Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Freezing problem


  • This topic is locked This topic is locked
34 replies to this topic

#1 glvic

glvic

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:19 AM

Posted 14 February 2011 - 02:14 PM

Hello,
my name is Glen, and this is my first post. I have been having an issue with my computer. Occasionally, it will freeze up which is really annoying. If anyone can help me fix this problem, I will be really greatful. And thanks for your time.


the DDS log......



DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Glen at 12:45:16.06 on Mon 02/14/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.9207.7349 [GMT -8:00]

AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files (x86)\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
C:\Users\Glen\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Glen\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.bing.com/?pc=AVBR
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
uSearch Page = hxxp://www.bing.com/?pc=AVBR
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: AutorunsDisabled - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\IPS\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll
StartupFolder: C:\Users\Glen\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Glen\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?40267.3482060185
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Glen\AppData\Roaming\Mozilla\Firefox\Profiles\hi52wgxi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://gamebox.my-quick-search.com/search.aspx?srch=ku&q=
FF - component: C:\Program Files (x86)\Google\Google Gears\Firefox\lib\ff36\gears.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\components\IPSFFPl.dll
FF - component: C:\Users\Glen\AppData\Roaming\Mozilla\Firefox\Profiles\hi52wgxi.default\extensions\gamebox@toolbar\components\toolbarhomewmp.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Users\Glen\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: GameBox: gamebox@toolbar - %profile%\extensions\gamebox@toolbar
FF - Ext: FastestFox: smarterwiki@wikiatic.com - %profile%\extensions\smarterwiki@wikiatic.com
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - C:\Program Files (x86)\Google\Google Gears\Firefox
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============

R0 DiskSec;Magix Volume Filter Driver;C:\Windows\System32\drivers\disksec.sys [2010-2-9 27616]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1205000.07D\symds64.sys [2010-12-27 450608]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1205000.07D\symefa64.sys [2010-12-27 802864]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110114.001\BHDrvx64.sys [2011-1-18 953904]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110211.002\IDSviA64.sys [2011-2-11 476792]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1205000.07D\ironx64.sys [2010-12-27 171128]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1205000.07D\symnets.sys [2010-12-27 382072]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-11-24 202752]
R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-8-27 1253376]
R2 HPBtnSrv;HP Easy Backup Button Service;C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2009-11-24 192512]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-9-7 13336]
R2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [2010-3-10 86016]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccsvchst.exe [2010-12-27 130000]
R2 TabletServiceWacom;TabletServiceWacom;C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe [2010-10-28 5671792]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atipmdag.sys [2010-3-10 6403072]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-3-10 188928]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y62x64.sys [2009-11-24 287960]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-2-12 132656]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2007-2-3 58528]
R3 t3;Sound Blaster X-Fi Xtreme Audio;C:\Windows\System32\drivers\t3.sys [2009-11-24 639512]
S2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1ca8d02323ccc40;Google Update Service (gupdate1ca8d02323ccc40);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-3 133104]
S3 androidusb;ADB Interface Driver;C:\Windows\System32\drivers\androidusb.sys [2010-4-29 32768]
S3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);C:\Windows\System32\drivers\CamDrL64.sys [2007-2-3 955680]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-11-24 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-11-24 79360]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-8-7 3276800]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-12-3 1436424]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 S3XXx64;SCR3xx USB SmartCardReader64;C:\Windows\System32\drivers\S3XXx64.sys [2010-1-6 68224]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2010-10-28 18288]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-2-28 1255736]

=============== File Associations ===============

regfile="regedit.exe" "%1"

=============== Created Last 30 ================

2011-02-14 18:56:02 388096 ----a-r- C:\Users\Glen\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-02-14 18:56:02 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-02-13 01:40:06 -------- d-----w- C:\PROGRA~3\Backup
2011-02-11 21:18:48 -------- d-----w- C:\PROGRA~3\RegInOut
2011-02-11 21:18:46 -------- d-----w- C:\Windows\RegInOut System Utilities
2011-02-03 17:55:18 108313 ----a-w- C:\Windows\The Setup Machine for Maya 2010 Uninstaller.exe
2011-02-03 17:34:15 128324 ----a-w- C:\Windows\The Face Machine for Maya 2011 (64-bit edition) Uninstaller.exe
2011-02-03 17:27:04 107344 ----a-w- C:\Windows\The Setup Machine for Maya 2010 (64-bit edition) Uninstaller.exe

==================== Find3M ====================

2011-01-26 06:53:10 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-01-26 06:53:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2011-01-26 06:31:20 144384 ----a-w- C:\Windows\System32\cdd.dll
2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll
2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-01-05 06:20:30 612352 ----a-w- C:\Windows\System32\vbscript.dll
2011-01-05 05:37:33 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys
2010-12-21 06:16:27 97280 ----a-w- C:\Windows\System32\wscsvc.dll
2010-12-21 06:16:27 62976 ----a-w- C:\Windows\System32\wscapi.dll
2010-12-21 06:16:16 214016 ----a-w- C:\Windows\System32\winsrv.dll
2010-12-21 06:16:14 442880 ----a-w- C:\Windows\System32\winhttp.dll
2010-12-21 06:16:14 1197056 ----a-w- C:\Windows\System32\wininet.dll
2010-12-21 06:16:09 258048 ----a-w- C:\Windows\System32\WebClnt.dll
2010-12-21 06:15:55 264192 ----a-w- C:\Windows\System32\upnp.dll
2010-12-21 06:15:31 15360 ----a-w- C:\Windows\System32\slwga.dll
2010-12-21 06:13:03 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2010-12-21 06:13:03 1880576 ----a-w- C:\Windows\System32\msxml3.dll
2010-12-21 06:10:22 100864 ----a-w- C:\Windows\System32\davclnt.dll
2010-12-21 05:38:24 51200 ----a-w- C:\Windows\SysWow64\wscapi.dll
2010-12-21 05:38:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-12-21 05:38:22 350720 ----a-w- C:\Windows\SysWow64\winhttp.dll
2010-12-21 05:38:21 204800 ----a-w- C:\Windows\SysWow64\WebClnt.dll
2010-12-21 05:38:19 204288 ----a-w- C:\Windows\SysWow64\upnp.dll
2010-12-21 05:38:16 14336 ----a-w- C:\Windows\SysWow64\slwga.dll
2010-12-21 05:36:17 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2010-12-21 05:36:16 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2010-12-21 05:34:12 80384 ----a-w- C:\Windows\SysWow64\davclnt.dll
2010-12-18 06:11:41 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-12-18 06:11:34 714752 ----a-w- C:\Windows\System32\kerberos.dll
2010-12-18 05:29:40 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-12-18 05:29:31 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
2010-12-18 04:55:03 482816 ----a-w- C:\Windows\System32\html.iec
2010-12-18 04:20:55 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-12-18 04:13:40 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-12-18 03:47:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-12-13 21:51:58 174640 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2010-12-01 05:24:00 382072 ----a-w- C:\Windows\System32\drivers\NISx64\1205000.07D\symnets.sys
2010-11-23 04:08:32 735864 ----a-w- C:\Windows\System32\drivers\NISx64\1205000.07D\srtsp64.sys
2010-11-23 04:08:32 40568 ----a-w- C:\Windows\System32\drivers\NISx64\1205000.07D\srtspx64.sys
2010-11-18 02:59:55 802864 ----a-w- C:\Windows\System32\drivers\NISx64\1205000.07D\symefa64.sys
2009-05-15 05:02:10 3392872 ----a-w- C:\Program Files (x86)\Common Files\adlmint_libFNP.dll
2009-05-15 05:02:10 3298152 ----a-w- C:\Program Files (x86)\Common Files\adlmint.dll
2007-07-17 21:13:45 61440 ----a-w- C:\Program Files (x86)\RGSGrowBounds.aex

============= FINISH: 12:45:46.25 ===============



Thank you for your help

Glen.

Attached Files



BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:19 AM

Posted 19 February 2011 - 11:30 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new OTL log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 glvic

glvic
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:19 AM

Posted 23 February 2011 - 10:49 AM

etavares, thank you for your time. :) I have not resolve the problem yet. What really happens is while I'm using the computer, it would just freeze randomly but not often. And it's very annoying. :( Sometimes when it happens I would get a blue screen, but I have not seen the blue screen for a while. So now it would just freeze up.

I tried to fix the problem using RegInOut, but that didn't work. :(


Here are the New Scans that you requested...

OTL logfile created on: 2/23/2011 10:20:23 AM - Run 1
OTL by OldTimer - Version 3.2.21.0 Folder = C:\Users\Glen\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

9.00 Gb Total Physical Memory | 7.00 Gb Available Physical Memory | 81.00% Memory free
10.00 Gb Paging File | 8.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): c:\pagefile.sys 1024 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 583.32 Gb Total Space | 257.28 Gb Free Space | 44.11% Space Free | Partition Type: NTFS
Drive D: | 12.75 Gb Total Space | 2.29 Gb Free Space | 17.97% Space Free | Partition Type: NTFS

Computer Name: GLVICTOR | User Name: Glen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/23 10:17:55 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\Glen\Desktop\OTL.exe
PRC - [2010/12/16 18:24:30 | 023,343,848 | ---- | M] (Dropbox, Inc.) -- C:\Users\Glen\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2010/12/10 23:09:11 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/11/23 18:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccsvchst.exe
PRC - [2010/10/14 17:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/10/07 22:36:42 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/10 01:10:38 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
PRC - [2010/03/03 19:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/08/27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009/08/05 13:45:22 | 000,206,120 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/07/23 20:45:52 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/09/30 18:59:26 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe


========== Modules (SafeList) ==========

MOD - [2011/02/23 10:17:55 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\Glen\Desktop\OTL.exe
MOD - [2010/08/20 21:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/20 15:46:00 | 005,671,792 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV:64bit: - [2010/04/07 22:03:36 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/03/10 22:29:46 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010/11/23 18:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe -- (NIS)
SRV - [2010/10/14 17:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/07/07 13:19:22 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/10 01:10:38 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe -- (mi-raysat_3dsmax2011_32)
SRV - [2010/03/03 19:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/01/15 04:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/11/24 17:44:32 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2009/11/24 17:44:02 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/08/27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/22 10:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/09/30 18:59:26 | 000,192,512 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe -- (HPBtnSrv)
SRV - [2008/08/07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2007/05/31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/12/13 13:51:58 | 000,174,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/11/30 21:24:00 | 000,382,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\symnets.sys -- (SymNetS)
DRV:64bit: - [2010/11/22 20:08:32 | 000,735,864 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/11/22 20:08:32 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/11/17 18:59:55 | 000,802,864 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\symefa64.sys -- (SymEFA)
DRV:64bit: - [2010/11/15 17:45:33 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/10/20 18:28:36 | 000,450,608 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\symds64.sys -- (SymDS)
DRV:64bit: - [2010/09/15 11:36:06 | 000,018,288 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2010/04/29 05:55:42 | 000,032,768 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\androidusb.sys -- (androidusb)
DRV:64bit: - [2010/03/10 22:39:52 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/03/10 22:39:52 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/10 21:34:06 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/03 18:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/01/06 22:19:00 | 000,068,224 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\S3XXx64.sys -- (S3XXx64)
DRV:64bit: - [2009/09/21 14:29:22 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/18 05:18:48 | 000,109,480 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/07/13 17:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 17:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/29 01:00:00 | 000,116,752 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/06/12 10:19:58 | 000,287,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress) Intel®
DRV:64bit: - [2009/06/10 12:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/06 02:34:50 | 000,639,512 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\t3.sys -- (t3)
DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2007/02/16 09:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2007/02/03 10:30:58 | 000,058,528 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2007/02/03 10:25:56 | 000,955,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CamDrL64.sys -- (CamDrL64) Logitech QuickCam Pro 3000(PID_08B0)
DRV:64bit: - [2005/06/14 13:01:16 | 000,296,448 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\hardlock.sys -- (Hardlock)
DRV - [2011/01/26 02:17:57 | 001,791,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110222.036\EX64.SYS -- (NAVEX15)
DRV - [2011/01/26 02:17:57 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/01/26 02:17:57 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110222.036\ENG64.SYS -- (NAVENG)
DRV - [2010/12/13 14:15:07 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/11/22 18:20:07 | 000,953,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110114.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2010/11/08 16:50:27 | 000,476,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110221.001\IDSviA64.sys -- (IDSVia64)
DRV - [2008/04/04 18:34:26 | 000,014,208 | ---- | M] (MAGIX) [Kernel | Boot | Running] -- C:\Windows\SysWow64\drivers\disksec.sys -- (DiskSec)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3753959016-2994060814-909633021-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
IE - HKU\S-1-5-21-3753959016-2994060814-909633021-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/?pc=AVBR
IE - HKU\S-1-5-21-3753959016-2994060814-909633021-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=AVBR
IE - HKU\S-1-5-21-3753959016-2994060814-909633021-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3753959016-2994060814-909633021-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search..."
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: gamebox@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.1.8
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - prefs.js..keyword.URL: "http://gamebox.my-quick-search.com/search.aspx?srch=ku&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2010/03/05 22:46:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011/01/13 08:42:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\ [2010/12/27 17:01:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/10 23:09:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/12/10 23:09:12 | 000,000,000 | ---D | M]

[2009/12/05 20:59:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Glen\AppData\Roaming\Mozilla\Extensions
[2011/02/22 19:19:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Glen\AppData\Roaming\Mozilla\Firefox\Profiles\hi52wgxi.default\extensions
[2011/02/12 18:01:28 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Glen\AppData\Roaming\Mozilla\Firefox\Profiles\hi52wgxi.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/12/12 15:50:47 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\Glen\AppData\Roaming\Mozilla\Firefox\Profiles\hi52wgxi.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2010/06/14 18:13:22 | 000,000,000 | ---D | M] (GameBox) -- C:\Users\Glen\AppData\Roaming\Mozilla\Firefox\Profiles\hi52wgxi.default\extensions\gamebox@toolbar
[2010/11/10 08:19:07 | 000,000,000 | ---D | M] (FastestFox) -- C:\Users\Glen\AppData\Roaming\Mozilla\Firefox\Profiles\hi52wgxi.default\extensions\smarterwiki@wikiatic.com
[2010/01/01 12:30:17 | 000,009,941 | ---- | M] () -- C:\Users\Glen\AppData\Roaming\Mozilla\Firefox\Profiles\hi52wgxi.default\searchplugins\mywebsearch.xml
[2010/12/13 16:29:53 | 000,002,464 | ---- | M] () -- C:\Users\Glen\AppData\Roaming\Mozilla\Firefox\Profiles\hi52wgxi.default\searchplugins\safesearch.xml
[2010/11/05 09:23:24 | 000,001,594 | ---- | M] () -- C:\Users\Glen\AppData\Roaming\Mozilla\Firefox\Profiles\hi52wgxi.default\searchplugins\web-search.xml
[2010/12/02 11:22:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/01/16 20:02:51 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/03/05 22:46:47 | 000,000,000 | ---D | M] (Google Gears) -- C:\PROGRAM FILES (X86)\GOOGLE\GOOGLE GEARS\FIREFOX
[2010/12/27 17:01:40 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\COFFPLGN
[2011/01/13 08:42:36 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN

O1 HOSTS File: ([2009/11/17 15:29:38 | 000,000,049 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-3753959016-2994060814-909633021-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O4 - Startup: C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Glen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKU\S-1-5-21-3753959016-2994060814-909633021-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKU\S-1-5-21-3753959016-2994060814-909633021-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?40267.3482060185 (Update Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.254.2 167.206.254.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - Reg Error: Key error. - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/02/03 09:52:51 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PictureMover.lnk - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe - (Hewlett-Packard Company)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: HPADVISOR - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: IAAnotif - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Messenger (Yahoo!) - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: MyWebSearch Email Plugin - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Search Protection - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: SmartMenu - hkey= - key= - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig:64bit - StartUpReg: swg - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: UpdatePRCShortCut - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: Windows Mobile Device Center - hkey= - key= - C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: YSearchProtection - hkey= - key= - File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.

Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: MSVideo - vfwwdm32.dll (Microsoft Corporation)
Drivers32:64bit: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
Drivers32:64bit: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.x264 - x264vfw64.dll ()
Drivers32:64bit: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: aux - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\SysWow64\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\SysWow64\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\SysWow64\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\SysWow64\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\SysWow64\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\SysWow64\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.vorbis - C:\Windows\SysWow64\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: vidc.CSCD - C:\Windows\SysWow64\camcodec.dll (RenderSoft Software)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iyuv - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\SysWow64\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\SysWow64\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.tscc - C:\Windows\SysWow64\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.uyvy - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.x264 - C:\Windows\SysWow64\x264vfw.dll ()
Drivers32: vidc.yuy2 - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\Windows\SysWow64\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\SysWow64\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/02/23 10:17:54 | 000,577,024 | ---- | C] (OldTimer Tools) -- C:\Users\Glen\Desktop\OTL.exe
[2011/02/22 14:33:19 | 000,000,000 | ---D | C] -- C:\Users\Glen\Desktop\ZB_2011
[2011/02/21 18:38:05 | 000,000,000 | ---D | C] -- C:\Users\Glen\Desktop\Drawings_For thesis
[2011/02/20 22:45:11 | 000,000,000 | ---D | C] -- C:\Users\Glen\Desktop\Mental Ray Nodes In Maya
[2011/02/20 15:48:33 | 000,000,000 | ---D | C] -- C:\Users\Glen\Desktop\NWDA-grs-pck-cgp
[2011/02/19 18:01:16 | 000,000,000 | ---D | C] -- C:\Users\Glen\Desktop\glass
[2011/02/18 14:30:41 | 000,000,000 | ---D | C] -- C:\Users\Glen\Desktop\Agape_props
[2011/02/15 23:06:06 | 000,000,000 | ---D | C] -- C:\Users\Glen\Desktop\table exercise
[2011/02/15 08:48:40 | 000,000,000 | ---D | C] -- C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RegInOut System Utilities
[2011/02/15 08:48:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegInOut
[2011/02/14 10:56:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/02/14 10:56:02 | 000,000,000 | ---D | C] -- C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/02/12 17:40:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Backup
[2011/02/11 13:18:48 | 000,000,000 | ---D | C] -- C:\ProgramData\RegInOut
[2011/02/11 13:18:46 | 000,000,000 | ---D | C] -- C:\Windows\RegInOut System Utilities
[2011/02/11 12:46:43 | 000,000,000 | ---D | C] -- C:\Users\Glen\Desktop\POPPY
[2011/02/09 10:35:23 | 000,000,000 | ---D | C] -- C:\Users\Glen\Desktop\Lighting and Rendering_Jeremy Birn
[2011/02/09 09:56:23 | 000,000,000 | ---D | C] -- C:\Users\Glen\Desktop\Tron LightCycle Tutorial
[2011/02/05 09:57:38 | 000,000,000 | ---D | C] -- C:\Users\Glen\Desktop\Models_to_sell
[2011/02/03 09:55:18 | 000,000,000 | ---D | C] -- C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Setup Machine for Maya 2010
[2011/02/03 09:34:15 | 000,000,000 | ---D | C] -- C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Face Machine for Maya 2011 (64-bit edition)
[2011/02/03 09:27:04 | 000,000,000 | ---D | C] -- C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Setup Machine for Maya 2010 (64-bit edition)
[2011/02/02 23:11:26 | 000,000,000 | ---D | C] -- C:\Users\Glen\Desktop\Jessi
[2011/02/02 17:52:57 | 000,000,000 | ---D | C] -- C:\Users\Glen\Desktop\propane
[2011/01/24 20:57:09 | 000,000,000 | ---D | C] -- C:\Users\Glen\Desktop\Robot
[2009/05/14 21:02:10 | 003,392,872 | ---- | C] (Acresso Software Inc.) -- C:\Program Files (x86)\Common Files\adlmint_libFNP.dll
[2009/05/14 21:02:10 | 003,298,152 | ---- | C] (Autodesk) -- C:\Program Files (x86)\Common Files\adlmint.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/23 10:23:14 | 000,013,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/23 10:23:14 | 000,013,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/23 10:21:31 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/02/23 10:21:31 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/02/23 10:21:31 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/02/23 10:17:55 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\Glen\Desktop\OTL.exe
[2011/02/23 10:15:31 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/23 10:15:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/23 10:15:16 | 2945,785,855 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/23 10:09:20 | 000,272,572 | ---- | M] () -- C:\Users\Glen\Desktop\Cute_Rabbit.obj
[2011/02/23 09:41:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/23 09:30:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3753959016-2994060814-909633021-1000UA.job
[2011/02/22 23:51:15 | 183,261,374 | ---- | M] () -- C:\Users\Glen\Desktop\head_occlusion.psd
[2011/02/22 23:31:53 | 150,007,999 | ---- | M] () -- C:\Users\Glen\Desktop\Body.psd
[2011/02/22 23:25:14 | 001,283,499 | ---- | M] () -- C:\Users\Glen\Desktop\MetalScratches0008_L.jpg
[2011/02/22 20:25:15 | 023,258,619 | ---- | M] () -- C:\Users\Glen\Desktop\Xeo.mov
[2011/02/22 20:22:15 | 014,060,445 | ---- | M] () -- C:\Users\Glen\Desktop\Opening 2.mov
[2011/02/22 18:30:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3753959016-2994060814-909633021-1000Core.job
[2011/02/21 18:37:51 | 001,658,988 | ---- | M] () -- C:\Users\Glen\Desktop\Lab_shot_almost_done.jpg
[2011/02/21 18:37:13 | 067,765,865 | ---- | M] () -- C:\Users\Glen\Desktop\Lab_shot_almost_done.psd
[2011/02/21 18:10:38 | 066,260,879 | ---- | M] () -- C:\Users\Glen\Desktop\Lab_shot.psd
[2011/02/20 13:18:13 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\RegInOut Scheduled Scan - Glen.job
[2011/02/20 08:53:30 | 000,004,418 | ---- | M] () -- C:\Users\Glen\AppData\Roaming\wklnhst.dat
[2011/02/20 08:20:24 | 000,000,455 | ---- | M] () -- C:\ProgramData\SYSTEM_CLEANER_HISTORY.xml
[2011/02/19 14:35:44 | 069,076,381 | ---- | M] () -- C:\Users\Glen\Desktop\shot one.psd
[2011/02/18 23:17:08 | 001,340,194 | ---- | M] () -- C:\Users\Glen\Desktop\animatedLA.pdf
[2011/02/14 12:51:58 | 000,010,434 | ---- | M] () -- C:\Users\Glen\Desktop\DDS.zip
[2011/02/14 12:44:57 | 000,624,128 | ---- | M] () -- C:\Users\Glen\Desktop\dds.scr
[2011/02/14 10:56:02 | 000,002,971 | ---- | M] () -- C:\Users\Glen\Desktop\HiJackThis.lnk
[2011/02/12 17:59:31 | 000,000,223 | ---- | M] () -- C:\ProgramData\DEFRAG_HISTORY.xml
[2011/02/12 17:57:39 | 000,000,485 | ---- | M] () -- C:\ProgramData\SERVICES_HISTORY.xml
[2011/02/11 19:11:09 | 063,875,671 | ---- | M] () -- C:\Users\Glen\Desktop\Shogun 2- Total War - CGI Intro.mp4
[2011/02/11 13:03:34 | 000,000,046 | ---- | M] () -- C:\Windows\PCCT.INI
[2011/02/10 09:45:38 | 000,007,606 | ---- | M] () -- C:\Users\Glen\AppData\Local\Resmon.ResmonCfg
[2011/02/10 09:31:11 | 003,021,392 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/02/03 09:55:18 | 000,108,313 | ---- | M] () -- C:\Windows\The Setup Machine for Maya 2010 Uninstaller.exe
[2011/02/03 09:50:16 | 000,002,086 | ---- | M] () -- C:\Users\Glen\Application Data\Microsoft\Internet Explorer\Quick Launch\Autodesk Maya 2010.lnk
[2011/02/03 09:34:15 | 000,128,324 | ---- | M] () -- C:\Windows\The Face Machine for Maya 2011 (64-bit edition) Uninstaller.exe
[2011/02/03 09:27:04 | 000,107,344 | ---- | M] () -- C:\Windows\The Setup Machine for Maya 2010 (64-bit edition) Uninstaller.exe
[2011/01/31 22:45:20 | 000,121,635 | ---- | M] () -- C:\Users\Glen\Desktop\x01.jpg
[2011/01/31 22:42:21 | 000,868,723 | ---- | M] () -- C:\Users\Glen\Desktop\Vines_test.jpg
[2011/01/31 12:34:46 | 000,053,922 | ---- | M] () -- C:\Users\Glen\Desktop\Corel_ColorChart_510.JPG
[2011/01/31 11:01:01 | 000,000,552 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2011/01/30 20:23:08 | 000,241,494 | ---- | M] () -- C:\Users\Glen\Desktop\sambrown-bot-sketches-3.jpg
[2011/01/30 12:25:19 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForGlen.job
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/23 10:09:20 | 000,272,572 | ---- | C] () -- C:\Users\Glen\Desktop\Cute_Rabbit.obj
[2011/02/22 23:25:12 | 001,283,499 | ---- | C] () -- C:\Users\Glen\Desktop\MetalScratches0008_L.jpg
[2011/02/22 23:19:30 | 150,007,999 | ---- | C] () -- C:\Users\Glen\Desktop\Body.psd
[2011/02/22 22:13:26 | 183,261,374 | ---- | C] () -- C:\Users\Glen\Desktop\head_occlusion.psd
[2011/02/22 20:25:08 | 023,258,619 | ---- | C] () -- C:\Users\Glen\Desktop\Xeo.mov
[2011/02/22 20:22:03 | 014,060,445 | ---- | C] () -- C:\Users\Glen\Desktop\Opening 2.mov
[2011/02/21 18:37:48 | 001,658,988 | ---- | C] () -- C:\Users\Glen\Desktop\Lab_shot_almost_done.jpg
[2011/02/21 18:23:55 | 067,765,865 | ---- | C] () -- C:\Users\Glen\Desktop\Lab_shot_almost_done.psd
[2011/02/21 14:47:54 | 066,260,879 | ---- | C] () -- C:\Users\Glen\Desktop\Lab_shot.psd
[2011/02/20 09:01:40 | 732,239,872 | ---- | C] () -- C:\Users\Glen\Desktop\The.Secret.of.Kells.2009.LiMiTED.DVDRip.XviD-LPD.avi
[2011/02/18 23:17:08 | 001,340,194 | ---- | C] () -- C:\Users\Glen\Desktop\animatedLA.pdf
[2011/02/14 12:51:58 | 000,010,434 | ---- | C] () -- C:\Users\Glen\Desktop\DDS.zip
[2011/02/14 12:44:56 | 000,624,128 | ---- | C] () -- C:\Users\Glen\Desktop\dds.scr
[2011/02/14 10:56:02 | 000,002,971 | ---- | C] () -- C:\Users\Glen\Desktop\HiJackThis.lnk
[2011/02/12 17:59:31 | 000,000,223 | ---- | C] () -- C:\ProgramData\DEFRAG_HISTORY.xml
[2011/02/12 17:57:39 | 000,000,485 | ---- | C] () -- C:\ProgramData\SERVICES_HISTORY.xml
[2011/02/12 17:40:42 | 000,000,455 | ---- | C] () -- C:\ProgramData\SYSTEM_CLEANER_HISTORY.xml
[2011/02/11 19:10:13 | 063,875,671 | ---- | C] () -- C:\Users\Glen\Desktop\Shogun 2- Total War - CGI Intro.mp4
[2011/02/11 13:18:48 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\RegInOut Scheduled Scan - Glen.job
[2011/02/10 17:45:31 | 069,076,381 | ---- | C] () -- C:\Users\Glen\Desktop\shot one.psd
[2011/02/10 09:45:38 | 000,007,606 | ---- | C] () -- C:\Users\Glen\AppData\Local\Resmon.ResmonCfg
[2011/02/03 09:55:18 | 000,108,313 | ---- | C] () -- C:\Windows\The Setup Machine for Maya 2010 Uninstaller.exe
[2011/02/03 09:50:16 | 000,002,086 | ---- | C] () -- C:\Users\Glen\Application Data\Microsoft\Internet Explorer\Quick Launch\Autodesk Maya 2010.lnk
[2011/02/03 09:34:15 | 000,128,324 | ---- | C] () -- C:\Windows\The Face Machine for Maya 2011 (64-bit edition) Uninstaller.exe
[2011/02/03 09:27:04 | 000,107,344 | ---- | C] () -- C:\Windows\The Setup Machine for Maya 2010 (64-bit edition) Uninstaller.exe
[2011/01/31 22:45:20 | 000,121,635 | ---- | C] () -- C:\Users\Glen\Desktop\x01.jpg
[2011/01/31 22:42:17 | 000,868,723 | ---- | C] () -- C:\Users\Glen\Desktop\Vines_test.jpg
[2011/01/31 12:34:45 | 000,053,922 | ---- | C] () -- C:\Users\Glen\Desktop\Corel_ColorChart_510.JPG
[2011/01/30 20:23:08 | 000,241,494 | ---- | C] () -- C:\Users\Glen\Desktop\sambrown-bot-sketches-3.jpg
[2010/12/02 11:23:35 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/09/10 09:55:27 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\qtmlClient.dll
[2010/08/14 09:49:39 | 000,000,046 | ---- | C] () -- C:\Windows\PCCT.INI
[2010/07/05 14:43:34 | 003,200,512 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2010/06/29 23:12:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2010/04/14 20:05:28 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/03/29 13:13:08 | 000,003,584 | ---- | C] () -- C:\Users\Glen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/09 08:57:18 | 000,000,111 | ---- | C] () -- C:\Windows\installation.ini
[2009/12/10 14:31:05 | 000,007,476 | ---- | C] () -- C:\Program Files (x86)\KLF2.5GPU.log
[2009/12/04 19:54:44 | 000,004,418 | ---- | C] () -- C:\Users\Glen\AppData\Roaming\wklnhst.dat
[2009/12/03 12:13:02 | 000,001,985 | ---- | C] () -- C:\Program Files (x86)\trapcodeShine.log
[2009/11/24 17:43:50 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/11/24 17:43:50 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/11/24 17:43:40 | 000,148,992 | ---- | C] () -- C:\Windows\SysWow64\OemSpiE.dll
[2009/11/24 17:43:40 | 000,001,436 | ---- | C] () -- C:\Windows\CfgHPSp.ini
[2009/11/24 17:43:40 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg05Sp.ini
[2009/11/24 17:43:40 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg04Sp.ini
[2009/11/24 17:43:40 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg03Sp.ini
[2009/11/24 17:43:40 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg02Sp.ini
[2009/11/24 17:43:40 | 000,001,000 | ---- | C] () -- C:\Windows\Cfg01Sp.ini
[2009/11/24 17:43:40 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPHp.ini
[2009/11/24 17:43:40 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPDO.ini
[2009/11/24 17:43:40 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg05DO.ini
[2009/11/24 17:43:40 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg04DO.ini
[2009/11/24 17:43:40 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg05Hp.ini
[2009/11/24 17:43:40 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg04Hp.ini
[2009/11/24 17:43:40 | 000,000,818 | ---- | C] () -- C:\Windows\Cfg01APR.ini
[2009/11/24 17:43:40 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03Hp.ini
[2009/11/24 17:43:40 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03DO.ini
[2009/11/24 17:43:40 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02Hp.ini
[2009/11/24 17:43:40 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02DO.ini
[2009/11/24 17:43:40 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01Hp.ini
[2009/11/24 17:43:40 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01DO.ini
[2009/11/24 17:43:40 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRMi.ini
[2009/11/24 17:43:40 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRLI.ini
[2009/11/24 17:43:40 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPFMi.ini
[2009/11/24 17:43:40 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPDI.ini
[2009/11/24 17:43:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RMi.ini
[2009/11/24 17:43:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RLI.ini
[2009/11/24 17:43:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05FMi.ini
[2009/11/24 17:43:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05DI.ini
[2009/11/24 17:43:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RMi.ini
[2009/11/24 17:43:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RLI.ini
[2009/11/24 17:43:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04FMi.ini
[2009/11/24 17:43:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04DI.ini
[2009/11/24 17:43:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03RMi.ini
[2009/11/24 17:43:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03RLI.ini
[2009/11/24 17:43:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03FMi.ini
[2009/11/24 17:43:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03DI.ini
[2009/11/24 17:43:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02RMi.ini
[2009/11/24 17:43:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02RLI.ini
[2009/11/24 17:43:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02FMi.ini
[2009/11/24 17:43:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02DI.ini
[2009/11/24 17:43:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01Mic.ini
[2009/11/24 17:43:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01LI.ini
[2009/11/24 17:43:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01DI.ini
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/03/25 14:23:36 | 000,520,192 | ---- | C] () -- C:\Windows\SysWow64\RegisterDialog.dll
[2009/02/18 16:55:39 | 000,319,488 | ---- | C] () -- C:\Windows\SysWow64\LS3Renderer.dll
[2007/07/12 11:51:25 | 000,061,440 | ---- | C] () -- C:\Program Files (x86)\RGSGrowBounds.aex
[2007/04/27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2006/06/13 09:12:40 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\winOGL.dll

========== LOP Check ==========

[2010/01/29 21:45:59 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\AnvSoft
[2009/12/03 10:49:50 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\Arctic
[2010/07/07 13:22:22 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\Autodesk
[2011/01/20 17:34:03 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\AVG
[2011/02/15 08:53:09 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\BitTorrent
[2010/03/11 11:43:16 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\DigitalJuice
[2011/02/23 10:15:53 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\Dropbox
[2009/12/27 11:49:14 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\EPSON
[2010/06/22 09:20:20 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\FreeFLVConverter
[2010/11/07 18:36:29 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\Hardcore
[2010/02/20 01:55:10 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\IObit
[2010/02/09 08:57:20 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\MAGIX
[2010/04/03 08:50:17 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\MAXON
[2010/05/02 16:40:55 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\NCH Swift Sound
[2010/02/25 22:12:33 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\NeoDownloader
[2010/11/07 14:17:42 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\NetMedia Providers
[2010/09/10 09:56:46 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\PACE Anti-Piracy
[2009/12/03 08:27:02 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\PictureMover
[2010/04/21 22:00:26 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\Pixar
[2009/12/08 12:50:23 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\Publish Providers
[2010/12/13 11:09:52 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\Registry Mechanic
[2010/09/21 07:46:41 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\RenPy
[2010/11/07 16:37:08 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\Sony
[2009/12/04 19:54:45 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\Template
[2011/01/26 02:14:16 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\TopoGun64
[2009/12/04 09:01:31 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\WinBatch
[2010/11/08 20:03:23 | 000,000,000 | ---D | M] -- C:\Users\Glen\AppData\Roaming\Windows Live Writer
[2011/01/31 11:01:01 | 000,000,552 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2011/02/20 13:18:13 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\RegInOut Scheduled Scan - Glen.job
[2010/11/03 12:17:47 | 000,032,564 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/13 17:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtmsft.dll
[2009/07/13 17:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtrans.dll
[2009/07/13 17:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\FirewallAPI.dll
[2010/12/17 21:29:18 | 000,185,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\iepeers.dll

< %systemroot%\system32\*.sys /90 >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %SYSTEMDRIVE%\*.* >
[2009/11/19 20:53:26 | 004,160,360 | ---- | M] (Autodesk, Inc.) -- C:\adlmint.dll
[2009/11/19 20:53:26 | 006,444,392 | ---- | M] (Acresso Software Inc.) -- C:\adlmint_libFNP.dll
[2010/09/07 11:25:18 | 000,003,000 | ---- | M] () -- C:\FINIS_IT.TXT
[2011/02/23 10:15:16 | 2945,785,855 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/01 23:37:35 | 000,000,012 | ---- | M] () -- C:\key.txt
[2006/12/01 23:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2011/02/23 10:15:16 | 1073,741,824 | -HS- | M] () -- C:\pagefile.sys
[2011/01/19 12:48:48 | 000,000,109 | ---- | M] () -- C:\VRMayaSpawner.log
[2010/12/22 11:16:14 | 000,002,464 | ---- | M] () -- C:\{0E8CB137-94FC-417F-99AE-0CC14795B410}

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

========== Alternate Data Streams ==========

@Alternate Data Stream - 921 bytes -> C:\Users\Glen\AppData\Local\Temp:jbqjGuQvvU1OD8asfj0Uds0kl
@Alternate Data Stream - 46 bytes -> C:\Users\Glen\Desktop\mental.ray.for.Maya.3ds.Max.and.XSI.pdf:com.dropbox.attributes
@Alternate Data Stream - 192 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:3EFB0FE0
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:FB1B13D8
@Alternate Data Stream - 1153 bytes -> C:\ProgramData\Microsoft:UUQ9Ae7s6zYtxbGhytlMy
@Alternate Data Stream - 1123 bytes -> C:\ProgramData\Microsoft:YBrKnL6n5P0OAVUDtgpVePl
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >


Then second Scan.....

OTL Extras logfile created on: 2/23/2011 10:20:23 AM - Run 1
OTL by OldTimer - Version 3.2.21.0 Folder = C:\Users\Glen\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

9.00 Gb Total Physical Memory | 7.00 Gb Available Physical Memory | 81.00% Memory free
10.00 Gb Paging File | 8.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): c:\pagefile.sys 1024 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 583.32 Gb Total Space | 257.28 Gb Free Space | 44.11% Space Free | Partition Type: NTFS
Drive D: | 12.75 Gb Total Space | 2.29 Gb Free Space | 17.97% Space Free | Partition Type: NTFS

Computer Name: GLVICTOR | User Name: Glen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3753959016-2994060814-909633021-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Glen\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01DED007-A829-425f-B676-825B9051DF4D}" = Shave And A Haircut for Maya 2010x64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0894680D-1815-4451-A80B-D426DEAD78E5}" = Shave And A Haircut for Maya 2011x64
"{1314D90A-A77D-4635-BB8C-840FBB466BE3}" = Autodesk MatchMover 2010 (64-bit)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{26280024-DFB7-4967-90DB-7F9C6660D01E}" = HP MediaSmart SmartMenu
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2B80C356-CA93-433D-814C-BF4CBF3195C2}" = Maya 2010 (64-bit) Documentation (en_US)
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{470DA0AE-96BF-4F9C-888C-360DEF2DE71E}" = Autodesk DirectConnect 2010 R1 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{52ACC804-EE61-45b7-AA5E-FB9F4F377B3D}" = Maya 8.5 (64-bit) Documentation (en_US)
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5F02C14D-A630-4771-8409-0BA89FCCA8D6}" = iTunes
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{887CB4A1-5DB4-4924-A2C6-CDCB72376CC7}" = Autodesk Maya 2011 64-bit
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile Device Center Driver Update
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B7FEA90D-9620-455F-9B15-652D4FA80B0A}" = Autodesk Toxik 2010 (64-bit)
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBF6B4E9-CD43-476A-895D-4D688D41CE63}" = Composite 2011 (64-bit)
"{DDE113EA-5DB0-4F68-BB58-5F67DD2308B4}" = Autodesk MatchMover 2011 64-bit
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{E601CC5B-6D8F-11DE-4E95-3FE0187790C9}" = ccc-utility64
"{F4934901-B3C8-9918-F018-2D68F94B380E}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"MAXONB6EC381C" = CINEMA 4D 11.514
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"The Face Machine for Maya 2011 (64-bit edition)" = The Face Machine for Maya 2011 (64-bit edition)
"The Setup Machine for Maya 2010 (64-bit edition)" = The Setup Machine for Maya 2010 (64-bit edition)
"Wacom Tablet Driver" = Wacom Tablet
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{0304767D-5AF0-A6EF-5774-6E0D7A42687A}" = CCC Help Polish
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BF4F0C7-8074-4D37-9650-DBB893670B9A}" = CCC Help English
"{0C747AF8-6910-ED23-4E6B-A198FC5A592B}" = CCC Help Thai
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{10753ce9-34fc-411c-8d62-409bae3e54ca}" =
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.4
"{1A9C2918-468D-4128-8FED-B4BA28A61562}" = MAGIX Music Maker 16 Premium Content Pack 2
"{1BD84D49-F8D4-C48B-44C3-454B886B996F}" = CCC Help Swedish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{230C2422-DEBC-3592-9543-70A3929FBACC}" = CCC Help Danish
"{248AA4C8-F412-4A6F-A294-6C47D8E6B13B}" = MAGIX Music Maker 16 Premium Content Pack 3
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{2A856E11-228D-459F-A196-6F4F7E104FFC}" = ZBrush 3.5 R3
"{2B929487-3B32-7115-8CDB-B2209464B6A9}" = CCC Help Norwegian
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"{310AFA6B-094D-45DA-8389-4712074B6A22}" = Maya 2010
"{31ea7252-6b8b-4943-b5c1-a7b763f1af81}" =
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{377bfccd-441c-4038-bce4-94e155970e54}" =
"{37D59F62-2FC7-412D-AA55-3D0E6A9BD9C7}" = Microsoft Live Search Toolbar
"{38F2E726-1FF5-4AAB-96AD-CAB5079E8846}" = Autodesk DirectConnect 2010
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3BEF9769-BA52-18F7-1D02-2362F6A27E38}" = Adobe Media Player
"{3CAA4788-85E1-4bd6-890E-09B4BE3CD3D1}" = Maya 2010 Documentation (en_US)
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1.3
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4BF62C05-3943-4ECB-B233-6E37E3FB5BCF}" = ZBrush 4
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{54625876-FFA9-CDD4-AE9F-F229CE6F1CFC}" = CCC Help Czech
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{57c60dc3-c451-45c2-a750-beed43fe5483}" =
"{5ddc847b-3bc4-4508-ae1b-b1c5c208d8d4}" =
"{5ED619AE-AF12-0038-32BA-A56C1C1684ED}" = Catalyst Control Center Graphics Full New
"{5EE3FC44-D3B4-DBEF-13C9-DDC0DC8DB5C0}" = CCC Help Greek
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F669C27-AD76-5EF1-5DD0-B4F39DDABF82}" = CCC Help Russian
"{5fe613c5-d9b3-403f-be23-13a9eb28f18c}" =
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{646BCF4C-9014-1D5B-194C-AE7E5234E173}" = Catalyst Control Center Graphics Full Existing
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67431FA8-4B89-42DD-A68E-30D77F6C8D99}_is1" = HP Easy Backup
"{67574624-BF0F-0409-AF6D-19FBD86FF7F7}" = Autodesk 3ds Max 2011 32-bit
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6E5734E9-30D4-2912-A273-3EA6A8D38A4C}" = CCC Help Korean
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73CFF804-031A-145F-B4B1-54DBADE4BF5A}" = Catalyst Control Center Core Implementation
"{7619C9D8-BC52-F5A0-B184-56F1BCA8FDCD}" = CCC Help German
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80D881D9-2241-FDB2-917B-754D27B1711A}" = CCC Help Portuguese
"{812E1043-3795-2164-8607-FBF53B045EC5}" = CCC Help Turkish
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{854FC493-0A42-A237-ADE7-59FDEEAD444D}" = CCC Help Dutch
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{87AF4C0E-D953-424B-8108-3127CA217E6F}" = Quick Zip 5.1
"{88661107-C9FE-F236-5885-BD043F43C290}" = CCC Help Italian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}" = Adobe Setup
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EB8E60B-315D-44EB-A896-10D88602EE46}" = Adobe Setup
"{8F35D245-64DC-6231-F394-F1C70B1879E2}" = CCC Help French
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94BB375E-E8DC-555A-EC06-4BF1E1641E6F}" = Catalyst Control Center InstallProxy
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{97E038E1-41AD-4C93-BCDC-6A2394AEE352}" = Vegas Movie Studio Platinum 9.0
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AE27CE5-2442-EEA6-1D66-ED8D95E2EDF6}" = HydraVision
"{9c5a380c-24e5-42b1-8b86-be22b11c3781}" =
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}" = HP MediaSmart Demo
"{A1086DA0-903E-4DEA-A83F-6317923CC63D}" = headus UVLayout v2 Professional
"{A3698519-6043-889E-F219-3434BBD87A44}" = CCC Help Japanese
"{A4AA1A93-DFB5-4726-9522-B054EF1A456A}" = Catalyst Control Center - Branding
"{A589DA26-51BD-475D-8C32-E19E34145842}" = Camtasia Studio 6
"{A6F008F2-3264-415C-9341-CB8349115DBB}" = MAGIX Music Maker 16 Premium Content Pack 1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{ad54148b-9be7-4274-bce7-7315b2d3ce63}" =
"{AE41A33E-C9B5-47FE-9586-9D47B43E73B5}" = CCC Help Chinese Standard
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B32E6282-AE31-4466-BBC1-FC726268FC31}" = MAGIX Music Maker 16 Premium Download Version
"{B5F30211-27A0-C178-8D76-D838572EDEBD}" = ccc-core-static
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{bc3b3427-f7b3-4719-ac53-91d31d3eb320}" =
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C09F1573-6262-47F2-8B90-5B2290A58B12}" = MAGIX Speed 2 (MSI)
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{c53ff9af-0ce6-4372-8ed8-e593ef12fc32}" =
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Activate Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C93170A0-CBF9-481F-B972-B4FA5AEE0E06}" = Sound Blaster X-Fi
"{ca3069d3-da19-4100-817e-84db9acdccb5}" =
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{cbc7ef59-25ac-43fb-9233-821fbde88e76}" =
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE7855E6-B7C8-2E8E-9C10-EE996978A644}" = CCC Help Chinese Traditional
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4658CBC-2252-433E-B9CD-A7DDE5FF8A9D}" = MAGIX Music Maker 16 Premium Content Pack 4
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DB939A96-0B1A-4588-91E9-2133236D1E8B}" = VoobysDownloadS
"{dc6595bd-fde8-4c95-8aed-68a6bfb53dd6}" =
"{DC792B88-128D-0DF8-B8E0-86369110C15F}" = Catalyst Control Center Graphics Light
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{e0ddf988-12c7-4b10-b715-84947bd14924}" =
"{E1A278B7-38E9-25B7-248A-2D233D9A5104}" = CCC Help Hungarian
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E54FC448-36D7-40B1-8D61-26BD597176B9}" = ApamylolSis
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E6930026-9C0D-8D0E-B5A0-B434B6FB9940}" = CCC Help Finnish
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{E9DB54A9-1D1E-44A1-AF63-368E8F178FE0}" = RealFlow
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EA0D9E39-87E0-A1AD-8059-17090989C403}" = Catalyst Control Center HydraVision Full
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED89ADF0-7BA1-5B34-CFA1-203BEFB298C0}" = Catalyst Control Center Localization All
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F55C356C-2B50-BC6F-3221-56E4A46E1A90}" = CCC Help Spanish
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{fd474cd6-853c-4903-b9cc-c1febef71858}" =
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2a31ae7a5c43ff52d8577782dd34e04" = Adobe Illustrator CS4
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Adobe_5aab5a491a3a52ae624fd639f6aaa95" = Adobe After Effects CS4 Third Party Content
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Akamai" = Akamai NetSession Interface
"Any DVD Converter Professional_is1" = Any DVD Converter Professional 4.0.2
"Any Video Converter_is1" = Any Video Converter 3.0.3
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 1.2.6
"AudioCS" = Creative Audio Control Panel
"Autodesk FBX Plug-in 2011.1 - 3ds Max 2011" = Autodesk FBX Plug-in 2011.1 - 3ds Max 2011
"BitTorrent" = BitTorrent
"CamStudio" = CamStudio
"CamStudio Lossless Codec_is1" = CamStudio Lossless Codec v1.4
"com.adobe.amp.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Media Player
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"CycoreFX HD 1.6 for After Effects" = CycoreFX HD 1.6 for After Effects
"Drumaxx" = Drumaxx
"EPSON Scanner" = EPSON Scan
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"Free FLV Converter_is1" = Free FLV Converter V 6.8.0
"Host OpenAL" = Host OpenAL
"HP Remote Solution" = HP Remote Solution
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{2A856E11-228D-459F-A196-6F4F7E104FFC}" = ZBrush 3.5 R3
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{4BF62C05-3943-4ECB-B233-6E37E3FB5BCF}" = ZBrush 4
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Knoll Light Factory Pro 2.5" = Knoll Light Factory Pro 2.5
"Magic Bullet Looks" = Magic Bullet Looks
"MAGIX PC Check & Tuning 2010 Download Version UK" = MAGIX PC Check & Tuning 2010 Download Version 5.0.24.689 (UK)
"MAGIX Screenshare UK" = MAGIX Screenshare
"MAGIX Screenshare US" = MAGIX Screenshare
"MAGIX_MSI_mm16dlx" = MAGIX Music Maker 16 Premium Download Version
"McAfee Security Scan" = McAfee Security Scan Plus
"MixPad" = MixPad Audio Mixer
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NIS" = Norton Internet Security
"Quick Screen Capture 3.0_is1" = Quick Screen Capture 3.0
"RegInOut System Utilities3.0.0.2000" = RegInOut System Utilities
"Switch" = Switch Sound File Converter
"The Setup Machine for Maya 2010" = The Setup Machine for Maya 2010
"TopoGun1.06 W64" = TopoGun 1.06 W64
"Trapcode Form" = Trapcode Form
"Trapcode Particular v2" = Trapcode Particular v2
"Trapcode Shine" = Trapcode Shine
"VLC media player" = VLC media player 1.0.3
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WavePad" = WavePad Sound Editor
"WildTangent hp Master Uninstall" = HP Games
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 2.3d
"WinLiveSuite" = Windows Live Essentials
"x264vfw" = x264vfw - H.264/MPEG-4 AVC codec (remove only)
"x264vfw64" = x264vfw - H.264/MPEG-4 AVC codec for x64 (remove only)
"xNormal 3.17.0 Beta 5" = xNormal 3.17.0 Beta 5

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3753959016-2994060814-909633021-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/16/2011 2:14:21 AM | Computer Name = Glvictor | Source = Application Error | ID = 1000
Description = Faulting application name: Skype.exe, version: 5.1.0.104, time stamp:
0x4d21d204 Faulting module name: KERNELBASE.dll, version: 6.1.7600.16385, time stamp:
0x4a5bdbdf Exception code: 0xe0fafafa Fault offset: 0x0000b727 Faulting process id:
0x1188 Faulting application start time: 0x01cbcd83d25ee817 Faulting application path:
C:\Program Files (x86)\Skype\Phone\Skype.exe Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report
Id: fdbc15e2-3993-11e0-81a5-90e6baa528b1

Error - 2/18/2011 4:01:35 PM | Computer Name = Glvictor | Source = Application Error | ID = 1000
Description = Faulting application name: TopoGun64.exe, version: 0.0.0.0, time stamp:
0x4bcb4d58 Faulting module name: ntdll.dll, version: 6.1.7600.16695, time stamp:
0x4cc7b325 Exception code: 0xc0000374 Fault offset: 0x00000000000c6ab2 Faulting process
id: 0x1658 Faulting application start time: 0x01cbcfa4c556e27e Faulting application
path: C:\Program Files\TopoGun64\TopoGun64.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: e338d9b0-3b99-11e0-81a5-90e6baa528b1

Error - 2/18/2011 4:23:51 PM | Computer Name = Glvictor | Source = Application Error | ID = 1000
Description = Faulting application name: TopoGun64.exe, version: 0.0.0.0, time stamp:
0x4bcb4d58 Faulting module name: TopoGun64.exe, version: 0.0.0.0, time stamp: 0x4bcb4d58
Exception
code: 0xc0000417 Fault offset: 0x000000000017aaa8 Faulting process id: 0x1358 Faulting
application start time: 0x01cbcfa6bd3611ce Faulting application path: C:\Program
Files\TopoGun64\TopoGun64.exe Faulting module path: C:\Program Files\TopoGun64\TopoGun64.exe
Report
Id: ff3957d5-3b9c-11e0-81a5-90e6baa528b1

Error - 2/18/2011 8:32:20 PM | Computer Name = Glvictor | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Autodesk\Composite
2011\python\lib\distutils\command\wininst-8_d.exe". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2/20/2011 1:39:43 PM | Computer Name = Glvictor | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Autodesk\Composite
2011\python\lib\distutils\command\wininst-8_d.exe". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2/21/2011 3:08:11 PM | Computer Name = Glvictor | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Autodesk\Composite
2011\python\lib\distutils\command\wininst-8_d.exe". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2/22/2011 1:42:31 AM | Computer Name = Glvictor | Source = Application Error | ID = 1000
Description = Faulting application name: Skype.exe, version: 5.1.0.104, time stamp:
0x4d21d204 Faulting module name: Skype.exe, version: 5.1.0.104, time stamp: 0x4d21d204
Exception
code: 0xc0000005 Fault offset: 0x004f2654 Faulting process id: 0x1140 Faulting application
start time: 0x01cbd245729be083 Faulting application path: C:\Program Files (x86)\Skype\Phone\Skype.exe
Faulting
module path: C:\Program Files (x86)\Skype\Phone\Skype.exe Report Id: 89c3f298-3e46-11e0-81dd-90e6baa528b1

Error - 2/22/2011 1:42:48 AM | Computer Name = Glvictor | Source = Application Hang | ID = 1002
Description = The program Skype.exe version 5.1.0.104 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 1140 Start Time:
01cbd245729be083 Termination Time: 17 Application Path: C:\Program Files (x86)\Skype\Phone\Skype.exe

Report
Id: 925beedf-3e46-11e0-81dd-90e6baa528b1

Error - 2/22/2011 1:46:50 AM | Computer Name = Glvictor | Source = Application Error | ID = 1000
Description = Faulting application name: Skype.exe, version: 5.1.0.104, time stamp:
0x4d21d204 Faulting module name: KERNELBASE.dll, version: 6.1.7600.16385, time stamp:
0x4a5bdbdf Exception code: 0xe0fafafa Fault offset: 0x0000b727 Faulting process id:
0x13bc Faulting application start time: 0x01cbd25356f0e85a Faulting application path:
C:\Program Files (x86)\Skype\Phone\Skype.exe Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report
Id: 2433714c-3e47-11e0-81dd-90e6baa528b1

Error - 2/22/2011 1:54:00 AM | Computer Name = Glvictor | Source = Application Error | ID = 1000
Description = Faulting application name: Skype.exe, version: 5.1.0.104, time stamp:
0x4d21d204 Faulting module name: ntdll.dll, version: 6.1.7600.16695, time stamp:
0x4cc7ab86 Exception code: 0xc0000005 Fault offset: 0x00033232 Faulting process id:
0xe9c Faulting application start time: 0x01cbd253ec111267 Faulting application path:
C:\Program Files (x86)\Skype\Phone\Skype.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: 24b2fd04-3e48-11e0-81dd-90e6baa528b1

[ Hewlett-Packard Events ]
Error - 2/14/2010 8:41:50 PM | Computer Name = Glvictor | Source = Hewlett-Packard | ID = 0
Description = en-US The process cannot access the file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoSI.xml' because it is being used by another process.
mscorlib

at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String
path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare
share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options,
String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path,
FileMode mode, FileAccess access, FileShare share) at System.Xml.XmlDOMTextWriter..ctor(String
filename, Encoding encoding) at System.Xml.XmlDocument.Save(String filename)
at n.a(Object A_0, EventArgs A_1)

Error - 3/14/2010 7:55:51 PM | Computer Name = Glvictor | Source = Hewlett-Packard | ID = 0
Description = en-US The process cannot access the file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoSI.xml' because it is being used by another process.
mscorlib

at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String
path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare
share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options,
String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path,
FileMode mode, FileAccess access, FileShare share) at System.Xml.XmlDOMTextWriter..ctor(String
filename, Encoding encoding) at System.Xml.XmlDocument.Save(String filename)
at n.a(Object A_0, EventArgs A_1)

Error - 4/18/2010 7:02:34 PM | Computer Name = Glvictor | Source = Hewlett-Packard | ID = 0
Description = en-US The process cannot access the file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoSI.xml' because it is being used by another process.
mscorlib

at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String
path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare
share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options,
String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path,
FileMode mode, FileAccess access, FileShare share) at System.Xml.XmlDOMTextWriter..ctor(String
filename, Encoding encoding) at System.Xml.XmlDocument.Save(String filename)
at n.a(Object A_0, EventArgs A_1)

Error - 6/22/2010 2:32:54 PM | Computer Name = Glvictor | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 7/13/2010 8:44:51 PM | Computer Name = Glvictor | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 9/21/2010 3:01:37 PM | Computer Name = Glvictor | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 9/28/2010 2:51:12 PM | Computer Name = Glvictor | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 10/12/2010 2:11:25 PM | Computer Name = Glvictor | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 10/19/2010 2:41:28 PM | Computer Name = Glvictor | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 11/9/2010 3:50:45 PM | Computer Name = Glvictor | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

[ Media Center Events ]
Error - 3/6/2010 6:09:50 PM | Computer Name = Glvictor | Source = MCUpdate | ID = 0
Description = 2:09:50 PM - Error connecting to the internet. 2:09:50 PM - Unable
to contact server..

Error - 3/6/2010 7:09:55 PM | Computer Name = Glvictor | Source = MCUpdate | ID = 0
Description = 3:09:55 PM - Error connecting to the internet. 3:09:55 PM - Unable
to contact server..

Error - 3/6/2010 7:10:00 PM | Computer Name = Glvictor | Source = MCUpdate | ID = 0
Description = 3:10:00 PM - Error connecting to the internet. 3:10:00 PM - Unable
to contact server..

Error - 3/6/2010 8:10:05 PM | Computer Name = Glvictor | Source = MCUpdate | ID = 0
Description = 4:10:05 PM - Error connecting to the internet. 4:10:05 PM - Unable
to contact server..

Error - 3/6/2010 8:10:10 PM | Computer Name = Glvictor | Source = MCUpdate | ID = 0
Description = 4:10:10 PM - Error connecting to the internet. 4:10:10 PM - Unable
to contact server..

Error - 3/8/2010 5:28:27 PM | Computer Name = Glvictor | Source = MCUpdate | ID = 0
Description = 1:28:27 PM - Error connecting to the internet. 1:28:27 PM - Unable
to contact server..

Error - 3/8/2010 5:28:32 PM | Computer Name = Glvictor | Source = MCUpdate | ID = 0
Description = 1:28:32 PM - Error connecting to the internet. 1:28:32 PM - Unable
to contact server..

Error - 3/8/2010 6:28:37 PM | Computer Name = Glvictor | Source = MCUpdate | ID = 0
Description = 2:28:37 PM - Error connecting to the internet. 2:28:37 PM - Unable
to contact server..

Error - 3/8/2010 6:28:42 PM | Computer Name = Glvictor | Source = MCUpdate | ID = 0
Description = 2:28:42 PM - Error connecting to the internet. 2:28:42 PM - Unable
to contact server..

Error - 3/16/2010 5:21:39 AM | Computer Name = Glvictor | Source = MCUpdate | ID = 0
Description = 2:21:36 AM - Error connecting to the internet. 2:21:36 AM - Unable
to contact server..

[ System Events ]
Error - 2/20/2011 5:18:57 PM | Computer Name = Glvictor | Source = Service Control Manager | ID = 7000
Description = The Hardlock service failed to start due to the following error: %%577

Error - 2/20/2011 5:21:37 PM | Computer Name = Glvictor | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the HP
Health Check Service service to connect.

Error - 2/20/2011 5:21:37 PM | Computer Name = Glvictor | Source = Service Control Manager | ID = 7000
Description = The HP Health Check Service service failed to start due to the following
error: %%1053

Error - 2/21/2011 2:05:36 AM | Computer Name = Glvictor | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 2/21/2011 2:09:40 AM | Computer Name = Glvictor | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 2/23/2011 2:15:28 PM | Computer Name = Glvictor | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:13:27 AM on ?2/?23/?2011 was unexpected.

Error - 2/23/2011 2:15:29 PM | Computer Name = Glvictor | Source = Service Control Manager | ID = 7023
Description = The Akamai NetSession Interface service terminated with the following
error: %%126

Error - 2/23/2011 2:15:29 PM | Computer Name = Glvictor | Source = Service Control Manager | ID = 7000
Description = The Hardlock service failed to start due to the following error: %%577

Error - 2/23/2011 2:18:10 PM | Computer Name = Glvictor | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the HP
Health Check Service service to connect.

Error - 2/23/2011 2:18:10 PM | Computer Name = Glvictor | Source = Service Control Manager | ID = 7000
Description = The HP Health Check Service service failed to start due to the following
error: %%1053


< End of report >

Attached Files



#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:19 AM

Posted 23 February 2011 - 06:40 PM

Hello, glvic.

OK, we'll check for viruses first. Other causes of freezes include overheating, bad drivers, etc. Some questions for you. Please answer these in your reply:

  • What are you doing when it freezes? Streaming music, watching video, downloading files, etc.
  • On the reboot, do you get any warnings? Please let me know if you get any blue screens...we can get a minidump and analyze it for more clues if it's not a virus.
  • Is it a laptop or a desktop?
  • Is it possible that it is overheating? Does it feel warm to the touch if you put your hand in the exhaust airflow? Or room temperature? Are vents clean? Is the fan loud? Is the fan running?

Now, let's look for viruses. You do have some malware remnants, but they don't appear to be active. (My Web Search)

I will also say that Skype has a fair number of errors and could be the cause for some reason. You may want to temporarily uninstall that and see if it improves.




P2P Warning and Request
The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case BitTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. I recommend that you uninstall this program. That is optional, however. If you decide to not uninstall, please refrain from using it until I let you know your computer is clean.















Step 1

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 glvic

glvic
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:19 AM

Posted 24 February 2011 - 12:26 PM

Thanks etavares,


Here is the Log file........


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5870

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2/24/2011 12:40:20 PM
mbam-log-2011-02-24 (12-40-20).txt

Scan type: Quick scan
Objects scanned: 161821
Time elapsed: 2 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 18
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 7
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
c:\program files (x86)\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\funwebproducts\screensaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
c:\program files (x86)\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.



* What are you doing when it freezes? Streaming music, watching video, downloading files, etc. ANSWER: It does not mater what I'm doing, it just happens at any given time.

* On the reboot, do you get any warnings? Please let me know if you get any blue screens...we can get a minidump and analyze it for more clues if it's not a virus. ANSWER: On reboot, i would get a black screen that ask me to start Windows normally Repair the computer or Safe mode.

* Is it a laptop or a desktop? ANSWER: Desktop

* Is it possible that it is overheating? Does it feel warm to the touch if you put your hand in the exhaust airflow? Or room temperature? Are vents clean? Is the fan loud? Is the fan running? ANSWER: Actually, its very quite. But i think i shout open it to see if that's the problem.


Gvic.

Edited by glvic, 24 February 2011 - 12:49 PM.


#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:19 AM

Posted 24 February 2011 - 06:22 PM

Hello, glvic.

OK, it did find the MyWebSearch that I expected, but it also appears to have caught a Vundo infection. Have you experienced any freezes lately now that we removed a virus?

In regards to being quiet, make sure the fan is running. Sometimes too quiet is also bad. :)

Let's clean up a few more things and run an antivirus scan.

Do you have any other symptoms such as redirects when you search on Google or anything like that?




Step 1

Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.

The automatic part won't work with Vista or W7. Please backup manually using ERUNT with the following instructions:
  • Please locate the ERUNT icon on the desktop. If it is not there, click Start and type ERUNT into the search box.
  • Right click the ERUNT icon in the desktop or the Start menu, and select Run as Administrator
  • Click OK at the first message box.
  • Ensure the checkboxes for both "system registry" and "current user registry" are checked. Leave the default save location in there.
  • Click OK.
  • Click Yes to create the new folder.
  • You'll get a window saying "registry backup complete" once it's done. Click OK. If you get an error message, please STOP here and let me know. Do not proceed with any additional instructions until you check back with me.



Step 2

Please pull anything out of the recycle bin that you want to save. Part of this fix will empty temp files, and that does include the recycle bin.

We need run an OTL Script
  • Please download OTL from one of the following mirrors if you do not still have it.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Paste the following code under the Custom Scans/Fixes box at the bottom.
    :OTL
    O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    @Alternate Data Stream - 921 bytes -> C:\Users\Glen\AppData\Local\Temp:jbqjGuQvvU1OD8asfj0Uds0kl@Alternate Data Stream - 192 bytes -> C:\ProgramData\Temp:0B4227B4
    @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:3EFB0FE0
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:FB1B13D8
    @Alternate Data Stream - 1153 bytes -> C:\ProgramData\Microsoft:UUQ9Ae7s6zYtxbGhytlMy
    @Alternate Data Stream - 1123 bytes -> C:\ProgramData\Microsoft:YBrKnL6n5P0OAVUDtgpVePl
    @Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:D1B5B4F1
    :Commands
    [EmptyTemp]
    
  • Click the Run Fix button at the top.
  • let the program run unhindered and reboot when it is done.
  • You will get a log when it is done, please post that in your reply.
  • Please then create a new OTL report....
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • A report will open, copy and paste it in a reply here.



Step 3

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:19 AM

Posted 27 February 2011 - 09:08 AM

Still with me?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#8 glvic

glvic
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:19 AM

Posted 27 February 2011 - 09:54 PM

Still here etavares... and I appreciate your help very much!! :D


All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Unable to delete ADS C:\Users\Glen\AppData\Local\Temp:jbqjGuQvvU1OD8asfj0Uds0kl@Alternate Data Stream - 192 bytes -> C:\ProgramData\Temp:0B4227B4 .
ADS C:\ProgramData\Temp:3EFB0FE0 deleted successfully.
ADS C:\ProgramData\Temp:FB1B13D8 deleted successfully.
ADS C:\ProgramData\Microsoft:UUQ9Ae7s6zYtxbGhytlMy deleted successfully.
ADS C:\ProgramData\Microsoft:YBrKnL6n5P0OAVUDtgpVePl deleted successfully.
ADS C:\ProgramData\Temp:D1B5B4F1 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Glen
->Temp folder emptied: 27847244 bytes
->Temporary Internet Files folder emptied: 8115549 bytes
->FireFox cache emptied: 99994669 bytes
->Google Chrome cache emptied: 42100199 bytes
->Flash cache emptied: 122632 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 66499 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 84391 bytes
RecycleBin emptied: 581120 bytes

Total Files Cleaned = 171.00 mb


OTL by OldTimer - Version 3.2.21.0 log created on 02272011_190909

Files\Folders moved on Reboot...
C:\Users\Glen\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...



Here is the New Log File.......


OTL logfile created on: 2/27/2011 7:16:04 PM - Run 2
OTL by OldTimer - Version 3.2.21.0 Folder = C:\Users\Glen\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

9.00 Gb Total Physical Memory | 7.00 Gb Available Physical Memory | 82.00% Memory free
10.00 Gb Paging File | 8.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): c:\pagefile.sys 1024 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 583.32 Gb Total Space | 252.95 Gb Free Space | 43.36% Space Free | Partition Type: NTFS
Drive D: | 12.75 Gb Total Space | 2.29 Gb Free Space | 17.97% Space Free | Partition Type: NTFS

Computer Name: GLVICTOR | User Name: Glen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/23 10:17:55 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\Glen\Desktop\OTL.exe
PRC - [2010/12/16 18:24:30 | 023,343,848 | ---- | M] (Dropbox, Inc.) -- C:\Users\Glen\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2010/12/10 23:09:11 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/12/10 23:09:11 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010/11/23 18:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccsvchst.exe
PRC - [2010/10/14 17:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/10/07 22:36:42 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/10 01:10:38 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
PRC - [2010/03/03 19:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/08/27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009/08/05 13:45:22 | 000,206,120 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/07/23 20:45:52 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/09/30 18:59:26 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe


========== Modules (SafeList) ==========

MOD - [2011/02/23 10:17:55 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\Glen\Desktop\OTL.exe
MOD - [2010/08/20 21:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/20 15:46:00 | 005,671,792 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV:64bit: - [2010/04/07 22:03:36 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/03/10 22:29:46 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010/11/23 18:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe -- (NIS)
SRV - [2010/10/14 17:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/07/07 13:19:22 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/10 01:10:38 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe -- (mi-raysat_3dsmax2011_32)
SRV - [2010/03/03 19:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/01/15 04:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/11/24 17:44:32 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2009/11/24 17:44:02 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/08/27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/22 10:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/09/30 18:59:26 | 000,192,512 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe -- (HPBtnSrv)
SRV - [2008/08/07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2007/05/31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/12/13 13:51:58 | 000,174,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/11/30 21:24:00 | 000,382,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\symnets.sys -- (SymNetS)
DRV:64bit: - [2010/11/22 20:08:32 | 000,735,864 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/11/22 20:08:32 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/11/17 18:59:55 | 000,802,864 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\symefa64.sys -- (SymEFA)
DRV:64bit: - [2010/11/15 17:45:33 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/10/20 18:28:36 | 000,450,608 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\symds64.sys -- (SymDS)
DRV:64bit: - [2010/09/15 11:36:06 | 000,018,288 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2010/04/29 05:55:42 | 000,032,768 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\androidusb.sys -- (androidusb)
DRV:64bit: - [2010/03/10 22:39:52 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/03/10 22:39:52 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/10 21:34:06 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/03 18:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/01/06 22:19:00 | 000,068,224 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\S3XXx64.sys -- (S3XXx64)
DRV:64bit: - [2009/09/21 14:29:22 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/18 05:18:48 | 000,109,480 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/07/13 17:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 17:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/29 01:00:00 | 000,116,752 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/06/12 10:19:58 | 000,287,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress) Intel®
DRV:64bit: - [2009/06/10 12:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/06 02:34:50 | 000,639,512 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\t3.sys -- (t3)
DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2007/02/16 09:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2007/02/03 10:30:58 | 000,058,528 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2007/02/03 10:25:56 | 000,955,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CamDrL64.sys -- (CamDrL64) Logitech QuickCam Pro 3000(PID_08B0)
DRV:64bit: - [2005/06/14 13:01:16 | 000,296,448 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\hardlock.sys -- (Hardlock)
DRV - [2011/01/26 02:17:57 | 001,791,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110227.003\EX64.SYS -- (NAVEX15)
DRV - [2011/01/26 02:17:57 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/01/26 02:17:57 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110227.003\ENG64.SYS -- (NAVENG)
DRV - [2010/12/13 14:15:07 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/11/22 18:20:07 | 000,953,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110114.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2010/11/08 16:50:27 | 000,476,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110225.001\IDSviA64.sys -- (IDSVia64)
DRV - [2008/04/04 18:34:26 | 000,014,208 | ---- | M] (MAGIX) [Kernel | Boot | Running] -- C:\Windows\SysWow64\drivers\disksec.sys -- (DiskSec)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3753959016-2994060814-909633021-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
IE - HKU\S-1-5-21-3753959016-2994060814-909633021-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/?pc=AVBR
IE - HKU\S-1-5-21-3753959016-2994060814-909633021-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=AVBR
IE - HKU\S-1-5-21-3753959016-2994060814-909633021-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3753959016-2994060814-909633021-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search..."
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: gamebox@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.1.8
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..keyword.URL: "http://gamebox.my-quick-search.com/search.aspx?srch=ku&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2010/03/05 22:46:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011/01/13 08:42:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\ [2010/12/27 17:01:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/10 23:09:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/12/10 23:09:12 | 000,000,000 | ---D | M]

[2009/12/05 20:59:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Glen\AppData\Roaming\Mozilla\Extensions
[2011/02/26 18:22:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Glen\AppData\Roaming\Mozilla\Firefox\Profiles\hi52wgxi.default\extensions
[2011/02/26 18:22:54 | 000,000,000 | ---D | M] ("Garmin Communicator") -- C:\Users\Glen\AppData\Roaming\Mozilla\Firefox\Profiles\hi52wgxi.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011/02/12 18:01:28 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Glen\AppData\Roaming\Mozilla\Firefox\Profiles\hi52wgxi.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/12/12 15:50:47 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\Glen\AppData\Roaming\Mozilla\Firefox\Profiles\hi52wgxi.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2010/06/14 18:13:22 | 000,000,000 | ---D | M] (GameBox) -- C:\Users\Glen\AppData\Roaming\Mozilla\Firefox\Profiles\hi52wgxi.default\extensions\gamebox@toolbar
[2010/11/10 08:19:07 | 000,000,000 | ---D | M] (FastestFox) -- C:\Users\Glen\AppData\Roaming\Mozilla\Firefox\Profiles\hi52wgxi.default\extensions\smarterwiki@wikiatic.com
[2010/01/01 12:30:17 | 000,009,941 | ---- | M] () -- C:\Users\Glen\AppData\Roaming\Mozilla\Firefox\Profiles\hi52wgxi.default\searchplugins\mywebsearch.xml
[2010/12/13 16:29:53 | 000,002,464 | ---- | M] () -- C:\Users\Glen\AppData\Roaming\Mozilla\Firefox\Profiles\hi52wgxi.default\searchplugins\safesearch.xml
[2010/11/05 09:23:24 | 000,001,594 | ---- | M] () -- C:\Users\Glen\AppData\Roaming\Mozilla\Firefox\Profiles\hi52wgxi.default\searchplugins\web-search.xml
[2010/12/02 11:22:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/02/24 12:24:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/03/05 22:46:47 | 000,000,000 | ---D | M] (Google Gears) -- C:\PROGRAM FILES (X86)\GOOGLE\GOOGLE GEARS\FIREFOX
[2010/12/27 17:01:40 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\COFFPLGN
[2011/01/13 08:42:36 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN

O1 HOSTS File: ([2009/11/17 15:29:38 | 000,000,049 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-3753959016-2994060814-909633021-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O4 - Startup: C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Glen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKU\S-1-5-21-3753959016-2994060814-909633021-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKU\S-1-5-21-3753959016-2994060814-909633021-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?40267.3482060185 (Update Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.254.1 167.206.254.2
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - Reg Error: Key error. - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/02/03 09:52:51 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/27 19:09:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/02/27 19:06:28 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/02/27 19:04:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/02/27 19:04:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011/02/27 19:01:34 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Glen\Desktop\erunt-setup.exe
[2011/02/26 22:01:41 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2011/02/26 22:01:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/02/26 22:01:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2011/02/26 18:23:02 | 000,000,000 | ---D | C] -- C:\Users\Glen\AppData\Roaming\GARMIN
[2011/02/24 16:38:42 | 000,000,000 | ---D | C] -- C:\Users\Glen\Desktop\poppy
[2011/02/24 16:29:50 | 000,000,000 | ---D | C] -- C:\Users\Glen\Desktop\popcorn child
[2011/02/24 12:34:45 | 000,000,000 | ---D | C] -- C:\Users\Glen\AppData\Roaming\Malwarebytes
[2011/02/24 12:34:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/02/24 12:34:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/24 12:34:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/02/24 12:34:26 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/02/24 12:34:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/02/24 12:26:53 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Glen\Desktop\mbam-setup.exe
[2011/02/24 00:27:12 | 000,000,000 | ---D | C] -- C:\Users\Glen\Desktop\Creating Natural Environments
[2011/02/23 10:17:54 | 000,577,024 | ---- | C] (OldTimer Tools) -- C:\Users\Glen\Desktop\OTL.exe
[2011/02/23 08:48:12 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/02/23 08:48:12 | 000,475,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/02/23 08:48:12 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/02/23 08:48:12 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/02/22 14:33:19 | 000,000,000 | ---D | C] -- C:\Users\Glen\Desktop\ZB_2011
[2011/02/20 15:48:33 | 000,000,000 | ---D | C] -- C:\Users\Glen\Desktop\NWDA-grs-pck-cgp
[2011/02/15 08:48:40 | 000,000,000 | ---D | C] -- C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RegInOut System Utilities
[2011/02/15 08:48:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegInOut
[2011/02/14 10:56:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/02/14 10:56:02 | 000,000,000 | ---D | C] -- C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/02/12 17:40:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Backup
[2011/02/11 13:18:48 | 000,000,000 | ---D | C] -- C:\ProgramData\RegInOut
[2011/02/11 13:18:46 | 000,000,000 | ---D | C] -- C:\Windows\RegInOut System Utilities
[2011/02/09 23:00:43 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/02/09 23:00:43 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/02/09 23:00:43 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/02/09 23:00:43 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/02/09 23:00:43 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/02/09 23:00:43 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/02/09 23:00:43 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/02/09 23:00:43 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/02/09 23:00:43 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/02/09 23:00:43 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/02/09 23:00:43 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/02/09 23:00:43 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/02/09 23:00:31 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\upnp.dll
[2011/02/09 23:00:31 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll
[2011/02/09 23:00:30 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2011/02/09 23:00:30 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\davclnt.dll
[2011/02/09 23:00:30 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll
[2011/02/09 23:00:30 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll
[2011/02/09 23:00:29 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll
[2011/02/09 23:00:29 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll
[2011/02/09 23:00:28 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/02/09 23:00:28 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/02/09 23:00:28 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/02/09 23:00:27 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011/02/09 23:00:27 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011/02/09 23:00:25 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/02/09 23:00:24 | 005,510,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/02/09 23:00:24 | 001,739,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2011/02/09 23:00:23 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011/02/09 23:00:23 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011/02/09 23:00:23 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011/02/09 23:00:23 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011/02/09 23:00:23 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011/02/09 23:00:23 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011/02/05 09:57:38 | 000,000,000 | ---D | C] -- C:\Users\Glen\Desktop\Models_to_sell
[2011/02/03 09:55:18 | 000,000,000 | ---D | C] -- C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Setup Machine for Maya 2010
[2011/02/03 09:34:15 | 000,000,000 | ---D | C] -- C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Face Machine for Maya 2011 (64-bit edition)
[2011/02/03 09:27:04 | 000,000,000 | ---D | C] -- C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Setup Machine for Maya 2010 (64-bit edition)
[2009/05/14 21:02:10 | 003,392,872 | ---- | C] (Acresso Software Inc.) -- C:\Program Files (x86)\Common Files\adlmint_libFNP.dll
[2009/05/14 21:02:10 | 003,298,152 | ---- | C] (Autodesk) -- C:\Program Files (x86)\Common Files\adlmint.dll

========== Files - Modified Within 30 Days ==========

[2011/02/27 19:18:29 | 000,013,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/27 19:18:29 | 000,013,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/27 19:18:11 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Glen\Desktop\esetsmartinstaller_enu.exe
[2011/02/27 19:10:36 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/27 19:10:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/27 19:10:22 | 2945,785,855 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/27 19:04:09 | 000,001,106 | ---- | M] () -- C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/02/27 19:04:05 | 000,000,907 | ---- | M] () -- C:\Users\Glen\Desktop\ERUNT.lnk
[2011/02/27 19:01:40 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Glen\Desktop\erunt-setup.exe
[2011/02/27 18:41:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/27 18:30:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3753959016-2994060814-909633021-1000UA.job
[2011/02/27 18:30:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3753959016-2994060814-909633021-1000Core.job
[2011/02/26 18:22:00 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/02/26 18:22:00 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/02/26 18:22:00 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/02/26 17:45:33 | 001,244,222 | ---- | M] () -- C:\Users\Glen\Desktop\poppy_garment.ZTL
[2011/02/26 17:17:57 | 000,051,828 | ---- | M] () -- C:\Users\Glen\Desktop\garment.obj
[2011/02/26 16:02:02 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForGlen.job
[2011/02/26 14:50:04 | 000,352,513 | ---- | M] () -- C:\Users\Glen\Desktop\Boot_lowres.OBJ
[2011/02/26 14:50:04 | 000,000,106 | ---- | M] () -- C:\Users\Glen\Desktop\Boot_lowres.mtl
[2011/02/26 14:48:48 | 025,581,923 | ---- | M] () -- C:\Users\Glen\Desktop\Boot_highres.OBJ
[2011/02/26 14:48:48 | 000,000,107 | ---- | M] () -- C:\Users\Glen\Desktop\Boot_highres.mtl
[2011/02/26 13:41:46 | 001,229,339 | ---- | M] () -- C:\Users\Glen\Desktop\maya.tga
[2011/02/26 11:28:42 | 033,554,664 | ---- | M] () -- C:\Users\Glen\Desktop\poppy_convexity.TIF
[2011/02/26 11:28:37 | 033,554,664 | ---- | M] () -- C:\Users\Glen\Desktop\poppy_occlusion.TIF
[2011/02/26 11:26:35 | 033,554,664 | ---- | M] () -- C:\Users\Glen\Desktop\poppy_normals.TIF
[2011/02/26 11:21:32 | 000,348,756 | ---- | M] () -- C:\Users\Glen\Desktop\Boot_lowriz.OBJ
[2011/02/26 11:21:32 | 000,000,106 | ---- | M] () -- C:\Users\Glen\Desktop\Boot_lowriz.mtl
[2011/02/26 11:20:20 | 103,976,709 | ---- | M] () -- C:\Users\Glen\Desktop\Boot_hiriz.OBJ
[2011/02/26 11:20:20 | 000,000,105 | ---- | M] () -- C:\Users\Glen\Desktop\Boot_hiriz.mtl
[2011/02/26 10:18:36 | 000,039,151 | ---- | M] () -- C:\Users\Glen\Desktop\Hair.tgs
[2011/02/26 10:17:06 | 000,039,151 | ---- | M] () -- C:\Users\Glen\Desktop\Hair.bak
[2011/02/26 08:29:34 | 273,898,873 | ---- | M] () -- C:\Users\Glen\Desktop\Hair_HI.OBJ
[2011/02/26 08:29:34 | 000,000,102 | ---- | M] () -- C:\Users\Glen\Desktop\Hair_HI.mtl
[2011/02/25 22:22:57 | 009,810,963 | ---- | M] () -- C:\Users\Glen\Desktop\BootS_01.ZTL
[2011/02/25 22:20:13 | 002,761,988 | ---- | M] () -- C:\Users\Glen\Desktop\BootS_02.ZTL
[2011/02/25 21:38:18 | 019,938,469 | ---- | M] () -- C:\Users\Glen\Desktop\poppy_hair.ZTL
[2011/02/25 18:58:08 | 000,513,532 | ---- | M] () -- C:\Users\Glen\Desktop\Body.obj
[2011/02/25 18:42:28 | 000,000,099 | ---- | M] () -- C:\Users\Glen\Desktop\Body.mtl
[2011/02/25 17:09:31 | 000,510,091 | ---- | M] () -- C:\Users\Glen\Desktop\Body.ZTL
[2011/02/25 14:19:36 | 000,092,979 | ---- | M] () -- C:\Users\Glen\Desktop\Boot.obj
[2011/02/25 13:16:50 | 000,175,084 | ---- | M] () -- C:\Users\Glen\Desktop\scan0001.jpg
[2011/02/24 12:34:29 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/24 12:27:03 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Glen\Desktop\mbam-setup.exe
[2011/02/23 10:17:55 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\Glen\Desktop\OTL.exe
[2011/02/23 10:09:20 | 000,272,572 | ---- | M] () -- C:\Users\Glen\Desktop\Cute_Rabbit.obj
[2011/02/20 13:18:13 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\RegInOut Scheduled Scan - Glen.job
[2011/02/20 08:53:30 | 000,004,418 | ---- | M] () -- C:\Users\Glen\AppData\Roaming\wklnhst.dat
[2011/02/20 08:20:24 | 000,000,455 | ---- | M] () -- C:\ProgramData\SYSTEM_CLEANER_HISTORY.xml
[2011/02/12 17:59:31 | 000,000,223 | ---- | M] () -- C:\ProgramData\DEFRAG_HISTORY.xml
[2011/02/12 17:57:39 | 000,000,485 | ---- | M] () -- C:\ProgramData\SERVICES_HISTORY.xml
[2011/02/11 13:03:34 | 000,000,046 | ---- | M] () -- C:\Windows\PCCT.INI
[2011/02/10 09:45:38 | 000,007,606 | ---- | M] () -- C:\Users\Glen\AppData\Local\Resmon.ResmonCfg
[2011/02/10 09:31:11 | 003,021,392 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/02/03 09:55:18 | 000,108,313 | ---- | M] () -- C:\Windows\The Setup Machine for Maya 2010 Uninstaller.exe
[2011/02/03 09:50:16 | 000,002,086 | ---- | M] () -- C:\Users\Glen\Application Data\Microsoft\Internet Explorer\Quick Launch\Autodesk Maya 2010.lnk
[2011/02/03 09:34:15 | 000,128,324 | ---- | M] () -- C:\Windows\The Face Machine for Maya 2011 (64-bit edition) Uninstaller.exe
[2011/02/03 09:27:04 | 000,107,344 | ---- | M] () -- C:\Windows\The Setup Machine for Maya 2010 (64-bit edition) Uninstaller.exe
[2011/01/31 11:01:01 | 000,000,552 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job

========== Files Created - No Company Name ==========

[2011/02/27 19:04:09 | 000,001,106 | ---- | C] () -- C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/02/27 19:04:05 | 000,000,907 | ---- | C] () -- C:\Users\Glen\Desktop\ERUNT.lnk
[2011/02/26 17:27:21 | 001,244,222 | ---- | C] () -- C:\Users\Glen\Desktop\poppy_garment.ZTL
[2011/02/26 14:50:04 | 000,352,513 | ---- | C] () -- C:\Users\Glen\Desktop\Boot_lowres.OBJ
[2011/02/26 14:50:04 | 000,000,106 | ---- | C] () -- C:\Users\Glen\Desktop\Boot_lowres.mtl
[2011/02/26 14:48:48 | 000,000,107 | ---- | C] () -- C:\Users\Glen\Desktop\Boot_highres.mtl
[2011/02/26 14:48:47 | 025,581,923 | ---- | C] () -- C:\Users\Glen\Desktop\Boot_highres.OBJ
[2011/02/26 13:41:46 | 001,229,339 | ---- | C] () -- C:\Users\Glen\Desktop\maya.tga
[2011/02/26 11:28:42 | 033,554,664 | ---- | C] () -- C:\Users\Glen\Desktop\poppy_convexity.TIF
[2011/02/26 11:28:36 | 033,554,664 | ---- | C] () -- C:\Users\Glen\Desktop\poppy_occlusion.TIF
[2011/02/26 11:26:34 | 033,554,664 | ---- | C] () -- C:\Users\Glen\Desktop\poppy_normals.TIF
[2011/02/26 11:21:32 | 000,348,756 | ---- | C] () -- C:\Users\Glen\Desktop\Boot_lowriz.OBJ
[2011/02/26 11:21:32 | 000,000,106 | ---- | C] () -- C:\Users\Glen\Desktop\Boot_lowriz.mtl
[2011/02/26 11:20:20 | 000,000,105 | ---- | C] () -- C:\Users\Glen\Desktop\Boot_hiriz.mtl
[2011/02/26 11:20:13 | 103,976,709 | ---- | C] () -- C:\Users\Glen\Desktop\Boot_hiriz.OBJ
[2011/02/26 11:10:35 | 000,051,828 | ---- | C] () -- C:\Users\Glen\Desktop\garment.obj
[2011/02/26 08:32:43 | 000,039,151 | ---- | C] () -- C:\Users\Glen\Desktop\Hair.bak
[2011/02/26 08:32:27 | 000,039,151 | ---- | C] () -- C:\Users\Glen\Desktop\Hair.tgs
[2011/02/26 08:29:34 | 000,000,102 | ---- | C] () -- C:\Users\Glen\Desktop\Hair_HI.mtl
[2011/02/26 08:29:18 | 273,898,873 | ---- | C] () -- C:\Users\Glen\Desktop\Hair_HI.OBJ
[2011/02/25 20:35:55 | 019,938,469 | ---- | C] () -- C:\Users\Glen\Desktop\poppy_hair.ZTL
[2011/02/25 18:41:48 | 000,000,099 | ---- | C] () -- C:\Users\Glen\Desktop\Body.mtl
[2011/02/25 17:56:23 | 002,761,988 | ---- | C] () -- C:\Users\Glen\Desktop\BootS_02.ZTL
[2011/02/25 17:56:11 | 009,810,963 | ---- | C] () -- C:\Users\Glen\Desktop\BootS_01.ZTL
[2011/02/25 17:09:31 | 000,510,091 | ---- | C] () -- C:\Users\Glen\Desktop\Body.ZTL
[2011/02/25 14:19:54 | 000,513,532 | ---- | C] () -- C:\Users\Glen\Desktop\Body.obj
[2011/02/25 14:19:36 | 000,092,979 | ---- | C] () -- C:\Users\Glen\Desktop\Boot.obj
[2011/02/25 13:16:31 | 000,175,084 | ---- | C] () -- C:\Users\Glen\Desktop\scan0001.jpg
[2011/02/24 12:34:29 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/23 10:09:20 | 000,272,572 | ---- | C] () -- C:\Users\Glen\Desktop\Cute_Rabbit.obj
[2011/02/12 17:59:31 | 000,000,223 | ---- | C] () -- C:\ProgramData\DEFRAG_HISTORY.xml
[2011/02/12 17:57:39 | 000,000,485 | ---- | C] () -- C:\ProgramData\SERVICES_HISTORY.xml
[2011/02/12 17:40:42 | 000,000,455 | ---- | C] () -- C:\ProgramData\SYSTEM_CLEANER_HISTORY.xml
[2011/02/11 13:18:48 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\RegInOut Scheduled Scan - Glen.job
[2011/02/10 09:45:38 | 000,007,606 | ---- | C] () -- C:\Users\Glen\AppData\Local\Resmon.ResmonCfg
[2011/02/03 09:55:18 | 000,108,313 | ---- | C] () -- C:\Windows\The Setup Machine for Maya 2010 Uninstaller.exe
[2011/02/03 09:50:16 | 000,002,086 | ---- | C] () -- C:\Users\Glen\Application Data\Microsoft\Internet Explorer\Quick Launch\Autodesk Maya 2010.lnk
[2011/02/03 09:34:15 | 000,128,324 | ---- | C] () -- C:\Windows\The Face Machine for Maya 2011 (64-bit edition) Uninstaller.exe
[2011/02/03 09:27:04 | 000,107,344 | ---- | C] () -- C:\Windows\The Setup Machine for Maya 2010 (64-bit edition) Uninstaller.exe
[2010/12/02 11:23:35 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/09/10 09:55:27 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\qtmlClient.dll
[2010/08/14 09:49:39 | 000,000,046 | ---- | C] () -- C:\Windows\PCCT.INI
[2010/07/05 14:43:34 | 003,200,512 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2010/06/29 23:12:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2010/04/14 20:05:28 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/03/29 13:13:08 | 000,003,584 | ---- | C] () -- C:\Users\Glen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/09 08:57:18 | 000,000,111 | ---- | C] () -- C:\Windows\installation.ini
[2009/12/10 14:31:05 | 000,007,476 | ---- | C] () -- C:\Program Files (x86)\KLF2.5GPU.log
[2009/12/04 19:54:44 | 000,004,418 | ---- | C] () -- C:\Users\Glen\AppData\Roaming\wklnhst.dat
[2009/12/03 12:13:02 | 000,001,985 | ---- | C] () -- C:\Program Files (x86)\trapcodeShine.log
[2009/11/24 17:43:50 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/11/24 17:43:50 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/11/24 17:43:40 | 000,148,992 | ---- | C] () -- C:\Windows\SysWow64\OemSpiE.dll
[2009/11/24 17:43:40 | 000,001,436 | ---- | C] () -- C:\Windows\CfgHPSp.ini
[2009/11/24 17:43:40 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg05Sp.ini
[2009/11/24 17:43:40 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg04Sp.ini
[2009/11/24 17:43:40 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg03Sp.ini
[2009/11/24 17:43:40 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg02Sp.ini
[2009/11/24 17:43:40 | 000,001,000 | ---- | C] () -- C:\Windows\Cfg01Sp.ini
[2009/11/24 17:43:40 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPHp.ini
[2009/11/24 17:43:40 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPDO.ini
[2009/11/24 17:43:40 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg05DO.ini
[2009/11/24 17:43:40 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg04DO.ini
[2009/11/24 17:43:40 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg05Hp.ini
[2009/11/24 17:43:40 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg04Hp.ini
[2009/11/24 17:43:40 | 000,000,818 | ---- | C] () -- C:\Windows\Cfg01APR.ini
[2009/11/24 17:43:40 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03Hp.ini
[2009/11/24 17:43:40 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03DO.ini
[2009/11/24 17:43:40 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02Hp.ini
[2009/11/24 17:43:40 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02DO.ini
[2009/11/24 17:43:40 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01Hp.ini
[2009/11/24 17:43:40 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01DO.ini
[2009/11/24 17:43:40 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRMi.ini
[2009/11/24 17:43:40 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRLI.ini
[2009/11/24 17:43:40 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPFMi.ini
[2009/11/24 17:43:40 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPDI.ini
[2009/11/24 17:43:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RMi.ini
[2009/11/24 17:43:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RLI.ini
[2009/11/24 17:43:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05FMi.ini
[2009/11/24 17:43:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05DI.ini
[2009/11/24 17:43:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RMi.ini
[2009/11/24 17:43:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RLI.ini
[2009/11/24 17:43:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04FMi.ini
[2009/11/24 17:43:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04DI.ini
[2009/11/24 17:43:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03RMi.ini
[2009/11/24 17:43:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03RLI.ini
[2009/11/24 17:43:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03FMi.ini
[2009/11/24 17:43:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03DI.ini
[2009/11/24 17:43:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02RMi.ini
[2009/11/24 17:43:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02RLI.ini
[2009/11/24 17:43:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02FMi.ini
[2009/11/24 17:43:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02DI.ini
[2009/11/24 17:43:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01Mic.ini
[2009/11/24 17:43:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01LI.ini
[2009/11/24 17:43:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01DI.ini
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/03/25 14:23:36 | 000,520,192 | ---- | C] () -- C:\Windows\SysWow64\RegisterDialog.dll
[2009/02/18 16:55:39 | 000,319,488 | ---- | C] () -- C:\Windows\SysWow64\LS3Renderer.dll
[2007/07/12 11:51:25 | 000,061,440 | ---- | C] () -- C:\Program Files (x86)\RGSGrowBounds.aex
[2007/04/27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2006/06/13 09:12:40 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\winOGL.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 921 bytes -> C:\Users\Glen\AppData\Local\Temp:jbqjGuQvvU1OD8asfj0Uds0kl
@Alternate Data Stream - 192 bytes -> C:\ProgramData\Temp:0B4227B4

< End of report >


I'm actually doing some 3D stuff so my desktop is messy. :) ill post the scan when it's done.

gvic.

#9 glvic

glvic
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:19 AM

Posted 27 February 2011 - 10:38 PM

Here is the scan file...
C:\Program Files (x86)\Windows Live\Messenger\msimg32.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Program Files (x86)\Windows Live\Messenger\riched20.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined



It took a little while to scan but its finally finish.

Attached Files



#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:19 AM

Posted 28 February 2011 - 06:38 PM

OK, some remnants from before, but nothing too serious. Has your computer frozen lately?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 glvic

glvic
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:19 AM

Posted 28 February 2011 - 08:18 PM

yes it did, today in fact... :(

#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:19 AM

Posted 01 March 2011 - 06:40 PM

Hello, glvic.

Let's take a slightly deeper look for malware. If freezing is the only symptom, it's likely not malware but I want to fully rule it out.

Please download MBRCheck by ad_13 and save it to your desktop.

Double-click to run. A window will pop up. If it says 'non-standard' or 'infected' MBR code detected, please type 3 for Exit for now and press Enter.

It will save a logfile on your desktop that starts with MBR, then has the date, etc. Please copy and paste the contents of that log in your reply.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#13 glvic

glvic
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:19 AM

Posted 02 March 2011 - 06:45 PM

Here you go etavares...


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: PEGATRON CORPORATION
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: HP-Pavilion
System Product Name: AW020AV-ABA e9280t
Logical Drives Mask: 0x000007dc

Kernel Drivers (total 194):
0x03C51000 \SystemRoot\system32\ntoskrnl.exe
0x03C08000 \SystemRoot\system32\hal.dll
0x00BA5000 \SystemRoot\system32\kdcom.dll
0x00CD6000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D25000 \SystemRoot\system32\PSHED.dll
0x00D39000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00ECC000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F70000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F7F000 \SystemRoot\system32\drivers\ACPI.sys
0x00FD6000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00FDF000 \SystemRoot\system32\drivers\msisadrv.sys
0x00E00000 \SystemRoot\system32\drivers\pci.sys
0x00E33000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00E40000 \SystemRoot\System32\drivers\partmgr.sys
0x00E55000 \SystemRoot\system32\drivers\volmgr.sys
0x00E6A000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FE9000 \SystemRoot\System32\Drivers\DiskSec.sys
0x00D97000 \SystemRoot\System32\drivers\mountmgr.sys
0x00DB1000 \SystemRoot\system32\drivers\vmbus.sys
0x00CC0000 \SystemRoot\system32\drivers\winhv.sys
0x0108B000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x01295000 \SystemRoot\system32\DRIVERS\jraid.sys
0x012B3000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x012E2000 \SystemRoot\system32\drivers\amdxata.sys
0x012ED000 \SystemRoot\system32\drivers\fltmgr.sys
0x01339000 \SystemRoot\system32\drivers\NISx64\1205000.07D\SYMDS64.SYS
0x013AA000 \SystemRoot\system32\drivers\fileinfo.sys
0x01468000 \SystemRoot\system32\drivers\NISx64\1205000.07D\SYMEFA64.SYS
0x0164D000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01531000 \SystemRoot\System32\Drivers\msrpc.sys
0x01600000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01000000 \SystemRoot\System32\Drivers\cng.sys
0x0161B000 \SystemRoot\System32\drivers\pcw.sys
0x0162C000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01812000 \SystemRoot\system32\drivers\ndis.sys
0x01905000 \SystemRoot\system32\drivers\NETIO.SYS
0x01965000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01AA7000 \SystemRoot\System32\drivers\tcpip.sys
0x01CAB000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01CF5000 \SystemRoot\system32\drivers\vmstorfl.sys
0x01D05000 \SystemRoot\system32\drivers\volsnap.sys
0x01D51000 \SystemRoot\System32\Drivers\spldr.sys
0x01D59000 \SystemRoot\system32\drivers\sbp2port.sys
0x01D76000 \SystemRoot\System32\drivers\rdyboost.sys
0x01DB0000 \SystemRoot\System32\Drivers\mup.sys
0x01DC2000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01A00000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01A3A000 \SystemRoot\system32\DRIVERS\disk.sys
0x01A50000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x048A5000 \SystemRoot\system32\drivers\cdrom.sys
0x048CF000 \SystemRoot\System32\Drivers\Null.SYS
0x048D8000 \SystemRoot\System32\Drivers\Beep.SYS
0x048DF000 \SystemRoot\System32\drivers\vga.sys
0x048ED000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x04912000 \SystemRoot\System32\drivers\watchdog.sys
0x04922000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x0492B000 \SystemRoot\system32\drivers\rdpencdd.sys
0x04934000 \SystemRoot\system32\drivers\rdprefmp.sys
0x0493D000 \SystemRoot\System32\Drivers\Msfs.SYS
0x04948000 \SystemRoot\System32\Drivers\Npfs.SYS
0x04959000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0497B000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x0409C000 \SystemRoot\system32\drivers\afd.sys
0x04125000 \SystemRoot\System32\DRIVERS\netbt.sys
0x0416A000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x04173000 \SystemRoot\system32\DRIVERS\pacer.sys
0x04199000 \SystemRoot\system32\DRIVERS\netbios.sys
0x041A8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x041C3000 \SystemRoot\system32\drivers\termdd.sys
0x04000000 \SystemRoot\System32\Drivers\NISx64\1205000.07D\SYMNETS.SYS
0x04066000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
0x04988000 \SystemRoot\system32\drivers\NISx64\1205000.07D\Ironx64.SYS
0x041D7000 \SystemRoot\system32\drivers\NISx64\1205000.07D\SRTSPX64.SYS
0x04600000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x041ED000 \SystemRoot\system32\drivers\nsiproxy.sys
0x04651000 \SystemRoot\system32\drivers\mssmbios.sys
0x03082000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110302.001\IDSvia64.sys
0x030FD000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
0x03173000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x03198000 \SystemRoot\System32\drivers\discache.sys
0x04E31000 \SystemRoot\system32\drivers\csc.sys
0x04EB4000 \SystemRoot\System32\Drivers\dfsc.sys
0x04ED2000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x04EE3000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110225.002\BHDrvx64.sys
0x04E00000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x031A7000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x031BD000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x05A2A000 \SystemRoot\system32\DRIVERS\atipmdag.sys
0x06099000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x0618D000 \SystemRoot\System32\drivers\dxgmms1.sys
0x061D3000 \SystemRoot\system32\drivers\HDAudBus.sys
0x03000000 \SystemRoot\system32\DRIVERS\e1y62x64.sys
0x05A00000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x01990000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x05A0D000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x049B5000 \SystemRoot\system32\drivers\1394ohci.sys
0x03049000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x03056000 \SystemRoot\system32\drivers\CompositeBus.sys
0x05A1E000 \SystemRoot\system32\DRIVERS\wacomvhid.sys
0x03066000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x05A21000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x0465C000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x01DCB000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x031F1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x0158F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x015BE000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x015D9000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x019E6000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04E26000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x04672000 \SystemRoot\system32\drivers\kbdclass.sys
0x01DEF000 \SystemRoot\system32\drivers\mouclass.sys
0x061F7000 \SystemRoot\system32\drivers\swenum.sys
0x01400000 \SystemRoot\system32\drivers\ks.sys
0x01A8E000 \SystemRoot\system32\drivers\umbus.sys
0x0568B000 \SystemRoot\system32\drivers\usbhub.sys
0x056E5000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x056F2000 \SystemRoot\system32\DRIVERS\wacommousefilter.sys
0x056FA000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0571E000 \SystemRoot\system32\drivers\AtiHdmi.sys
0x0573E000 \SystemRoot\system32\drivers\portcls.sys
0x0577B000 \SystemRoot\system32\drivers\drmk.sys
0x0579D000 \SystemRoot\system32\drivers\ksthunk.sys
0x06ADB000 \SystemRoot\system32\drivers\t3.sys
0x06B7A000 \SystemRoot\System32\Drivers\crashdmp.sys
0x04681000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x06B88000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x06B9B000 \SystemRoot\system32\drivers\hidusb.sys
0x06BA9000 \SystemRoot\system32\drivers\USBD.SYS
0x06BAB000 \SystemRoot\system32\drivers\usbccgp.sys
0x06BC8000 \SystemRoot\system32\drivers\USBSTOR.SYS
0x06BE3000 \SystemRoot\system32\DRIVERS\LVUSBS64.sys
0x06A00000 \SystemRoot\System32\Drivers\usbvideo.sys
0x06A2E000 \SystemRoot\system32\drivers\kbdhid.sys
0x00070000 \SystemRoot\System32\win32k.sys
0x06A3C000 \SystemRoot\System32\drivers\Dxapi.sys
0x06A48000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00480000 \SystemRoot\System32\TSDDD.dll
0x00730000 \SystemRoot\System32\cdd.dll
0x008A0000 \SystemRoot\System32\ATMFD.DLL
0x06A56000 \SystemRoot\system32\drivers\luafv.sys
0x06A79000 \SystemRoot\system32\drivers\WudfPf.sys
0x06A9A000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x06AAF000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0580D000 \SystemRoot\system32\drivers\HTTP.sys
0x058D6000 \SystemRoot\system32\DRIVERS\bowser.sys
0x058F4000 \SystemRoot\System32\drivers\mpsdrv.sys
0x0590C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x05939000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x05986000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x059AA000 \SystemRoot\System32\Drivers\adfs.SYS
0x0723A000 \SystemRoot\system32\drivers\peauth.sys
0x072E0000 \SystemRoot\System32\Drivers\secdrv.SYS
0x072EB000 \SystemRoot\System32\drivers\tcpipreg.sys
0x072FD000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0732E000 \SystemRoot\System32\DRIVERS\srv2.sys
0x07CF5000 \SystemRoot\System32\DRIVERS\srv.sys
0x07D8E000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x07C00000 \SystemRoot\System32\Drivers\NISx64\1205000.07D\SRTSP64.SYS
0x08032000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110302.019\EX64.SYS
0x08000000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110302.019\ENG64.SYS
0x76E10000 \Windows\System32\ntdll.dll
0x47ED0000 \Windows\System32\smss.exe
0xFF130000 \Windows\System32\apisetschema.dll
0xFF590000 \Windows\System32\autochk.exe
0xFF0F0000 \Windows\System32\imm32.dll
0xFF0D0000 \Windows\System32\imagehlp.dll
0xFF050000 \Windows\System32\shlwapi.dll
0xFF040000 \Windows\System32\lpk.dll
0xFEFC0000 \Windows\System32\difxapi.dll
0xFEF20000 \Windows\System32\comdlg32.dll
0xFEED0000 \Windows\System32\ws2_32.dll
0xFEEC0000 \Windows\System32\nsi.dll
0xFEDE0000 \Windows\System32\oleaut32.dll
0xFED80000 \Windows\System32\Wldap32.dll
0xFED10000 \Windows\System32\gdi32.dll
0xFEB90000 \Windows\System32\urlmon.dll
0xFEAB0000 \Windows\System32\advapi32.dll
0xFDD20000 \Windows\System32\shell32.dll
0xFDBF0000 \Windows\System32\rpcrt4.dll
0x76FE0000 \Windows\System32\psapi.dll
0xFDA10000 \Windows\System32\setupapi.dll
0xFD970000 \Windows\System32\msvcrt.dll
0xFD710000 \Windows\System32\iertutil.dll
0xFD640000 \Windows\System32\usp10.dll
0x76D10000 \Windows\System32\user32.dll
0xFD620000 \Windows\System32\sechost.dll
0xFD4F0000 \Windows\System32\wininet.dll
0xFD3E0000 \Windows\System32\msctf.dll
0xFD340000 \Windows\System32\clbcatq.dll
0x76BF0000 \Windows\System32\kernel32.dll
0x76FD0000 \Windows\System32\normaliz.dll
0xFD130000 \Windows\System32\ole32.dll
0xFD0F0000 \Windows\System32\wintrust.dll

Processes (total 62):
0 System Idle Process
4 System
372 C:\Windows\System32\smss.exe
460 csrss.exe
512 C:\Windows\System32\wininit.exe
532 csrss.exe
572 C:\Windows\System32\winlogon.exe
624 C:\Windows\System32\services.exe
636 C:\Windows\System32\lsass.exe
644 C:\Windows\System32\lsm.exe
748 C:\Windows\System32\svchost.exe
824 C:\Windows\System32\svchost.exe
892 C:\Windows\System32\atiesrxx.exe
992 C:\Windows\System32\svchost.exe
152 C:\Windows\System32\svchost.exe
392 C:\Windows\System32\svchost.exe
704 C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
1036 C:\Windows\System32\svchost.exe
1128 C:\Windows\System32\atieclxx.exe
1152 C:\Windows\System32\svchost.exe
1328 C:\Windows\System32\spoolsv.exe
1356 C:\Windows\System32\svchost.exe
1480 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1552 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1588 C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
1724 C:\Windows\System32\taskhost.exe
1896 C:\Windows\System32\dwm.exe
1928 C:\Program Files (x86)\Google\Update\1.2.183.39\GoogleCrashHandler.exe
1936 C:\Windows\explorer.exe
1832 C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
2044 C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
980 C:\Users\Glen\AppData\Roaming\Dropbox\bin\Dropbox.exe
916 C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
988 C:\Program Files (x86)\iTunes\iTunesHelper.exe
2068 C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccsvchst.exe
2148 C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
2264 C:\Windows\System32\VSSVC.exe
2320 C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
2360 C:\Windows\System32\svchost.exe
2408 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2512 C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
2572 C:\Windows\System32\SearchIndexer.exe
2680 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
1772 WUDFHost.exe
3224 C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccsvchst.exe
3532 C:\Windows\System32\taskeng.exe
3576 C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
3640 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
3736 C:\Program Files\iPod\bin\iPodService.exe
3956 C:\Windows\System32\svchost.exe
3132 C:\Windows\System32\SearchProtocolHost.exe
5056 C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
300 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
4364 C:\Windows\System32\svchost.exe
4488 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
3196 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
3036 C:\Windows\System32\SearchFilterHost.exe
2204 C:\Windows\System32\audiodg.exe
5108 dllhost.exe
4640 dllhost.exe
4808 C:\Users\Glen\Desktop\MBRCheck.exe
2956 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000091`dac00000 (NTFS)

PhysicalDrive0 Model Number: WDCWD6400AAKS-65A7B2, Rev: 01.03B01

Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: A917F358EAD540EE3007E4250D4F504EE1EF6745


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!


gvic.

#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:19 AM

Posted 02 March 2011 - 07:24 PM

OK, it's 'unknown'. Not 'bad'. That can mean it's completely fine, or that something is very odd. DO you have a dual boot system at all? (e.g. two versions of Windows, Linux, etc.?)

Let's dump it to check.

First, please run MBRCheck again. When prompted to "Enter 'Y' and hit ENTER for more options, or 'N' to exit:", please type Y and press Enter.

Then, select 1 and press Enter to dump the MBR to a file. When prompted, call it mbrdump.dat and press Enter. at the next prompt, type -1 as prompted and press Enter to exit.

You'll have to ZIP the dump.dat file to attach it here. Please ZIP it and attach it and I'll take a quick look at it to ensure it's clean.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 glvic

glvic
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:19 AM

Posted 03 March 2011 - 06:07 PM

Its saying, "Out of Memory!" in blue. How do i fix that?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users