Download and Save the norton removal tool
ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe

Right click on the Norton Removal tool and Run As Administrator.

Reboot.

Third.
Let's clean up some deadwood:

Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml


Uninstall
McAfee Security Scan Plus
Java™ 6 Update 22
Coupon Printer for Windows

Copy the text in the code box by highlighting and Ctrl + c 


:processes
killallprocesses

:Services
81F88EAC

:OTL
SRV - File not found [On_Demand | Stopped] -- -- (81F88EAC)
DRV - [2009/07/02 15:13:26 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
SRV - [2007/01/09 22:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
SRV - [2007/01/09 22:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2007/01/09 22:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2007/01/09 22:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
[2011/04/12 18:19:54 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2011/04/12 18:19:54 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol500.dll
[2011/03/18 14:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/03/18 14:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~1\GOOGLEDESKTOPNETWORK3.DLL) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~1\GOOGLEDESKTOPNETWORK3.DLL) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~1\GOOGLEDESKTOPNETWORK3.DLL) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O33 - MountPoints2\{bf9bfb30-0248-11dc-8c0b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{bf9bfb30-0248-11dc-8c0b-806e6f6e6963}\Shell\AutoRun\command - "" = E:\start.exe -- [2010/04/01 04:40:27 | 002,052,921 | R--- | M] (Macromedia, Inc.)
O33 - MountPoints2\{d36fcd9b-ef64-11de-ac12-001b24329bdb}\Shell\AutoRun\command - "" = F:\install.bat
O33 - MountPoints2\{ef68143d-2c46-11df-a477-001b24329bdb}\Shell - "" = AutoRun
O33 - MountPoints2\{ef68143d-2c46-11df-a477-001b24329bdb}\Shell\AutoRun\command - "" = G:\VZAccess_Manager.exe /z detect
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\start.exe -- [2010/04/01 04:40:27 | 002,052,921 | R--- | M] (Macromedia, Inc.)
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\VZAccess_Manager.exe /z detect

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
sc config LiveUpdate Notice Ex start= disabled /c
sc config LiveUpdate Notice Service start= disabled /c
sc config CLTNetCnService= disabled /c
sc config ccSetMgr start= disabled /c
sc config ccEvtMgrr start= disabled /c
C:\Program Files\Common Files\Symantec Shared
c:\windows\system32\81F88EAC.exe
   
:Commands
[RESETHOSTS]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top. Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Let's run some scans to make sure (I see you have been here before so some of these should be familiar to you.)

If one of the following will not run then just skip to the next one then go back and try the things that wouldn't run again after finishing the others.

Fourth.
Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

Fifth.

ComboFix

You must first uninstall AVG before running Combofix then download and run the AVG removal tool.
http://download.avg....6_2011_1322.exe

:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Sixth.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Seventh.

Download aswMBR.exe ( 511KB ) to your desktop.

Right click and Run As Administrator the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply
Posted Image

Eighth.
A.
1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

B.
Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.

C.
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

D.
sigverif

Press Start in the new window. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)

E.
1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP