Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Can't run .exe files

Started by betctru , Jul 26 2011 09:46 AM

  • This topic is locked This topic is locked

#1
betctru
Posted 26 July 2011 - 09:46 AM

betctru

    Member

  • Member
  • PipPip
  • 63 posts
I have a Dell Windows XP system. After booting up this morning, I cannot get .exe files to run.

Whenever I try to run a .exe file I get a message that says "Choose the program you want to use to open this file" and lists the programs it can run.

Please help! Thanks!

(If I select a program from the list it shows, that program will run, by the way, and try to read the original .exe file that I clicked on.

And if I doubleclick on a Word document, it opens Word. It's just the shortcuts that lead to the .exe files and the actual .exe files that don't open....

Can't run any of my virus scan software because of this.

Betsy
  • 0

Advertisements

#2
Essexboy
Posted 26 July 2011 - 11:35 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi Betsy lets try this

Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 2 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.

THEN

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#3
Essexboy
Posted 31 July 2011 - 03:44 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#4
Essexboy
Posted 06 September 2011 - 11:19 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
User returned :)
  • 0

#5
betctru
Posted 06 September 2011 - 11:27 AM

betctru

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Thanks, Essexboy, for the prompt response and for reopening my topic!

I downloaded Roguekiller to my desktop and tried to execute it, but I keep getting a window that asks me which program I want to use to open the file. :)

So I'm stalled there...what now?

Thanks.

Betsy
  • 0

#6
Essexboy
Posted 06 September 2011 - 11:37 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Did you try that in safe mode

Reboot the computer and continually press F8 and a menu should come up offering the safe mode option

If that fails could you burn a CD on another computer ?
  • 0

#7
betctru
Posted 06 September 2011 - 11:50 AM

betctru

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
I'm running it in Safe mode with networking.

When I originally posted this, I could have moved to another computer to burn a CD...but the day after I got back from travelling, someone kicked open our front door and stole both my laptops....

Note that if I double-click on .PDF, .doc or .html files, the correct app opens. Also one of my email programs runs from the bottom status bar of Windows XP. But most other things, I get the same response to trying to open it--it asks me which program to use. Also, if I try to go to the Control panel, or windows help & support, it tells me it cannot find the file.

Betsy
  • 0

#8
Essexboy
Posted 06 September 2011 - 12:20 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets be a tad sneaky then

Download this different copy of OTL it will come down as an apparent screensvaer doule click it and let me know if it runs

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#9
betctru
Posted 06 September 2011 - 12:37 PM

betctru

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
That seemed to work...scan is running now. Will update with info when it's done.

Thanks.

Betsy
  • 0

#10
Essexboy
Posted 06 September 2011 - 12:43 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Sneaky is as sneaky does :)
  • 0

Advertisements

#11
betctru
Posted 06 September 2011 - 12:50 PM

betctru

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Here are the two logs. (Notepad didn't open automatically, but the two files were on the desktop and opened in Notepad when doubleclicked.)

Here's OTL.Txt:

OTL logfile created on: 9/6/2011 2:30:19 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Betsy True\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.09 Mb Total Physical Memory | 590.63 Mb Available Physical Memory | 57.79% Memory free
2.40 Gb Paging File | 2.15 Gb Available in Paging File | 89.42% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.21 Gb Total Space | 62.31 Gb Free Space | 43.20% Space Free | Partition Type: NTFS

Computer Name: DELLA | User Name: Betsy True | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/06 14:27:22 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Betsy True\Desktop\OTL.scr
PRC - [2011/07/25 11:38:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 8\firefox.exe
PRC - [2011/07/25 11:38:39 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugin-container.exe
PRC - [2010/06/22 11:07:52 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2004/08/10 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/26 23:39:50 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\Betsy True\Application Data\Mozilla\Firefox\Profiles\nuj11eia.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCoreGecko6.dll
MOD - [2011/07/25 11:38:41 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox 4.0 Beta 8\mozjs.dll
MOD - [2011/05/26 10:41:03 | 006,271,136 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2010/04/03 21:13:28 | 000,016,832 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\ViewerPS.dll
MOD - [2004/08/10 07:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (getPlusHelper) getPlus®
SRV - [2011/07/29 10:55:56 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2011/07/14 20:54:57 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2011/07/14 20:54:13 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/03/18 08:11:02 | 000,947,528 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/11/24 10:14:33 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/11/08 13:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/07/23 09:35:44 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/06/22 11:08:04 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/22 11:07:58 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2009/09/16 18:01:16 | 000,020,480 | ---- | M] (Intuit) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/06/30 16:49:06 | 000,134,944 | ---- | M] (Nuance Communications, Inc.) [Auto | Stopped] -- C:\Program Files\Nuance\PDF Professional 6\PDFProFiltSrv.exe -- (PDFProFiltSrv)
SRV - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/07/11 17:25:20 | 000,025,640 | R--- | M] (Amazon.com) [Auto | Stopped] -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/09 15:30:14 | 000,065,536 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2006/09/25 09:18:10 | 000,069,120 | ---- | M] (element5) [On_Demand | Stopped] -- C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe -- (License Management Service ESD)
SRV - [2005/09/04 07:14:08 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2005/08/02 17:18:49 | 000,086,016 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2005/04/25 09:49:52 | 000,086,142 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel®
SRV - [2003/12/04 16:21:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2002/03/15 16:37:46 | 000,081,920 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/07/14 20:54:19 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/05/05 11:41:13 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/09/17 16:40:06 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/09/17 16:40:06 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Stopped] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010/06/22 11:08:00 | 000,122,448 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys -- (AVGIDSDriverxpx)
DRV - [2010/06/22 11:08:00 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys -- (AVGIDSFilterxpx)
DRV - [2010/06/22 11:08:00 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys -- (AVGIDSShimxpx)
DRV - [2010/06/22 11:08:00 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys -- (AVGIDSErHrxpx)
DRV - [2010/06/22 11:07:54 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/01 10:16:08 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/12 19:22:11 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2009/10/26 10:28:45 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2009/10/26 10:28:45 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2009/07/07 15:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2009/07/07 15:48:44 | 000,025,392 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/03/02 04:28:00 | 000,206,608 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TMPassthru.sys -- (TMPassthruMP)
DRV - [2008/03/02 04:28:00 | 000,206,608 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TMPassthru.sys -- (TMPassthru)
DRV - [2007/08/20 18:05:27 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2007/04/02 15:33:04 | 000,217,600 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\MobiCap.sys -- (MobiCap)
DRV - [2006/11/29 01:46:24 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\APLMp50.sys -- (APLMp50)
DRV - [2006/08/17 16:04:18 | 000,010,752 | ---- | M] (SerComm) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETGEARUHOST.sys -- (NETGEARUHOST)
DRV - [2006/08/17 16:04:12 | 000,037,120 | ---- | M] (SerComm) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETGEARUHUB.sys -- (NETGEARUHUB)
DRV - [2006/05/18 09:48:50 | 000,047,249 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2005/10/20 17:48:03 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2005/08/02 17:10:13 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2005/07/28 08:18:40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2005/07/20 18:08:28 | 000,100,096 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb)
DRV - [2005/07/20 18:08:26 | 000,327,808 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp)
DRV - [2005/06/17 11:20:20 | 000,119,424 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2005/04/15 03:14:58 | 001,130,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/11/02 16:12:14 | 000,019,456 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/10 07:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2004/06/09 18:16:00 | 000,840,960 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2003/11/17 22:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 22:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 22:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/09/22 14:48:00 | 000,130,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/09/22 14:47:00 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003/09/19 17:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/04/29 05:00:56 | 000,014,336 | R--- | M] (Linksys Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BEFCM3XP.sys -- (BEFCMV3XP)
DRV - [2002/11/08 20:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2002/05/28 11:37:26 | 000,018,458 | R--- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Adpusbst.sys -- (ADPUSBMS)
DRV - [2002/05/28 11:37:25 | 000,027,472 | R--- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Adpusbld.sys -- (ADPUSBLD)
DRV - [2002/02/07 03:41:24 | 000,033,991 | R--- | M] (Viking Sewing Machines AB) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RWSE.sys -- (RWSE)
DRV - [1997/12/22 21:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)
DRV - [1997/11/26 06:32:18 | 000,041,984 | ---- | M] (Husqvarna Sewing Machines AB) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\SEMLPT.SYS -- (SemLPT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.msn.com/spbasic.htm
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2444962988-477438111-2672112748-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-21-2444962988-477438111-2672112748-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2444962988-477438111-2672112748-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-2444962988-477438111-2672112748-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-2444962988-477438111-2672112748-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-2444962988-477438111-2672112748-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.kindleboards.com/
IE - HKU\S-1-5-21-2444962988-477438111-2672112748-1006\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2444962988-477438111-2672112748-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2444962988-477438111-2672112748-1006\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKU\S-1-5-21-2444962988-477438111-2672112748-1006\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa2.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2444962988-477438111-2672112748-1006\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\prxtbPag0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2444962988-477438111-2672112748-1006\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-2444962988-477438111-2672112748-1006\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbIncr.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2444962988-477438111-2672112748-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2444962988-477438111-2672112748-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.defaultthis.engineName: "PageRage Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "MyStart Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.swagbucks.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..extensions.enabledItems: [email protected]:4.0.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}:3.5.0.12
FF - prefs.js..extensions.enabledItems: [email protected]:4.0.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {4be68a18-deba-49e0-9e09-ee7796f3b62a}:2.5.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.3.8.20110620112826
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.10.6984
FF - prefs.js..extensions.enabledItems: [email protected]:1.10.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..keyword.URL: "http://us.yhs.search...2-tb-web_us&p="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/npmozax: C:\PROGRA~1\Mozilla Firefox\plugins\ [2011/07/28 20:45:38 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@realarcade.com/RAClient: C:\Documents and Settings\All Users\Application Data\RealArcade\npraclient.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files\Nuance\PDF Professional 6\bin\nppdf.dll (Zeon Corporation)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Betsy True\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Betsy True\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\paypalfirefoxplugin@orbiscom: C:\Program Files\PayPal\PayPal Plug-In [2008/01/03 09:08:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/11/24 10:15:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2011/05/09 17:17:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/12/01 11:02:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/28 20:45:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/28 20:45:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 8\components [2011/07/25 11:38:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins

[2010/01/09 14:12:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Betsy True\Application Data\Mozilla\Extensions
[2011/09/06 14:28:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Betsy True\Application Data\Mozilla\Firefox\Profiles\nuj11eia.default\extensions
[2010/07/15 23:56:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Betsy True\Application Data\Mozilla\Firefox\Profiles\nuj11eia.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/20 17:11:07 | 000,000,000 | ---D | M] (Billeo) -- C:\Documents and Settings\Betsy True\Application Data\Mozilla\Firefox\Profiles\nuj11eia.default\extensions\{4be68a18-deba-49e0-9e09-ee7796f3b62a}
[2011/06/24 15:05:48 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Betsy True\Application Data\Mozilla\Firefox\Profiles\nuj11eia.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/09/06 14:28:55 | 000,000,000 | ---D | M] (Swag Bucks Community Toolbar) -- C:\Documents and Settings\Betsy True\Application Data\Mozilla\Firefox\Profiles\nuj11eia.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
[2011/06/29 18:23:08 | 000,000,000 | ---D | M] ("AOL Messaging Toolbar") -- C:\Documents and Settings\Betsy True\Application Data\Mozilla\Firefox\Profiles\nuj11eia.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2011/09/06 14:28:54 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Documents and Settings\Betsy True\Application Data\Mozilla\Firefox\Profiles\nuj11eia.default\extensions\[email protected]
[2010/01/09 14:14:15 | 000,000,000 | ---D | M] (Friendbar) -- C:\Documents and Settings\Betsy True\Application Data\Mozilla\Firefox\Profiles\nuj11eia.default\extensions\[email protected]
[2010/10/06 08:24:10 | 000,001,820 | ---- | M] () -- C:\Documents and Settings\Betsy True\Application Data\Mozilla\Firefox\Profiles\nuj11eia.default\searchplugins\bing.xml
[2010/01/09 14:14:23 | 000,001,432 | ---- | M] () -- C:\Documents and Settings\Betsy True\Application Data\Mozilla\Firefox\Profiles\nuj11eia.default\searchplugins\google-search-for-friendbar-toolbar.xml
[2011/04/15 23:17:23 | 000,002,183 | ---- | M] () -- C:\Documents and Settings\Betsy True\Application Data\Mozilla\Firefox\Profiles\nuj11eia.default\searchplugins\MyStart Search.xml
[2010/01/09 14:14:22 | 000,001,192 | ---- | M] () -- C:\Documents and Settings\Betsy True\Application Data\Mozilla\Firefox\Profiles\nuj11eia.default\searchplugins\twitter-search.xml
[2011/04/07 10:39:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/20 09:59:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/11/13 18:22:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2007/04/23 08:09:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\Access Privileges Test
[2009/04/01 21:10:21 | 000,000,000 | ---D | M] (RealArcade V3 Plugin) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2010/11/13 18:22:26 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2008/01/04 18:21:46 | 000,019,104 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\atgpcdec.dll
[2008/01/04 18:21:46 | 000,105,632 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\atgpcext.dll
[2008/01/04 18:21:43 | 000,057,504 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2003/10/02 14:44:00 | 000,142,848 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npcpbrk7.dll
[2010/11/13 18:22:25 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008/04/28 16:13:00 | 000,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2009/03/30 17:13:54 | 000,098,304 | ---- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npraclient.dll
[2005/04/27 16:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npracplug.dll
[2008/01/08 22:37:18 | 000,159,744 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2007/03/09 19:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll
[2009/03/03 10:51:42 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll

O1 HOSTS File: ([2004/08/10 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngin0.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Billeo) - {465E08E7-F005-4389-980F-1D8764B3486C} - c:\Program Files\Billeo\billeo.dll (Billeo, Inc.)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Professional 6\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa2.dll (Conduit Ltd.)
O2 - BHO: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\prxtbPag0.dll (Conduit Ltd.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O2 - BHO: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbIncr.dll (Conduit Ltd.)
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDF Professional 6\bin\ZeonIEFavClient.dll (Zeon Corporation)
O2 - BHO: (OToolbarHelper Class) - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll ()
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll (Yontoo Technology, Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Billeo) - {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - c:\Program Files\Billeo\billeo.dll (Billeo, Inc.)
O3 - HKLM\..\Toolbar: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\prxtbPag0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbIncr.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (PayPal Plug-In) - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll ()
O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Professional 6\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-2444962988-477438111-2672112748-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2444962988-477438111-2672112748-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-2444962988-477438111-2672112748-1006\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKU\S-1-5-21-2444962988-477438111-2672112748-1006\..\Toolbar\WebBrowser: (Billeo) - {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - c:\Program Files\Billeo\billeo.dll (Billeo, Inc.)
O3 - HKU\S-1-5-21-2444962988-477438111-2672112748-1006\..\Toolbar\WebBrowser: (Swag Bucks Toolbar) - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - C:\Program Files\Swag_Bucks\prxtbSwa2.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2444962988-477438111-2672112748-1006\..\Toolbar\WebBrowser: (PageRage Toolbar) - {9565115D-C7D6-46D3-BD63-B67B481A4368} - C:\Program Files\PageRage\prxtbPag0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2444962988-477438111-2672112748-1006\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-2444962988-477438111-2672112748-1006\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbIncr.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2444962988-477438111-2672112748-1006\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [Nuance PDF Professional 6-reminder] C:\Program Files\Nuance\PDF Professional 6\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
O4 - HKLM..\Run: [PDF6 Registry Controller] C:\Program Files\Nuance\PDF Professional 6\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files\Nuance\PDF Professional 6\PdfPro6Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PS121v2] C:\Program Files\NETGEAR\PS121v2\PS121v2.exe ()
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TMRUBottedTray] C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] File not found
O4 - HKU\S-1-5-18..\Run: [Picasa Media Detector] File not found
O4 - HKU\S-1-5-21-2444962988-477438111-2672112748-1006..\Run: [alarm.exe] C:\Program Files\Chaos Software\Intellect\alarm.exe (Chaos Software Group, Inc.)
O4 - HKU\S-1-5-21-2444962988-477438111-2672112748-1006..\Run: [EasyDeskTicker] C:\Program Files\EasyDeskTicker\easydeskticker.exe ()
O4 - HKU\S-1-5-21-2444962988-477438111-2672112748-1006..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKU\S-1-5-21-2444962988-477438111-2672112748-1006..\Run: [Livestation] File not found
O4 - HKU\S-1-5-21-2444962988-477438111-2672112748-1006..\Run: [Philips Intelligent Agent] File not found
O4 - HKU\S-1-5-21-2444962988-477438111-2672112748-1006..\Run: [PrinterProDesktop] C:\Program Files\Printer Pro Desktop\PrinterProDesktop.exe (Readdle)
O4 - HKU\S-1-5-21-2444962988-477438111-2672112748-1006..\Run: [updateMgr] File not found
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2444962988-477438111-2672112748-1006..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10q_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ScreenThemes.lnk = C:\Program Files\ScreenThemes\scthemes.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Amazon Unbox.lnk = C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe (Amazon.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk = C:\Program Files\Audible\Bin\ADHelper.exe (Audible, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billeo.lnk = C:\Program Files\Billeo\billeo.exe (Billeo, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\officejet 6100.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O4 - Startup: C:\Documents and Settings\Betsy True\Start Menu\Programs\Startup\!ntellect.lnk = C:\Program Files\Chaos Software\Intellect\Intellect.exe (Chaos Software Group, Inc.)
O4 - Startup: C:\Documents and Settings\Betsy True\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Betsy True\Start Menu\Programs\Startup\DigiDay Clock.lnk = C:\DigiDay\dd_clock.exe (Vision X Software, Inc.)
O4 - Startup: C:\Documents and Settings\Betsy True\Start Menu\Programs\Startup\DigiDay Reminder.lnk = C:\DigiDay\dd_rem.exe ()
O4 - Startup: C:\Documents and Settings\Betsy True\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Betsy True\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\Betsy True\Start Menu\Programs\Startup\ListProAlarms.lnk = C:\Program Files\Ilium Software\ListPro\ListProAlarms.exe ()
O4 - Startup: C:\Documents and Settings\Betsy True\Start Menu\Programs\Startup\ScreenThemes.lnk = C:\Program Files\ScreenThemes\scthemes.exe ()
O4 - Startup: C:\Documents and Settings\Betsy True\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2444962988-477438111-2672112748-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append the content of the link to existing PDF file - C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append the content of the selected links to existing PDF file - C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append to existing PDF file - C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file - C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file from the content of the link - C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF files from the selected links - C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Open with Nuance PDF Converter 6.0 - C:\Program Files\Nuance\PDF Professional 6\cnvres_eng.dll ()
O8 - Extra context menu item: Open with PDF Professional 6 - C:\Program Files\Nuance\PDF Professional 6\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O8 - Extra context menu item: Subscribe with RSSRadio - c:\program files\dorada software\rssradio\subscribe.htm ()
O9 - Extra Button: Movies Extractor Scout - {02659636-B21B-4665-97E2-38733FDDEE53} - C:\Program Files\Bytescout Movies Extractor Scout\flashextract.exe ()
O9 - Extra Button: Bytescout SWF To Video Scout - {282D81E2-F254-4F7B-A533-0B7435EF7BBF} - C:\Program Files\Bytescout SWF To Video Scout\flashextract.exe (Bytescout)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2444962988-477438111-2672112748-1006\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {00000161-9980-0010-8000-00AA00389B71} http://codecs.micros.../i386/msaud.cab (Reg Error: Key error.)
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} http://symantec.atgn...oad/tgctlsi.cab (SupportSoft SmartIssue)
O16 - DPF: {01118F00-3E00-11D2-8470-0060089874ED} http://symantec.atgn...wnload/ssrc.cab (SupportSoft RemoteControl Class)
O16 - DPF: {01119400-3E00-11D2-8470-0060089874ED} http://symantec.atgn...d/sprtctlln.cab (SupportSoft Listener Control)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} http://housecall60.t...all/xscan60.cab (HouseCall Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://active.macrom...tor/cabs/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} http://dlm.tools.aka...vex-2.2.1.0.cab (DownloadManager Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1219884559546 (MUWebControl Class)
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} http://housecall65.t...ivex/hcImpl.cab (Housecall ActiveX 6.5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoft...free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6F03AEF-DCBD-42B0-A41E-82D98324842B}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Program Files\ScreenThemes\data\Betsy True\ScreenThemes.bmp
O24 - Desktop BackupWallPaper: C:\Program Files\ScreenThemes\data\Betsy True\ScreenThemes.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/01 23:24:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-2444962988-477438111-2672112748-1006..exefile [open] -- "C:\Documents and Settings\Betsy True\Local Settings\Application Data\tru.exe" -a "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2444962988-477438111-2672112748-1006\...exe [@ = exefile] -- "C:\Documents and Settings\Betsy True\Local Settings\Application Data\tru.exe" -a "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/09/06 14:27:18 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Betsy True\Desktop\OTL.scr
[2011/09/06 13:00:16 | 002,002,320 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Betsy True\Desktop\HousecallLauncher.exe
[2008/03/31 15:54:57 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2005/08/17 02:54:50 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll

========== Files - Modified Within 30 Days ==========

[2011/09/06 14:29:22 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/06 14:27:22 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Betsy True\Desktop\OTL.scr
[2011/09/06 13:07:05 | 000,570,368 | ---- | M] () -- C:\Documents and Settings\Betsy True\Desktop\RogueKiller.exe
[2011/09/06 13:00:17 | 002,002,320 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Betsy True\Desktop\HousecallLauncher.exe
[2011/09/06 12:50:29 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/06 12:49:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

========== Files Created - No Company Name ==========

[2011/09/06 13:07:05 | 000,570,368 | ---- | C] () -- C:\Documents and Settings\Betsy True\Desktop\RogueKiller.exe
[2011/07/26 11:50:03 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/25 20:01:09 | 000,008,834 | -HS- | C] () -- C:\Documents and Settings\Betsy True\Local Settings\Application Data\255fm0en288l
[2011/07/25 20:01:09 | 000,008,834 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\255fm0en288l
[2010/01/16 11:51:27 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Betsy True\Local Settings\Application Data\prvlcl.dat
[2010/01/07 16:20:27 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2010/01/06 13:32:15 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Betsy True\Local Settings\Application Data\housecall.guid.cache
[2010/01/06 08:18:53 | 000,000,011 | ---- | C] () -- C:\WINDOWS\SA2005.ini
[2009/10/05 10:55:35 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2009/06/08 09:44:34 | 000,000,036 | -H-- | C] () -- C:\WINDOWS\System32\f9t.dat
[2009/04/14 16:58:44 | 000,002,281 | ---- | C] () -- C:\WINDOWS\ips.INI
[2008/09/29 16:43:24 | 000,082,868 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/06/25 10:30:27 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\8735126C49.sys
[2008/06/25 10:30:26 | 000,003,350 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2008/05/17 21:19:35 | 000,000,075 | ---- | C] () -- C:\WINDOWS\FileNamesinQueue.ini
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2008/01/04 18:22:03 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2008/01/01 14:43:44 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/01/01 14:43:33 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/01/01 14:43:33 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/01/01 14:43:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/12/24 11:11:42 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2007/11/07 21:22:18 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\zshp1018.exe
[2007/11/07 21:22:18 | 000,106,496 | R--- | C] () -- C:\WINDOWS\System32\vshp1018.dll
[2007/10/09 21:41:54 | 000,000,040 | ---- | C] () -- C:\Documents and Settings\Betsy True\Application Data\favSellers.awt
[2007/07/30 08:34:19 | 000,023,254 | ---- | C] () -- C:\Documents and Settings\Betsy True\Application Data\closedList.awt
[2007/07/30 08:34:19 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\Betsy True\Application Data\openList.awt
[2007/06/26 20:02:37 | 000,002,304 | ---- | C] () -- C:\WINDOWS\System32\Machnm32.sys
[2007/06/12 20:29:06 | 000,000,162 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2007/05/03 13:54:38 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS4O.DLL
[2007/04/16 23:38:25 | 001,936,528 | ---- | C] () -- C:\WINDOWS\System32\ltmm15.dll
[2007/03/21 15:29:24 | 000,400,782 | ---- | C] () -- C:\Documents and Settings\Betsy True\Application Data\fontlst2.opf
[2007/03/09 03:12:32 | 000,027,648 | -HS- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007/03/06 05:14:48 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/01/07 01:03:48 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\PRTSERV.dll
[2006/11/01 08:57:54 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2006/10/28 10:21:16 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Betsy True\Application Data\WavCodec.wff
[2006/10/24 08:33:01 | 000,000,779 | ---- | C] () -- C:\WINDOWS\GUEmap.INI
[2006/10/23 08:39:08 | 000,057,344 | ---- | C] () -- C:\WINDOWS\TADSUINS.EXE
[2006/09/25 09:39:11 | 000,000,074 | -H-- | C] () -- C:\WINDOWS\sysdws.dat
[2006/07/26 08:43:07 | 000,000,072 | ---- | C] () -- C:\WINDOWS\mOceanSync.ini
[2006/06/09 21:22:23 | 000,000,023 | ---- | C] () -- C:\WINDOWS\ZDPLUSSEARCH.INI
[2006/06/02 18:15:44 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\LDecVorbis.dll
[2006/05/24 13:37:27 | 000,045,568 | RHS- | C] () -- C:\WINDOWS\System32\cygz.dll
[2006/05/24 10:40:42 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\ftdiunin.exe
[2006/05/14 10:32:12 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2006/05/05 08:51:18 | 001,895,026 | ---- | C] () -- C:\WINDOWS\System32\nowutils.dll
[2006/05/05 08:49:40 | 000,077,824 | ---- | C] () -- C:\WINDOWS\zipexe_r.exe
[2006/05/04 12:28:24 | 000,039,424 | ---- | C] () -- C:\WINDOWS\System32\hpi_scsi.dll
[2006/05/04 12:28:21 | 000,004,176 | ---- | C] () -- C:\WINDOWS\System32\Hpi_icon.dll
[2006/04/21 12:37:41 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2006/04/21 12:37:41 | 000,015,840 | ---- | C] () -- C:\WINDOWS\System32\Machnm1.exe
[2006/04/10 13:56:16 | 000,000,099 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2006/02/24 04:41:59 | 000,438,272 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2006/02/24 04:41:59 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\libfaac.dll
[2006/02/23 12:36:20 | 001,798,144 | ---- | C] () -- C:\WINDOWS\System32\ltmm_n.dll
[2006/02/23 12:36:20 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\LMOggSpl.dll
[2006/02/23 12:36:20 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\LMOggMux.dll
[2006/01/29 12:47:04 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/01/26 08:51:56 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\nlame.dll
[2006/01/22 23:55:18 | 000,000,139 | ---- | C] () -- C:\WINDOWS\LODERUNN.INI
[2005/12/28 09:53:53 | 000,000,293 | ---- | C] () -- C:\WINDOWS\SerMagic.ini
[2005/11/21 11:34:25 | 000,022,635 | ---- | C] () -- C:\Documents and Settings\Betsy True\Application Data\Comma Separated Values (Windows).ADR
[2005/11/15 00:08:44 | 000,037,027 | ---- | C] () -- C:\WINDOWS\atmoUn.exe
[2005/11/11 22:28:45 | 000,001,782 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/11/03 20:33:31 | 000,000,004 | ---- | C] () -- C:\WINDOWS\uccspecb.sys
[2005/10/24 12:13:58 | 000,066,560 | RHS- | C] () -- C:\WINDOWS\MOTA113.exe
[2005/10/22 21:19:41 | 000,000,054 | ---- | C] () -- C:\WINDOWS\CmdFile.INI
[2005/10/20 19:32:02 | 000,647,168 | ---- | C] () -- C:\WINDOWS\System32\pqdvdb.dll
[2005/10/20 17:47:29 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2005/10/20 17:47:28 | 000,164,864 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.EXE
[2005/10/20 17:47:28 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\hdduinst.exe
[2005/10/13 22:27:00 | 000,422,400 | RHS- | C] () -- C:\WINDOWS\x2.64.exe
[2005/10/12 21:20:39 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/10/07 10:47:46 | 000,035,808 | ---- | C] () -- C:\WINDOWS\overlay.bin
[2005/10/01 21:08:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2005/10/01 20:47:16 | 000,000,040 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2005/09/30 10:07:45 | 000,132,608 | ---- | C] () -- C:\Documents and Settings\Betsy True\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/09/25 08:05:31 | 000,000,534 | ---- | C] () -- C:\WINDOWS\scthemes.ini
[2005/09/09 09:32:30 | 000,001,126 | ---- | C] () -- C:\WINDOWS\DD_CLOCK.INI
[2005/09/08 16:08:42 | 000,000,011 | ---- | C] () -- C:\WINDOWS\SA2005HH.ini
[2005/09/08 13:46:17 | 000,000,041 | ---- | C] () -- C:\WINDOWS\loc2.INI
[2005/09/08 13:46:12 | 000,000,041 | ---- | C] () -- C:\WINDOWS\FindServ.INI
[2005/09/02 11:05:00 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\Isb.dll
[2005/09/02 10:56:59 | 000,000,014 | ---- | C] () -- C:\WINDOWS\pagesuit.ini
[2005/09/02 10:47:00 | 000,027,801 | ---- | C] () -- C:\WINDOWS\hpoins01.dat
[2005/09/02 10:47:00 | 000,007,765 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat
[2005/08/29 23:48:36 | 000,000,004 | ---- | C] () -- C:\WINDOWS\RM_RESULT.DAT
[2005/08/29 23:48:28 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/08/29 20:29:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2005/08/29 17:19:24 | 000,552,960 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2005/08/24 21:30:36 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/08/24 21:28:48 | 000,002,879 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/08/24 18:36:01 | 000,107,132 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/08/24 18:35:56 | 000,005,173 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/08/24 09:11:45 | 003,785,550 | -H-- | C] () -- C:\Documents and Settings\Betsy True\Local Settings\Application Data\BackupIconCache.db
[2005/08/24 09:11:45 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Betsy True\Local Settings\Application Data\fusioncache.dat
[2005/08/17 03:34:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/17 03:23:27 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/08/17 03:20:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/08/17 03:17:41 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2005/08/17 03:17:41 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/08/17 03:17:32 | 000,003,278 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2005/08/17 03:17:32 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/08/17 03:17:26 | 000,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005/08/17 02:55:18 | 000,000,430 | ---- | C] () -- C:\WINDOWS\System32\dlbuplc.ini
[2005/08/17 02:54:52 | 000,060,928 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2005/08/17 02:54:52 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2005/08/17 02:54:40 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/08/17 02:54:36 | 000,087,540 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/08/17 02:54:08 | 000,000,375 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/08/02 17:24:01 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2005/05/13 18:12:00 | 000,217,073 | RHS- | C] () -- C:\WINDOWS\meta4.exe
[2005/05/04 20:58:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/05/03 11:44:44 | 000,025,157 | ---- | C] () -- C:\WINDOWS\RMAgentOutput.dll
[2005/05/03 11:43:44 | 000,126,976 | ---- | C] () -- C:\WINDOWS\dllTSCLIBMT.dll
[2005/03/22 18:38:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 18:38:24 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/03/03 16:16:42 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2005/02/28 14:16:22 | 000,240,128 | RHS- | C] () -- C:\WINDOWS\System32\x.264.exe
[2004/11/18 16:43:03 | 004,902,912 | ---- | C] () -- C:\WINDOWS\System32\qt-mt332.dll
[2004/10/01 17:33:46 | 000,000,679 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2004/08/19 17:20:39 | 000,000,890 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/19 17:12:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/19 17:03:04 | 000,034,380 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/19 16:57:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/19 16:57:07 | 000,391,184 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/19 16:49:47 | 000,562,050 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/19 16:49:47 | 000,122,090 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/19 16:49:43 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/19 16:49:36 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\pglyx2x.dll
[2004/08/19 16:49:36 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2004/08/19 16:49:36 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2004/08/19 16:49:36 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2004/08/19 16:49:36 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2004/08/19 16:49:36 | 000,000,339 | ---- | C] () -- C:\WINDOWS\System32\wgv7azl.dll
[2004/08/19 16:49:36 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2004/08/19 16:49:36 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2004/08/19 16:49:36 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\uh8zwc0.dll
[2004/08/19 16:49:36 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\itb7ycx.dll
[2004/08/10 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 07:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/10 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 07:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/10 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 07:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/06/30 15:04:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\SDelete.dll
[2004/03/07 13:51:00 | 000,024,924 | ---- | C] () -- C:\WINDOWS\System32\openports.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/07/04 15:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2001/12/14 13:34:46 | 000,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[1999/07/23 14:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 11:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1996/10/14 02:38:00 | 000,001,266 | ---- | C] () -- C:\WINDOWS\System32\syswltag.bin
[1899/12/31 20:30:49 | 000,000,111 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[1617/11/08 20:57:57 | 000,003,120 | ---- | C] () -- C:\WINDOWS\JEQDOI.ini

========== LOP Check ==========

[2009/04/22 21:08:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2006/12/23 01:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2010/05/07 07:39:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/05/07 07:39:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
[2009/05/03 21:15:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
[2009/08/23 06:11:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Amazon
[2009/01/28 21:29:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ashtons Family Resort
[2010/09/12 13:23:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/10/26 10:28:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/04/23 13:25:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\billeo
[2007/05/03 13:54:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2007/04/18 16:57:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Chaos Software
[2011/03/14 12:58:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2008/08/06 08:21:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DataViz
[2009/08/28 23:34:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2006/09/25 09:18:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\element5
[2006/09/25 15:00:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2009/08/22 16:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2009/06/12 22:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2007/08/23 07:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2005/10/13 17:09:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2008/05/21 10:52:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2008/05/21 10:46:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2011/07/29 10:55:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2006/10/28 08:13:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/07/22 01:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2010/12/26 13:06:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Photo Notifier and Animation Creator
[2008/12/18 19:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/07/22 07:06:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2006/01/28 08:35:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft(2)
[2006/10/30 14:04:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/05/18 15:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/07/26 08:02:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/08/27 17:28:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Journal
[2006/10/22 21:28:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/01/11 15:48:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VertusTech
[2009/06/13 08:14:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/06/09 15:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
[2009/03/19 15:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2006/05/16 13:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zeon
[2009/05/03 22:35:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2010/04/02 13:39:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/18 10:53:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/24 11:07:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/06/08 09:48:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{A8FB99CB-780B-4CA6-A91A-964EDA9D25C0}
[2009/06/08 09:50:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{B0AFCE64-DF3F-4824-8985-B21DB0EEE07B}
[2009/04/22 22:46:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\85d0f5e61a0389c28fdeaec7f07d80fa.8A83BD0BE459142F50C111755484E359D8DBFFF2.1
[2009/04/22 21:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\acccore
[2006/11/30 00:03:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\ACD Systems
[2010/07/14 10:54:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Amazon
[2009/01/28 21:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Ashtons Family Resort
[2010/07/29 18:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\AVG9
[2006/11/26 00:51:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Beep Industries
[2008/01/01 13:57:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Bytescout SWF To Video Scout
[2009/04/22 21:23:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\c8dbe8efd4647dc2bc71ac80461b8677.8A83BD0BE459142F50C111755484E359D8DBFFF2.1
[2011/08/03 21:08:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Chaos Software
[2006/11/10 08:04:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\CNN
[2010/07/15 13:59:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/05/15 17:15:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
[2011/07/26 08:03:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Dropbox
[2011/07/26 09:03:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\EasyDeskTicker
[2006/07/19 16:09:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\eFax Messenger
[2010/10/18 11:58:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\EurekaLog
[2008/03/31 16:05:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Eyeblaster
[2009/08/22 16:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Flood Light Games
[2009/01/29 23:55:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Friday's games
[2008/04/08 08:17:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\funkitron
[2009/08/22 20:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\GameHousev1001
[2010/05/27 11:14:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\GARMIN
[2009/06/06 23:47:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\GetRightToGo
[2007/12/14 21:14:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Helios
[2005/10/13 17:09:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\HotSync
[2009/04/08 17:31:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\HouseCall 6.6
[2008/03/31 22:05:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Jane s Hotel Family Hero
[2005/08/25 18:38:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Leadertech
[2008/12/11 22:48:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Livestation
[2008/04/25 01:12:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Mobipocket
[2008/01/01 12:46:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Movies Extractor Scout
[2008/08/15 16:56:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Musicmatch
[2010/01/22 15:59:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\MyPublisher
[2006/12/25 08:47:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\NCH Swift Sound
[2006/05/12 08:06:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Now Software
[2009/11/27 16:43:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Nuance
[2008/03/20 07:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\OfficeUpdate12
[2010/12/31 19:33:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Opera
[2008/05/17 13:32:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\OverDrive
[2007/12/18 14:07:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\PDM
[2008/12/18 19:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\PlayFirst
[2008/12/17 17:38:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Pogo Games
[2010/09/02 17:57:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\PriceGong
[2006/03/31 16:22:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Qumana
[2006/10/28 08:13:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\RecordPad
[2005/11/10 08:53:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\RSSRadio
[2006/05/16 13:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\ScanSoft
[2009/07/14 18:08:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Stamps.com Internet Postage
[2008/01/05 18:28:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Super-Cow
[2009/04/29 06:57:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2006/10/22 21:28:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Ulead Systems
[2009/05/03 22:37:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\URSE Games
[2009/10/23 09:42:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Viewpoint
[2005/10/01 21:32:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Wildfire
[2009/06/01 22:20:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\YoudaGames
[2006/05/16 13:35:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Zeon
[2006/01/28 08:35:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\Zeon(2)
[2010/03/26 10:16:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Dropbox
[2011/07/29 10:57:00 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1125673024.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2004/08/10 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2004/08/10 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\explorer.exe

< MD5 for: SVCHOST.EXE >
[2004/08/10 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\i386\svchost.exe
[2004/08/10 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/10 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\i386\userinit.exe
[2004/08/10 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/10 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe
[2004/08/10 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\winlogon.exe

< C:\Windows\assembly\tmp\U /s >

========== Files - Unicode (All) ==========
[2010/01/31 11:52:08 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\?È) -- C:\WINDOWS\System32\縀È
[2010/01/31 11:52:08 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\?È) -- C:\WINDOWS\System32\縀È
[2010/01/30 13:15:38 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\麠Ȇ
[2010/01/30 13:15:38 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\麠Ȇ
[2010/01/29 12:49:22 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\ȵ
[2010/01/29 12:49:22 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\ȵ
[2010/01/18 13:05:19 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\?À) -- C:\WINDOWS\System32\┈À
[2010/01/18 13:05:19 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\?À) -- C:\WINDOWS\System32\┈À
[2010/01/07 13:36:45 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\㓐•
[2010/01/07 13:36:45 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\㓐•
[2009/12/29 15:31:57 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\?Å) -- C:\WINDOWS\System32\᜘Å
[2009/12/29 15:31:57 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\?Å) -- C:\WINDOWS\System32\᜘Å
[2009/12/23 12:38:01 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\䋨˜
[2009/12/23 12:38:01 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\䋨˜
[2009/12/16 17:15:14 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\?Ï) -- C:\WINDOWS\System32\您Ï
[2009/12/16 17:15:14 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\?Ï) -- C:\WINDOWS\System32\您Ï
[2009/12/11 21:04:41 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\?¿) -- C:\WINDOWS\System32\硨¿
[2009/12/11 21:04:41 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\?¿) -- C:\WINDOWS\System32\硨¿
[2009/12/09 13:07:58 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\?£) -- C:\WINDOWS\System32\钘£
[2009/12/09 13:07:58 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\?£) -- C:\WINDOWS\System32\钘£
[2009/12/08 13:11:33 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\葀ɞ
[2009/12/08 13:11:33 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\葀ɞ
[2009/11/19 11:38:57 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\짰›
[2009/11/19 11:38:57 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\짰›
[2009/10/29 16:08:22 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\?£) -- C:\WINDOWS\System32\⋘£
[2009/10/29 16:08:22 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\?£) -- C:\WINDOWS\System32\⋘£

========== Alternate Data Streams ==========

@Alternate Data Stream - 241 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8E55808C
@Alternate Data Stream - 229 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:527B6DAD
@Alternate Data Stream - 181 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2C321309
@Alternate Data Stream - 175 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C1D7085
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52562F72
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:182D85B1

< End of report >



Here's Extras.Txt:

OTL Extras logfile created on: 9/6/2011 2:30:19 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Betsy True\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.09 Mb Total Physical Memory | 590.63 Mb Available Physical Memory | 57.79% Memory free
2.40 Gb Paging File | 2.15 Gb Available in Paging File | 89.42% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.21 Gb Total Space | 62.31 Gb Free Space | 43.20% Space Free | Partition Type: NTFS

Computer Name: DELLA | User Name: Betsy True | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
.js [@ = JSFile] -- "C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1"

[HKEY_USERS\S-1-5-21-2444962988-477438111-2672112748-1006\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- "C:\Documents and Settings\Betsy True\Local Settings\Application Data\tru.exe" -a "%1" %*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 4.0 Beta 8\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
jsfile [open] -- "C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1"
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with Corel Paint Shop Pro Photo X2] -- "C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"33300:TCP" = 33300:TCP:*:Enabled:PrinterProDesktop

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"C:\Program Files\IncrediMail\bin\IMApp.exe" = C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\bin\IncMail.exe" = C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Documents and Settings\Betsy True\Local Settings\Temporary Internet Files\Content.IE5\A5RS5L4W\incredimail_install[1].exe" = C:\Documents and Settings\Betsy True\Local Settings\Temporary Internet Files\Content.IE5\A5RS5L4W\incredimail_install[1].exe:*:Enabled:IncrediMail Installer
"C:\Program Files\IncrediMail\bin\ImpCnt.exe" = C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\bin\ImLc.exe" = C:\Program Files\IncrediMail\bin\ImLc.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\bin\ImPackr.exe" = C:\Program Files\IncrediMail\bin\ImPackr.exe:*:Enabled:IncrediMail -- ()
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk
"C:\Program Files\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe" = C:\Program Files\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe:*:Enabled:Adobe Photoshop Elements Media Server
"C:\Program Files\Intuit\QuickBooks 2005\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2005\QBDBMgrN.exe:*:Enabled:QuickBooks 2007 Data Manager -- (iAnywhere Solutions, Inc.)
"C:\Program Files\TurboTax\Premier 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Premier 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Premier 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Premier 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\IncrediMail\bin\IncrediMail_Install.exe" = C:\Program Files\IncrediMail\bin\IncrediMail_Install.exe:*:Enabled:IncrediMail Installer -- ()
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
"C:\Program Files\TurboTax\Premier 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Premier 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Premier 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Premier 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL Inc.)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
"C:\Program Files\AVG\AVG8\avgdiag.exe" = C:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe
"C:\Program Files\AVG\AVG8\avgdiagex.exe" = C:\Program Files\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe
"C:\Program Files\AVG\AVG8\avgam.exe" = C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe
"C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\Documents and Settings\Betsy True\Local Settings\Temp\ImInstaller\incredimail_installer.exe" = C:\Documents and Settings\Betsy True\Local Settings\Temp\ImInstaller\incredimail_installer.exe:*:Enabled:IncrediMail Installer
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"!ntellect" = !ntellect
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW® Graphics Suite X4 - Windows Shell Extension
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02ED27A2-8C9B-467B-A219-808F87AD5C7F}" = Weight Watchers On-the-Go
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{05ACE89B-B7D7-43DC-A3EF-E82F0E92BD9D}" = Google Desktop Plugins - Workspaces
"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}" = MacromediaDreamweaver MX 2004
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{11C98E1A-EC91-4B38-B44C-C562292D8453}" = Adobe Premiere Elements 2.0
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1384D2E8-66F2-4FB0-9F54-15541758B88A}" = CVista PdfCompressor 3.0 DeskTop Edition
"{15C77FC3-8137-4A5E-8F81-F559045DD6B0}" = Shipping Assistant 3.6
"{18DB3375-0649-4EA3-959A-44F1ACD278BA}" = IncrediMail
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}" = TurboTax ItsDeductible 2005
"{2FD94FBC-07AE-475C-B522-BFE899B9048E}" = Garmin WebUpdater
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{36BD0774-6CD6-4FF9-A148-83CA09AC123E}" = Intel® PROSafe for Wired Connections
"{381E560A-2C88-4C0B-BF37-28A4AEC74340}" = 3D Embroidery System 7.2 Upgrade
"{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"{3DCFDB8E-6649-25D8-86B2-0C041B0B7EFE}" = MoonWidget
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{403EF592-953B-4794-BCEF-ECAB835C2095}" = Intel® PROSafe for Wired Connections
"{451B332F-E2A7-4F69-B1ED-99C99BDB9C2F}" = NETGEAR PS121v2
"{4690FF2D-4FC5-4592-8C67-7C75CE9C824F}" = 3D Embroidery 7.2 Documentation Update
"{4844E5E2-90E5-4D68-A696-B211C1FAB515}" = SerialMagic Plus
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CA6A2DF-A805-4E40-95A9-CC8FE86DC742}" = EQ5
"{51D7C617-0F0A-4E91-90E1-EFEC0E373868}" = Handheld Birds
"{548EEA8E-8299-497F-8057-811D2D7097DC}" = Dell Support 3.1
"{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{56316400-A99C-4BD6-A50F-20977BBE4A22}" = PDA Photo
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{65FA5E6D-B3D7-46D9-9571-CBBA1968346B}" = FileMaker Pro 7
"{67878E2E-9A34-4374-8F07-A40714B06296}" = BigOven Palm Companion
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{698AC01B-DF0C-4BCE-940C-EB29AD23A560}" = Stamps.com
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{6D48C9ED-1CD9-430A-ABAB-3DA282BC4B8D}" = RSSRadio
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{73317C31-2B6E-4B88-9865-B97C1331A39D}" = PayPal Plug-In
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{788A0222-5690-4212-AA9C-C48FD0E1C9AE}" = Photo Notifier and Animation Creator
"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
"{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic
"{7D25A304-C82D-41C3-85A8-3BEF84E04887}" = Garmin WebUpdater
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7E545666-F420-45FD-B3DF-C0B99A1A579F}" = QuickBooks Simple Start Edition
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{82DFB852-9594-4668-9C66-28BB6E94BCB2}" = HP Photo and Imaging 1.0 - PSC 2000 Series
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Client 1.10.01
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{901C0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Access 2002 Runtime
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{91120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{91208A47-5D08-4C79-986F-1931940F51BB}" = QuickBooks Product Listing Service
"{9243EE6A-4288-47DE-8DA3-9E4A6946E421}" = Google Desktop Plugin - Currency Quotes
"{9815CC20-0ED5-44E6-A0C4-4D0DD8A64B77}" = LiveRSS Gadget
"{9869D4DD-D553-40D3-8859-F8911D406C69}" = Ulead DVD Workshop 2
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9B02DB6-F7BD-16B5-10F2-584333CDD70A}" = TweetDeck
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AD4203ED-7683-435E-B436-C299773A9936}" = MapSource - US Topo v3.02
"{ADAED43C-BBD9-42C5-8B21-F4FBFA81E3C3}" = Palm
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}" = Mobipocket Creator 4.2
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
"{B00EBEC1-D693-4B4D-93BD-610EDBA9B0DF}" = G21942EN
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B269ACEF-0B98-8CAE-AAED-ED93DE2042D2}" = interweave_qa_20090405
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B43B2355-E258-4C28-8A36-48E521862673}" = New York Times - Times Reader
"{B58561BB-0425-458C-B9C4-44618814BA70}" = The Italian Job
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1121C1F-1962-4A23-B2C2-B9515C837179}" = OverDrive Media Console
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C7DD94A8-F775-426C-B56C-8E555A59F9E2}" = Garmin Communicator Plugin
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC96F070-E8C1-493F-86FC-D8E0FAB7F77F}" = 3D Embroidery System 7.25 Upgrade
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B2}" = WinZip 11.2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW® Graphics Suite X4 - Windows Shell Extension
"{CEB481CC-F57C-4397-81A0-DADD22257047}" = Sound Blaster Live! 24-bit
"{CF0F19FE-46B3-E8DC-C0A3-65112B9E3E46}" = interweave_cps_20090506
"{D3AE96EE-2876-4B3F-847C-D3A4AD689E43}" = LogMeIn
"{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"{DAD4DE93-9438-4823-AE5E-93A1BE846FE0}" = Stamps.com Application Support for Microsoft Word 2000, 2002, 2003
"{DB5F474C-B584-417F-810B-DEBBC1893C2A}" = TBS WMP Plug-in
"{DCD60A9E-A310-4130-BA15-D233485322FB}" = 3D Embroidery System 7.0.5
"{DDC63227-BA06-4855-B002-BDB49E9F677E}" = Symantec Technical Support Web Controls
"{DFB1C950-44B8-11DE-6784-004D1F4418BE}" = Intellect
"{E0672DC8-8E79-46EB-81D9-5B558CF0A98A}_is1" = AAC MP3 Converter v3.6 build 889
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (NeatReceipts Professional)
"{E1062BEC-4340-4504-88C2-60C33A485635}" = Documents To Go
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7562EF2-0CD1-E1DD-31F1-AD5B805A22FC}" = Times Reader
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{ED93995E-8BF2-480F-8EA4-7D29E29A7052}" = HP Photo and Imaging 1.0 - PSC 2000 Series Drivers
"{F12EDF53-A253-4F06-BEE8-21827571243D}" = Trackstick Manager
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"{F6BA8EF2-A9F8-45B7-BD59-0A15DA9F7D68}" = Omron Health Management Software
"{F7F0DECF-E464-43BF-8DA5-3028564A4588}" = Nuance PDF Professional 6
"{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFAEA0E7-A977-419E-B23C-359DBFF41528}" = eBook Studio
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"55mm for Adobe Photoshop & Compatible Applications" = 55mm for Adobe Photoshop & Compatible Applications
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AIM Toolbar" = AIM Toolbar
"AIM_7" = AIM 7
"Amazon Kindle For PC" = Amazon Kindle For PC v1.0
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12
"ashtonsfamilyresort" = Ashtons - Family Resort
"ATI Display Driver" = ATI Display Driver
"AudibleDownloadManager" = Audible Download Manager
"AudibleManager" = AudibleManager
"AVG9Uninstall" = AVG 9.0
"BackupBuddy for Windows" = BackupBuddy for Windows
"Billeo" = Billeo
"Block Factory, Kansas City Star Blocks Vol 1" = Block Factory, Kansas City Star Blocks Vol 1
"Bytescout Movies Extractor Scout (full)_is1" = Bytescout Movies Extractor Scout
"Bytescout SWF To Video Scout (demo)_is1" = Bytescout SWF To Video Scout
"CA6E760567B714806C375877AA53AD58E358AE57" = Windows Driver Package - Serialio.com (Ser2pl) Ports (09/24/2008 3.3.2.102)
"CANONBJ_Deinstall_CNMCP4O.DLL" = Canon i70
"ChaosSync for Google" = ChaosSync for Google
"ChaosSync for Palm (!ntellect Edition)" = ChaosSync for Palm (!ntellect Edition)
"ChaosSync v6" = ChaosSync v6
"CK Becky Higgins' Creative Clips" = CK Becky Higgins' Creative Clips
"CLO Guide to Birds of N.A. v3" = CLO Guide to Birds of N.A. v3
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"conduitEngine" = Conduit Engine
"Courier Email" = Courier Email
"Data Import Wizard" = Data Import Wizard
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DigiDayClock" = DigiDay Clock
"DockWare" = Ilium Software DockWare Picture Installer
"EasyDeskTicker" = EasyDeskTicker
"Fairy Godmother Tycoon" = Fairy Godmother Tycoon
"fitnessdashtm" = Fitness Dash™
"FTDICOMM" = Trackstick Drivers
"Google Updater" = Google Updater
"HandBrake" = HandBrake 0.9.5
"HASP4 Device Drivers" = HASP4 Device Drivers
"HP OrderReminder" = HP OrderReminder
"HP PhotoSmart Scanning Software" = HP PhotoSmart Scanning Software
"hp psc 2200 series_Driver" = hp psc 2200 series
"HP-LaserJet 1018" = LaserJet 1018
"htmltads.exe" = the HTML TADS Game Player Kit
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Imagelys Picture Styles 5" = Imagelys Picture Styles 5
"IncrediMail" = IncrediMail 2.0
"IncrediMail_MediaBar_2 Toolbar" = IncrediMail MediaBar 2 Toolbar
"InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"InstallShield_{4CA6A2DF-A805-4E40-95A9-CC8FE86DC742}" = EQ5
"InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"InstallShield_{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"InstallShield_{DB5F474C-B584-417F-810B-DEBBC1893C2A}" = TBS WMP Plug-in
"Jasc Paint Shop Pro 9 GDI+ Patch" = Jasc Paint Shop Pro 9 GDI+ Patch
"Jasc Paint Shop Pro 9.01 - (9.0.1.1)" = Jasc Paint Shop Pro 9.01 - (9.0.1.1)
"Jasc Paint Shop Pro 9.01 Patch" = Jasc Paint Shop Pro 9.01 Patch
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 3.6.5
"KPT Collection" = KPT® Collection
"Laridian MyBible 4 with NIV Bundle for PalmOS" = Laridian MyBible 4 with NIV Bundle for PalmOS
"Linksys BEFCMV3 Uninstall" = Linksys BEFCMU10 EtherFast Cable Modem
"ListPro" = ListPro
"lvdrivers_11.50" = Logitech QuickCam Driver Package
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"Mozilla Firefox 6.0 (x86 en-US)" = Mozilla Firefox 6.0 (x86 en-US)
"MyPublisher" = MyPublisher
"MyWaySearchAssistantDE" = My Way Search Assistant
"NeatReceipts Professional" = NeatReceipts Professional v2.7.5
"Network MagicUninstall" = Network Magic
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ODEUNST #1" = QuiltingProPlus
"OpenAL" = OpenAL
"Opera 11.50.1074" = Opera 11.50
"Outlook Extract" = Outlook Extract
"Package Tracker_is1" = Package Tracker
"PageRage Toolbar" = PageRage Toolbar
"Panda ActiveScan" = Panda ActiveScan
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"Picasa 3" = Picasa 3
"Pocket Tunes" = Pocket Tunes 3.1.8
"PocketDVDStudio" = Pocket-DVD Studio(remove only)
"PocketDVDStudio_Palm" = Pocket-DVD Studio for Palm (remove only)
"PQ_DVD_to_iPod_Video_Converter" = PQ DVD to iPod Video Converter (remove only)
"PQ_DVD_to_iPod_Video_Suite" = PQ DVD to iPod Video Suite (remove only)
"PremElem20" = Adobe Premiere Elements 2.0
"Print Server Driver" = Print Server Driver
"PrinterProDesktop" = Printer Pro Desktop
"Pro-File" = Pro-File
"PROSetDX" = Intel® PRO Network Connections Software v9.2.4.11
"PSC 2000 Series" = HP Photo and Imaging 1.0 - PSC 2000 Series
"PUBLISHERR" = Microsoft Office Publisher 2007
"Rapid Resizer_is1" = Rapid Resizer
"Readerware" = Readerware
"RealArcade" = RealArcade
"RealPlayer 12.0" = RealPlayer
"RecordPad" = RecordPad Sound Recorder Uninstall
"Replay Media Catcher2.10" = Replay Media Catcher
"Replay_AV_800" = Replay AV 8
"Replay_AV_807" = Replay AV 8
"Replay_Converter_1" = Replay Converter 2.75C
"ScreenThemes" = ScreenThemes
"ScreenThemes_is1" = ScreenThemes 3.0
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Stamps.com" = Stamps.com
"Stamps.com support for Microsoft Word 2000-2007" = Stamps.com support for Microsoft Word 2000-2007
"Sunrise XP" = Sunrise XP 2.02
"Super TextTwist" = Super TextTwist
"Supercow" = Supercow
"Swag_Bucks Toolbar" = Swag_Bucks Toolbar
"Trend Micro HouseCall 6.6" = HouseCall 6.6
"TurboTax Premier 2007" = TurboTax Premier 2007
"TurboTax Premier Investments 2006" = TurboTax Premier Investments 2006
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"Tweak UI 2.10" = Tweak UI
"UHS Reader (Version 6.01)" = UHS Reader (Version 6.01)
"Uninstaller_B1FA2000_ArcSoft DVD SlideShow" = ArcSoft DVD SlideShow (Shared Components)
"UnixUtils for Yahoo! Widgets" = Unix Utilities for Yahoo! Widgets
"VertusFluidMask" = Vertus Fluid Mask 2.0.3
"VertusFluidMask3" = Vertus Fluid Mask 3 3.0.10
"ViewpointMediaPlayer" = Viewpoint Media Player
"VistaWrite" = VistaWrite
"WavePad" = WavePad Uninstall
"Web Games Player Plugin" = Web Games Player Plugin
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WindowsFrotz" = Windows Frotz (remove only)
"WinPcapInst" = WinPcap 3.1
"WM Recorder 11.1" = WM Recorder 11.1
"WM_Recorder_102" = WM Recorder + RM Recorder 10.21
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
"Yahoo! Widget Engine" = Yahoo! Widgets
"youdamarina" = Youda Marina

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2444962988-477438111-2672112748-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Reader for Palm OS" = Adobe Reader for Palm OS, 3.05
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/6/1970 9:12:20 AM | Computer Name = DELLA | Source = Application Error | ID = 1000
Description = Faulting application imapp.exe, version 6.2.7.4922, faulting module
msvcr80.dll, version 8.0.50727.4053, fault address 0x00051f1c.

Error - 4/9/1970 10:01:24 AM | Computer Name = DELLA | Source = Application Error | ID = 1000
Description = Faulting application courier.exe, version 3.50.0.13, faulting module
courier.exe, version 3.50.0.13, fault address 0x000c0a42.

Error - 4/3/1970 8:23:16 AM | Computer Name = DELLA | Source = Application Error | ID = 1000
Description = Faulting application courier.exe, version 3.50.0.13, faulting module
courier.exe, version 3.50.0.13, fault address 0x000c0a42.

Error - 4/9/1970 10:01:24 AM | Computer Name = DELLA | Source = Application Error | ID = 1000
Description = Faulting application courier.exe, version 3.50.0.13, faulting module
courier.exe, version 3.50.0.13, fault address 0x000c0a42.

Error - 1/6/1970 9:04:52 PM | Computer Name = DELLA | Source = Application Error | ID = 1000
Description = Faulting application incmail.exe, version 6.2.7.4922, faulting module
msvcr80.dll, version 8.0.50727.4053, fault address 0x00051f1c.

Error - 4/9/1970 10:01:24 AM | Computer Name = DELLA | Source = Application Error | ID = 1000
Description = Faulting application easydeskticker.exe, version 0.0.0.0, faulting
module easydeskticker.exe, version 0.0.0.0, fault address 0x0001dd0c.

Error - 8/24/2033 6:10:08 AM | Computer Name = DELLA | Source = Application Error | ID = 1000
Description = Faulting application nmsrvc.exe, version 11.2.9170.0, faulting module
nmagnt.dll, version 11.2.9195.1, fault address 0x0004f101.

Error - 4/30/1970 3:44:52 PM | Computer Name = DELLA | Source = Application Error | ID = 1000
Description = Faulting application imapp.exe, version 6.2.9.4978, faulting module
msvcr80.dll, version 8.0.50727.4053, fault address 0x00051f1c.

Error - 4/9/1970 10:01:24 AM | Computer Name = DELLA | Source = Application Error | ID = 1000
Description = Faulting application logitechdesktopmessenger.exe, version 2.52.21.16,
faulting module msvcrt.dll, version 7.0.2600.2180, fault address 0x00032a16.

Error - 6/11/2011 8:20:19 AM | Computer Name = DELLA | Source = Application Error | ID = 1000
Description = Faulting application easydeskticker.exe, version 0.0.0.0, faulting
module easydeskticker.exe, version 0.0.0.0, fault address 0x0001dd0c.

[ System Events ]
Error - 10/30/2009 7:27:47 AM | Computer Name = DELLA | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 8/24/2033 6:10:08 AM | Computer Name = DELLA | Source = Service Control Manager | ID = 7034
Description = The Pure Networks Platform Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 1/13/2010 10:14:38 PM | Computer Name = DELLA | Source = Service Control Manager | ID = 7022
Description = The AVG9IDSAgent service hung on starting.

Error - 8/24/2033 6:10:08 AM | Computer Name = DELLA | Source = Service Control Manager | ID = 7034
Description = The Pure Networks Platform Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 8/13/2010 3:10:39 PM | Computer Name = DELLA | Source = DCOM | ID = 10010
Description = The server {F2F6A7B0-0E74-49BF-ABDF-8A0778554472} did not register
with DCOM within the required timeout.

Error - 8/24/2033 6:10:08 AM | Computer Name = DELLA | Source = Service Control Manager | ID = 7034
Description = The Pure Networks Platform Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 8/24/2033 6:10:08 AM | Computer Name = DELLA | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.DebugCRT could not be found and
Last Error was The referenced assembly is not installed on your system.

Error - 8/24/2033 6:10:08 AM | Computer Name = DELLA | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT. Reference
error message: The referenced assembly is not installed on your system. .

Error - 8/24/2033 6:10:08 AM | Computer Name = DELLA | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for c:\program files\real\realplayer\plugins\rmxrend.dll.
Reference
error message: The operation completed successfully. .

Error - 8/24/2033 6:10:08 AM | Computer Name = DELLA | Source = Service Control Manager | ID = 7034
Description = The Pure Networks Platform Service service terminated unexpectedly.
It has done this 1 time(s).


< End of report >
  • 0

#12
Essexboy
Posted 06 September 2011 - 01:04 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK killing time :) Once OTL has run then go back to normal mode to run Malwarebytes

A question do you know about these Chinese/Japanese folders ?

[2010/01/31 11:52:08 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\?È) -- C:\WINDOWS\System32\縀È
[2010/01/31 11:52:08 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\?È) -- C:\WINDOWS\System32\縀È
[2010/01/30 13:15:38 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\麠Ȇ
[2010/01/30 13:15:38 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\麠Ȇ

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
    FF - prefs.js..browser.search.selectedEngine: "MyStart Search"
    O3 - HKU\S-1-5-21-2444962988-477438111-2672112748-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-2444962988-477438111-2672112748-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
    O35 - HKU\S-1-5-21-2444962988-477438111-2672112748-1006..exefile [open] -- "C:\Documents and Settings\Betsy True\Local Settings\Application Data\tru.exe" -a "%1" %*
    O37 - HKU\S-1-5-21-2444962988-477438111-2672112748-1006\...exe [@ = exefile] -- "C:\Documents and Settings\Betsy True\Local Settings\Application Data\tru.exe" -a "%1" %*
    [2011/07/25 20:01:09 | 000,008,834 | -HS- | C] () -- C:\Documents and Settings\Betsy True\Local Settings\Application Data\255fm0en288l
    [2011/07/25 20:01:09 | 000,008,834 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\255fm0en288l
    [2009/04/22 22:46:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\85d0f5e61a0389c28fdeaec7f07d80fa.8A83BD0BE459142F50C111755484E359D8DBFFF2.1
    [2009/04/22 21:23:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betsy True\Application Data\c8dbe8efd4647dc2bc71ac80461b8677.8A83BD0BE459142F50C111755484E359D8DBFFF2.1

    :Files
    ipconfig /flushdns /c
    C:\Documents and Settings\Betsy True\Local Settings\Application Data\tru.exe

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#13
betctru
Posted 06 September 2011 - 01:18 PM

betctru

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts

OK killing time :unsure: Once OTL has run then go back to normal mode to run Malwarebytes

A question do you know about these Chinese/Japanese folders ?

[2010/01/31 11:52:08 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\?È) -- C:\WINDOWS\System32\縀È
[2010/01/31 11:52:08 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\?È) -- C:\WINDOWS\System32\縀È
[2010/01/30 13:15:38 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\麠Ȇ
[2010/01/30 13:15:38 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\麠Ȇ


I don't know anything about them? :)

Run OTL
[*]Let the program run unhindered, reboot the PC when it is done
/edited/
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply. [/list]


Question: Do I run OTL above in "Safe Mode with Networking" as I did originally? I believe so from what you wrote--it's only when I get to the run MalwareBytes that I go back to normal mode.

Thanks.

Betsy

Edited by betctru, 06 September 2011 - 01:19 PM.

  • 0

#14
Essexboy
Posted 06 September 2011 - 01:24 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That is correct, run OTL in safe mode and allow it to reboot to normal mode for the Malwarebytes run

I wiill check the others out now, we may need to remove them next :)
  • 0

#15
betctru
Posted 06 September 2011 - 01:36 PM

betctru

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
The system has rebooted; OTL tried to run automatically (I had to click "Run"), and then produced a log file 09063022_152333.log after a few seconds without me taking any further action. I'm running a quick scan now. Is the 0906etc. log the one you want or the results of the scan I'm running now, or both?

Thanks...
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP