[godawgs]

Hi pa.pete,

Let's try this.


Step-1

Check Event Service / Clear Event Logs

• Click the Start Orb
• Right click on Computer and click on Manage
• Click (Continue) on the UAC screen. The Computer Management window will come up.
• On the left side of the window click the arrow beside Services and Applications and click Services
• Scroll down the list that pops up and find Windows Event Log
  • Right click on Windows Event Log and click Properties. The Windows Event Log window will come up.
  • On the General tab, about half way down the page look for Starup type:. Click the down arrow in the box and select Automatic
  • Below that underneath Service status: click Start then click Apply, OK. You should be back on the Computer Management window.
• On the left side of the window click the arrow beside Event Viewer
• Click the arrow beside Windows Logs
• Right click on Application and click Clear Log
• Right click on System and click Clear Log
• Close the Computer Management window and Reboot.

Step-2

OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the code box below. To do this, highlight everything
inside the code box , right click and click Copy.

:FILES
ipconfig /flushdns /c

:Reg
[-HKEY_LOCAL_MACHINE\Software\MozillaPlugins]
[-HKEY_CURRENT_USER\Software\MozillaPlugins]
[-HKEY_LOCAL_MACHINE\software\mozilla]
[-HKEY_CURRENT_USER\software\mozilla]

:COMMANDS
[EMPTYTEMP]

Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open on your desktop.
3. Place the mouse pointer inside the textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-3.

OTL Custom Scan

1. Please copy the text in the code box below and paste it in the box in OTL. To do that:

• Highlight everything inside the code box, right click the mouse and click Copy.

HKEYLM\System\CurrentControlSet\Services\Eventlog

2. Re-open OTL on the desktop. To do that:

• Double click on the OTL icon to run it. Make sure all other windows are closed.
• You will see a console like the one below:
  
  
  
• Make sure the Output box at the top is set to Standard Output.
• In the Extra Registry section click the button beside Use Safelist<---Important
• Check the boxes beside LOP Check and Purity Check.
• Place the mouse pointer inside the box, right click and click Paste. This will put the above script inside OTL
• Click the button. Do not change any settings unless otherwise told to do so.
• Let the scan run uninterrupted. The scan won't take long.
• When the scan completes, it will open OTL.Txt and Extras.txt on the desktop. These files are also saved in the same location as OTL (it should be on your desktop).
• Please copy the contents of these files and paste it into your reply. To do that:
• On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
• Right click inside the forum post window then click Paste.This will paste the contents of the OTL.txt file in the in the post window.
• Repeat for the Extras.txt file.

Step-4.

Things for your next reply:
1. The OTL fixes log
2. The OTL.txt log
3. The Extras.txt log
4. Tell me how the computer is running now.

[Advertisements]

godawgs,
I hate to be a pia,I followed your instructions, but whenever I click on the event viewer I get a message "Event log service is unavailable Please make sure the service is running" I don't know if I am doing somthing wrong or what?
Sorry for the troubles,
Pete

[pa.pete]

godawgs,
I hate to be a pia,I followed your instructions, but whenever I click on the event viewer I get a message "Event log service is unavailable Please make sure the service is running" I don't know if I am doing somthing wrong or what?
Sorry for the troubles,
Pete

[godawgs]

You aren't doing anything wrong. The service just wants to be a pain to start. OK, see if this will work.

Step-1

Start Event Service

• Click the Start Orb. Type the following and press the ENTER key.
  

  services.msc

• Click Continue on the UAC. The Services window will come up.
• Scroll down the list that pops up and find Windows Event Log
  • Right click on Windows Event Log and click Properties. The Windows Event Log window will come up.
  • On the General tab, about half way down the page look for Starup type:. Click the down arrow in the box and select Automatic
  • Below that underneath Service status: click Start then click Apply, OK.
• Close the Services window and Reboot.

Clear the Event Logs

• Click the Start Orb
• Right click on Computer and click on Manage
• Click (Continue) on the UAC screen. The Computer Management window will come up.
• On the left side of the window click the arrow beside Event Viewer
• Click the arrow beside Windows Logs
• Right click on Application and click Clear Log
• Right click on System and click Clear Log
• Close the Computer Management window and Reboot.

If this doesn't start the Event Service, please do Step 2 in post 31and just post the OTL Fixes log.

[pa.pete]

godawgs,
The event log service still would not run so I did step 2 on post #31 here is the log.
Pete

All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Radwick\Desktop\cmd.bat deleted successfully.
C:\Users\Radwick\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\mozilla\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\mozilla\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Radwick
->Temp folder emptied: 669451 bytes
->Temporary Internet Files folder emptied: 51179283 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 4606 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 590098 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 236798 bytes

Total Files Cleaned = 50.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 02212012_180508

Files\Folders moved on Reboot...
C:\Users\Radwick\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

[godawgs]

Hi pa.pete,

Let me back up a minute. In post #30 when you said:

On the computer management screen when I click on the arrow next to Event Viewer, a window pops up that says "Event log service is unavailable, Verify that the service is running" I didn't go any farther as I didn't know what to do with that.

Did you get a window that looked like this


If you did, You should still be able to click the down arrow beside Windows Logs and right-click on the Application and System logs and choose “Clear Log” from the menu.


If you can do that, reboot the computer and then try to turn the EventLog service on (directions are in Step 1, post #33.

After that, whether it worked or not:

OTL Custom Scan

1. Please copy the text in the code box below and paste it in the box in OTL. To do that:

• Highlight everything inside the code box, right click the mouse and click Copy.

HKEYLM\System\CurrentControlSet\Services\Eventlog

2. Re-open OTL on the desktop. To do that:

• Double click on the OTL icon to run it. Make sure all other windows are closed.
• You will see a console like the one below:
  
  
  
• Make sure the Output box at the top is set to Standard Output.
• In the Extra Registry section click the button beside Use Safelist<---Important
• Check the boxes beside LOP Check and Purity Check.
• Place the mouse pointer inside the box, right click and click Paste. This will put the above script inside OTL
• Click the button. Do not change any settings unless otherwise told to do so.
• Let the scan run uninterrupted. The scan won't take long.
• When the scan completes, it will open OTL.Txt and Extras.txt on the desktop. These files are also saved in the same location as OTL (it should be on your desktop).
• Please copy the contents of these files and paste it into your reply. To do that:
• On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
• Right click inside the forum post window then click Paste.This will paste the contents of the OTL.txt file in the in the post window.
• Repeat for the Extras.txt file.

Things For Your Next Post:
1. Let me know if you got the event logs cleared and the EventLog service started.
2. The OTL.txt log
3. The Extras.txt log
4. How is the computer running now?

[pa.pete]

godawgs,
When I follow step one on post #29 I get this-




When I follow step one on post #31 I get this-

[godawgs]

Hi pa.pete,

I see what you're saying. Looks like the log folders under Event Viewer are gone. Let's look at the registry key for the Evenltog service and see if that information is correct.


Step-1.

OTL Custom Scan

1. Please copy the text in the code box below and paste it in the box in OTL. To do that:

• Highlight everything inside the code box, right click the mouse and click Copy.

HKEYLM\System\CurrentControlSet\Services\Eventlog

2. Re-open OTL on the desktop. To do that:

• Double click on the OTL icon to run it. Make sure all other windows are closed.
• You will see a console like the one below:
  
  
  
• Make sure the Output box at the top is set to Standard Output.
• In the Extra Registry section click the button beside Use Safelist<---Important
• Check the boxes beside LOP Check and Purity Check.
• Place the mouse pointer inside the box, right click and click Paste. This will put the above script inside OTL
• Click the button. Do not change any settings unless otherwise told to do so.
• Let the scan run uninterrupted. The scan won't take long.
• When the scan completes, it will open OTL.Txt and Extras.txt on the desktop. These files are also saved in the same location as OTL (it should be on your desktop).
• Please copy the contents of these files and paste it into your reply. To do that:
• On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
• Right click inside the forum post window then click Paste.This will paste the contents of the OTL.txt file in the in the post window.
• Repeat for the Extras.txt file.

Step-2.

Things For Your Next Post:
1. The OTL.txt log
2. The Extras.txt log

[pa.pete]

OTL logfile created on: 2/22/2012 5:53:41 PM - Run 8
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Radwick\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 60.15% Memory free
7.49 Gb Paging File | 5.60 Gb Available in Paging File | 74.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.94 Gb Total Space | 282.91 Gb Free Space | 62.32% Space Free | Partition Type: NTFS

Computer Name: RADWICK-PC | User Name: Radwick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/04 18:26:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Radwick\Desktop\OTL.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/01/13 15:17:26 | 001,589,208 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Security\pctsGui.exe
PRC - [2011/01/07 14:54:12 | 000,108,496 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
PRC - [2011/01/07 14:54:08 | 000,247,760 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2010/12/31 09:36:22 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe
PRC - [2010/11/26 06:05:46 | 000,353,736 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
PRC - [2010/11/26 06:05:46 | 000,255,432 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
PRC - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
PRC - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
PRC - [2009/11/20 18:34:08 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2009/11/09 19:20:08 | 001,519,743 | ---- | M] (Suyin) -- C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
PRC - [2009/11/01 18:39:48 | 001,094,736 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009/09/24 18:42:34 | 000,244,480 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
PRC - [2009/09/24 18:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
PRC - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
PRC - [2009/08/03 11:05:48 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/07/03 20:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2009/04/16 02:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2008/09/03 14:04:22 | 000,541,976 | ---- | M] (PIXELA CORPORATION) -- C:\Program Files (x86)\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe


========== Modules (No Company Name) ==========

MOD - [2010/11/26 06:05:46 | 000,251,336 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\ImLookExU.dll
MOD - [2010/11/26 06:05:46 | 000,132,552 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\ImComUtlU.dll
MOD - [2010/11/26 06:05:46 | 000,079,304 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\ImAppRU.dll
MOD - [2010/11/26 06:05:46 | 000,071,112 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\wlessfp1.dll
MOD - [2010/11/18 15:55:44 | 000,079,224 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\PMC.dll
MOD - [2009/11/20 18:34:08 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2009/10/08 21:49:18 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\VWC_ENG.dll
MOD - [2009/10/07 15:13:38 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\sy_Utility.dll
MOD - [2009/09/23 21:27:04 | 000,626,688 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\Image.dll
MOD - [2009/08/03 11:05:48 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2009/02/02 20:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\sqlite3.dll
MOD - [2008/07/03 13:18:48 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\PIXELA\Everio MediaBrowser\pxl_m17n_tool.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/11/13 10:28:38 | 000,129,536 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV:64bit: - [2009/09/30 17:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/30 02:03:42 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 20:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/01/07 14:54:08 | 000,247,760 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/12/31 09:36:22 | 000,070,928 | ---- | M] (PC Tools) [On_Demand | Running] -- C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/09/24 18:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/16 07:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Stopped] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/29 14:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/01/17 09:09:58 | 000,334,976 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pctgntdi64.sys -- (pctgntdi)
DRV:64bit: - [2010/12/31 09:36:44 | 000,074,824 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfSysMon.sys -- (TFSysMon)
DRV:64bit: - [2010/12/31 09:36:42 | 000,041,888 | --S- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TfNetMon.sys -- (TfNetMon)
DRV:64bit: - [2010/12/31 09:36:40 | 000,065,072 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfFsMon.sys -- (TfFsMon)
DRV:64bit: - [2010/12/16 08:46:10 | 000,092,896 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pctplsg64.sys -- (pctplsg)
DRV:64bit: - [2010/12/10 13:24:50 | 000,257,232 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/07/16 14:53:32 | 000,816,016 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pctEFA64.sys -- (pctEFA)
DRV:64bit: - [2010/06/29 10:35:34 | 000,452,872 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS)
DRV:64bit: - [2009/09/21 14:00:44 | 001,537,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/03 15:30:20 | 000,128,512 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV:64bit: - [2009/09/02 12:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/08/11 15:59:50 | 000,686,080 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/07/30 12:11:24 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/24 05:49:00 | 000,119,312 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:09:15 | 000,145,920 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2009/07/09 06:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/20 06:35:00 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/06/19 21:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/06/10 15:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/24 22:57:42 | 000,243,760 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/05/05 19:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 19:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/05/05 03:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/04/29 14:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/04/28 12:03:42 | 000,067,128 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/04/28 12:03:42 | 000,028,216 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/04/03 09:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/02/13 10:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2009/02/13 01:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/02/13 01:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/02/13 01:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2006/06/18 09:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2009/09/02 12:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...e0z1k5a4411x562
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...e0z1k5a4411x562
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...e0z1k5a4411x562
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...e0z1k5a4411x562

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...e0z1k5a4411x562
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://meadvilletribune.com/
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [ISTray] C:\Program Files (x86)\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)
O4 - HKCU..\Run: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai...5/installer.exe (Virtools WebPlayer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...xControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E5A01CAC-5E03-44E0-B1BA-14357562B6C3}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE998D23-1334-4C02-91A6-1C73DC39E8DF}: DhcpNameServer = 192.168.0.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/21 18:08:36 | 000,000,000 | R--D | C] -- C:\Users\Radwick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2012/02/20 12:17:15 | 000,000,000 | ---D | C] -- C:\Users\Radwick\AppData\Local\{DAF16E15-E5FF-428E-ADEA-E6165112D85E}
[2012/02/20 12:17:04 | 000,000,000 | ---D | C] -- C:\Users\Radwick\AppData\Local\{721EEA6B-4F63-4666-92E4-9BBA6E7F72F5}
[2012/02/15 15:15:37 | 000,000,000 | ---D | C] -- C:\d37e51664a70a5aa217a0fe5
[2012/02/15 13:28:43 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/02/15 13:28:42 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/02/15 13:28:42 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/02/15 13:28:26 | 000,634,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/02/15 13:28:07 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/02/15 13:28:07 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/02/15 13:28:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/15 13:28:05 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/02/15 13:28:05 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/02/15 13:28:05 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/02/15 13:28:04 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/02/15 13:28:04 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/02/15 13:28:04 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/02/15 13:28:03 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/02/15 13:28:03 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/02/15 13:28:03 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/02/15 13:28:03 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/15 13:28:03 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/02/15 13:28:03 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/02/15 13:15:22 | 000,000,000 | ---D | C] -- C:\5e446f905e7c4252a90e8751bf1cb7
[2012/02/13 19:35:57 | 000,213,504 | ---- | C] (Microsoft Corporation) -- C:\Users\Radwick\AppData\Local\dplayx.dll
[2012/02/11 21:41:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
[2012/02/11 21:41:34 | 000,000,000 | ---D | C] -- C:\ProgramData\GARMIN
[2012/02/11 21:41:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Garmin
[2012/02/11 18:54:02 | 000,000,000 | ---D | C] -- C:\Users\Radwick\Desktop\TTSVoiceEditor_V290
[2012/02/11 18:21:20 | 029,379,896 | ---- | C] (Igor Pavlov) -- C:\Users\Radwick\Desktop\VoiceStudio_230.exe
[2012/02/11 18:11:43 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2012/02/11 10:42:57 | 000,000,000 | ---D | C] -- C:\Users\Radwick\AppData\Roaming\Malwarebytes
[2012/02/11 10:42:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/11 10:42:11 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/02/11 10:42:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/02/11 10:42:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/11 10:39:24 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Radwick\Desktop\mbam--setup-1.60.1.1000.exe
[2012/02/07 20:08:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/06 18:25:37 | 000,000,000 | ---D | C] -- C:\Users\Radwick\Desktop\GooredFix Backups
[2012/02/06 18:25:11 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Radwick\Desktop\GooredFix.exe
[2012/02/04 18:26:09 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Radwick\Desktop\OTL.exe
[2012/02/04 12:10:01 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\Radwick\Desktop\aswMBR.exe
[2012/02/04 11:55:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2012/02/04 11:55:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012/02/04 11:55:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2XL Games
[2012/02/04 11:46:48 | 000,000,000 | ---D | C] -- C:\Users\Radwick\Desktop\RK_Quarantine
[2012/02/04 10:49:08 | 000,000,000 | ---D | C] -- C:\Users\Radwick\Desktop\log
[2012/02/04 10:44:42 | 000,000,000 | ---D | C] -- C:\Users\Radwick\Desktop\64bit

========== Files - Modified Within 30 Days ==========

[2012/02/22 17:29:03 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4103317124-915067586-60201695-1001UA1cc6e22fe11df1c.job
[2012/02/22 17:29:03 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/22 16:57:02 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/22 16:57:02 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4103317124-915067586-60201695-1001Core1cc6e22fcbb18f4.job
[2012/02/22 16:56:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/22 15:34:09 | 000,000,156 | ---- | M] () -- C:\Users\Radwick\Documents\std.out
[2012/02/22 15:16:48 | 000,045,433 | ---- | M] () -- C:\Users\Radwick\Documents\bottle_011.prt
[2012/02/22 14:46:28 | 000,090,895 | ---- | M] () -- C:\Users\Radwick\Desktop\screenshot.jpg
[2012/02/21 18:15:11 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/21 18:15:11 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/21 18:06:45 | 3018,608,640 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/21 13:04:45 | 000,016,896 | ---- | M] () -- C:\Users\Radwick\Documents\jimbaby.wps
[2012/02/21 13:04:45 | 000,005,756 | ---- | M] () -- C:\Users\Radwick\AppData\Roaming\wklnhst.dat
[2012/02/21 07:55:56 | 000,628,320 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/21 07:55:55 | 000,108,466 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/21 07:55:53 | 000,732,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/21 07:55:08 | 000,004,971 | ---- | M] () -- C:\Users\Radwick\Documents\prop_iges_log.xml
[2012/02/20 12:19:26 | 000,141,849 | ---- | M] () -- C:\Users\Radwick\Desktop\Event viewer.jpg
[2012/02/20 10:28:18 | 000,056,320 | -H-- | M] () -- C:\Users\Radwick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/17 12:29:29 | 000,002,343 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/02/16 08:04:35 | 000,423,504 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/15 13:27:53 | 001,883,828 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/02/13 20:40:51 | 000,041,770 | ---- | M] () -- C:\Users\Radwick\Desktop\RogueKiller.htm
[2012/02/12 12:39:27 | 000,000,117 | ---- | M] () -- C:\Users\Radwick\Desktop\Homepage » Meadville Tribune.url
[2012/02/11 20:45:45 | 002,634,584 | ---- | M] () -- C:\Users\Radwick\Desktop\Elfred.zip
[2012/02/11 20:08:52 | 000,000,523 | ---- | M] () -- C:\Users\Radwick\Desktop\English_American_.vpm - original.lnk
[2012/02/11 19:46:07 | 003,586,568 | ---- | M] () -- C:\Users\Radwick\Desktop\TeamGarmin-DaveZabriskie.zip
[2012/02/11 18:52:10 | 000,051,897 | ---- | M] () -- C:\Users\Radwick\Desktop\TTSVoiceEditor_V290.zip
[2012/02/11 18:21:20 | 029,379,896 | ---- | M] (Igor Pavlov) -- C:\Users\Radwick\Desktop\VoiceStudio_230.exe
[2012/02/11 10:42:12 | 000,001,112 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/11 10:39:42 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Radwick\Desktop\mbam--setup-1.60.1.1000.exe
[2012/02/06 18:25:12 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Radwick\Desktop\GooredFix.exe
[2012/02/04 18:26:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Radwick\Desktop\OTL.exe
[2012/02/04 12:23:05 | 000,000,512 | ---- | M] () -- C:\Users\Radwick\Desktop\MBR.dat
[2012/02/04 12:10:01 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\Radwick\Desktop\aswMBR.exe
[2012/02/04 11:46:15 | 001,201,664 | ---- | M] () -- C:\Users\Radwick\Desktop\RogueKiller.exe

========== Files Created - No Company Name ==========

[2012/02/22 15:17:52 | 000,045,433 | ---- | C] () -- C:\Users\Radwick\Documents\bottle_011.prt
[2012/02/21 12:32:15 | 000,016,896 | ---- | C] () -- C:\Users\Radwick\Documents\jimbaby.wps
[2012/02/21 07:55:08 | 000,004,971 | ---- | C] () -- C:\Users\Radwick\Documents\prop_iges_log.xml
[2012/02/20 12:01:42 | 000,141,849 | ---- | C] () -- C:\Users\Radwick\Desktop\Event viewer.jpg
[2012/02/19 18:08:16 | 000,090,895 | ---- | C] () -- C:\Users\Radwick\Desktop\screenshot.jpg
[2012/02/13 20:40:51 | 000,041,770 | ---- | C] () -- C:\Users\Radwick\Desktop\RogueKiller.htm
[2012/02/12 12:39:27 | 000,000,117 | ---- | C] () -- C:\Users\Radwick\Desktop\Homepage » Meadville Tribune.url
[2012/02/11 20:45:36 | 002,634,584 | ---- | C] () -- C:\Users\Radwick\Desktop\Elfred.zip
[2012/02/11 20:08:52 | 000,000,523 | ---- | C] () -- C:\Users\Radwick\Desktop\English_American_.vpm - original.lnk
[2012/02/11 19:45:57 | 003,586,568 | ---- | C] () -- C:\Users\Radwick\Desktop\TeamGarmin-DaveZabriskie.zip
[2012/02/11 18:52:09 | 000,051,897 | ---- | C] () -- C:\Users\Radwick\Desktop\TTSVoiceEditor_V290.zip
[2012/02/11 10:42:12 | 000,001,112 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/04 12:23:05 | 000,000,512 | ---- | C] () -- C:\Users\Radwick\Desktop\MBR.dat
[2012/02/04 11:46:08 | 001,201,664 | ---- | C] () -- C:\Users\Radwick\Desktop\RogueKiller.exe
[2012/01/22 18:36:11 | 000,002,034 | ---- | C] () -- C:\ProgramData\repository.xml
[2012/01/16 11:04:20 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0153.old
[2012/01/16 11:04:20 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0108.old
[2012/01/16 11:04:20 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2011/03/23 20:41:17 | 000,192,208 | ---- | C] () -- C:\Users\Radwick\AppData\Local\census.cache
[2011/03/23 20:41:09 | 000,093,307 | ---- | C] () -- C:\Users\Radwick\AppData\Local\ars.cache
[2011/01/31 22:06:13 | 000,000,036 | ---- | C] () -- C:\Users\Radwick\AppData\Local\housecall.guid.cache
[2010/12/27 11:10:57 | 000,000,040 | ---- | C] () -- C:\Windows\RSoftInfo.dat
[2010/08/03 16:30:25 | 000,002,415 | ---- | C] () -- C:\Windows\disney.ini
[2010/04/14 19:52:35 | 000,056,320 | -H-- | C] () -- C:\Users\Radwick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/13 15:46:45 | 000,005,756 | ---- | C] () -- C:\Users\Radwick\AppData\Roaming\wklnhst.dat
[2010/01/26 18:43:45 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2010/01/26 18:26:40 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010/01/26 18:26:40 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
[2010/01/26 18:03:22 | 000,000,481 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/01/26 18:02:45 | 000,001,642 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2009/10/29 15:56:57 | 000,000,189 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2009/10/29 15:56:57 | 000,000,168 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009/10/29 15:56:57 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini
[2009/10/29 15:06:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/07/13 16:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 16:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/07/13 16:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/03/06 10:41:02 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\AMV_DecDLL.dll

========== LOP Check ==========

[2010/12/15 10:27:06 | 000,000,000 | ---D | M] -- C:\Users\Radwick\AppData\Roaming\Elluminate
[2010/07/05 07:15:58 | 000,000,000 | ---D | M] -- C:\Users\Radwick\AppData\Roaming\Packard Bell
[2011/09/08 18:36:10 | 000,000,000 | ---D | M] -- C:\Users\Radwick\AppData\Roaming\ptc
[2010/04/26 15:05:31 | 000,000,000 | ---D | M] -- C:\Users\Radwick\AppData\Roaming\Template
[2011/09/05 15:04:43 | 000,000,000 | ---D | M] -- C:\Users\Radwick\AppData\Roaming\TP
[2010/04/14 14:56:42 | 000,000,000 | ---D | M] -- C:\Users\Radwick\AppData\Roaming\Western Digital
[2011/04/03 10:56:13 | 000,000,000 | ---D | M] -- C:\Users\Radwick\AppData\Roaming\Windows Live Writer
[2012/02/10 19:53:34 | 000,032,570 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< HKEYLM\System\CurrentControlSet\Services\Eventlog >
"ServiceDll" = %SystemRoot%\System32\wevtsvc.dll
"ServiceMain" = ServiceMain
"PlugPlayServiceType" = 3
"ServiceDllUnloadOnStop" = 1
"DisplayName" = Windows Event Log
"Group" = Event Log
"ImagePath" = %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted -- [2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\wevtsvc.dll,-201
"ObjectName" = NT AUTHORITY\LocalService
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"ServiceSidType" = 1
"RequiredPrivileges" = SeChangeNotifyPrivilegeSeImpersonatePrivilege [binary data]
"FailureActionsOnNonCrashFailures" = 1
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 C0 D4 01 00 00 00 00 00 00 00 00 00 [binary data]

[HKEYLM\System\CurrentControlSet\Services\Eventlog\Application]

[HKEYLM\System\CurrentControlSet\Services\Eventlog\HardwareEvents]

[HKEYLM\System\CurrentControlSet\Services\Eventlog\Internet Explorer]

[HKEYLM\System\CurrentControlSet\Services\Eventlog\Key Management Service]

[HKEYLM\System\CurrentControlSet\Services\Eventlog\Media Center]

[HKEYLM\System\CurrentControlSet\Services\Eventlog\ODiag]

[HKEYLM\System\CurrentControlSet\Services\Eventlog\OSession]

[HKEYLM\System\CurrentControlSet\Services\Eventlog\Security]

[HKEYLM\System\CurrentControlSet\Services\Eventlog\System]

[HKEYLM\System\CurrentControlSet\Services\Eventlog\Windows PowerShell]

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 185 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84

< End of report >

OTL Extras logfile created on: 2/22/2012 5:53:41 PM - Run 8
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Radwick\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 60.15% Memory free
7.49 Gb Paging File | 5.60 Gb Available in Paging File | 74.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.94 Gb Total Space | 282.91 Gb Free Space | 62.32% Space Free | Partition Type: NTFS

Computer Name: RADWICK-PC | User Name: Radwick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{604CB4FC-3D32-405F-A109-165F170529B6}" = WD SmartWare
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96F70DF8-160F-4F9C-9B9E-2A9B439B4EB9}" = Broadcom Gigabit NetLink Controller
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A8DDE3ED-9B6A-F806-32AF-EC53A836A04F}" = ATI Catalyst Install Manager
"{A8F30C52-D992-4077-8A77-30ED12B6244C}" = Creo Thumbnail Viewer 1.0
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B7CF178A-2F3D-0125-0D78-98EB53D92A52}" = ccc-utility64
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F9232528-EA5C-4DA0-B8BE-637A70E9E673}" = ProductView Express 9.1
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy Software Installer
"7511B29C86C398B4D11A0B0E4176CAD68D1B7057" = Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1)
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Creo Elements/Pro Schools Edition Release 5.0 Datecode M080" = Creo Elements/Pro Schools Edition Release 5.0 Datecode M080
"EC3E466026556D3EB760B01C4772277614354E11" = Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0695DD0E-0E07-061B-5317-1FCCEA3CA51F}" = CCC Help Czech
"{06A02948-CE93-82A0-7BD4-5FB9562136F7}" = CCC Help Japanese
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B7169C2-4FC9-0454-6E6F-CDBA27D9C3CF}" = CCC Help Spanish
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18DB3375-0649-4EA3-959A-44F1ACD278BA}" = IncrediMail
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FFA2D28-F77A-E27C-0659-F497926805AA}" = CCC Help Polish
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 26
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37DA7059-EC42-8F87-2593-AB273A13CDE4}" = CCC Help Hungarian
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Gateway Power Management
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4CCFFF96-7841-44D4-91F2-4027E5C537F4}" = Zoo Tycoon 2 - Extinct Animals Demo
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{554B7217-1988-2E1E-8CAC-30CB8498DA8E}" = CCC Help Portuguese
"{55DD0FA2-22F0-4071-AC9B-32FE70BBE37D}" = PhotoMail Maker
"{5920C2D5-2969-9BAE-E5A7-947721CFF1F1}" = CCC Help English
"{5C8C6C22-5B84-E88C-C38C-9E66DB569600}" = CCC Help Thai
"{5CA03ECF-B4A6-464B-9F5D-64D8B61B083F}" = Everio MediaBrowser
"{6122170D-F78E-182F-1D70-9187108F0AB7}" = Catalyst Control Center Graphics Light
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6D9021DC-CF1B-4148-8C80-6D8E8A8A33EB}" = Video Web Camera
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79BF8F0E-A3A6-D677-F4AE-157BE4AB9E46}" = CCC Help Danish
"{7E9E6DC1-BE81-F3C8-2D61-F9AFADC7B2F8}" = CCC Help Chinese Standard
"{7EFE7605-8879-F08C-9EBD-F0B0EBEDE2AA}" = CCC Help French
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{81CA0ED5-7522-01D4-2E20-018033B50087}" = CCC Help Korean
"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B7D2915-7EAB-43B0-9243-B3711462BF6E}" = Garmin VoiceStudio v2.30
"{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}" = Media Player Utilities 4.36
"{8B999A44-8314-493B-877E-A1DA5B54D9B8}" = Catalyst Control Center - Branding
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91903291-1546-5B74-AC17-FDBBFD57D3F9}" = CCC Help Russian
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{974A6749-A030-9EC2-D200-7BD29CA886AC}" = ccc-core-static
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9D77E042-7D73-0DDA-DAEF-95AD3247C63F}" = Catalyst Control Center Localization All
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA404934-A326-AC94-154A-73F65B2DBEFE}" = CCC Help Finnish
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B04FC2D5-AE5C-1526-69B8-7121BD8CE3B1}" = CCC Help Swedish
"{B1C45394-E332-23F3-35EE-4086C5167C29}" = Catalyst Control Center Core Implementation
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B6C21804-0E6C-D4E6-0CF1-4E7F96AAE930}" = CCC Help Turkish
"{BF59CB97-0475-8CDC-1DEB-F6565D3868FA}" = CCC Help Greek
"{C3A68A9A-2541-6171-3092-09C8AFAC4924}" = CCC Help Italian
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF0EDB56-BBF6-3C9F-9C50-2E3B3D444641}" = Google Talk Plugin
"{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}" = Digital Photo Navigator 1.5
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4C3DAFC-2F7A-E7A9-89D1-70E53F44D231}" = Catalyst Control Center InstallProxy
"{DCF9791F-07F7-3FE8-E639-22EAE582C244}" = CCC Help Norwegian
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB7879B9-891A-2502-1CAC-4D328A7DA434}" = Catalyst Control Center Graphics Full Existing
"{EC3102A1-F7D5-F4D7-0BBE-E9A336852DD5}" = CCC Help Dutch
"{ECDFF117-272C-499E-BE97-AC1C6FE190CD}" = Brother Bear
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{FA03EF4C-DE79-C463-6B50-AAC28A9A64FD}" = Catalyst Control Center Graphics Full New
"{FAAAA82D-E8FE-04C8-72D5-619A2632E1DF}" = CCC Help Chinese Traditional
"{FCB13E0B-09AD-7133-0B7E-52A157C6582E}" = CCC Help German
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"Best Buy Software Installer" = Best Buy Software Installer
"BFG-Zhu Zhu Pets" = Zhu Zhu Pets
"Browser Defender_is1" = Browser Defender 3.0
"Catz" = Catz (remove only)
"DailyBibleGuidebar Uninstall" = DailyBibleGuide
"Disneys Digital Coloring Book Featuring Pooh" = Disneys Digital Coloring Book Featuring Pooh
"Gateway InfoCentre" = Gateway InfoCentre
"Gateway Registration" = Gateway Registration
"Gateway Screensaver" = Gateway ScreenSaver
"Gateway Welcome Center" = Welcome Center
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Identity Card" = Identity Card
"IncrediMail" = IncrediMail 2.0
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{4CCFFF96-7841-44D4-91F2-4027E5C537F4}" = Zoo Tycoon 2 - Extinct Animals Demo
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Gateway MyBackup
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"PhotoMail" = PhotoMail Maker
"Scholastic's Little Bill Thinks BIG" = Scholastic's Little Bill Thinks BIG
"Spyware Doctor" = Spyware Doctor with AntiVirus 8.0
"WinLiveSuite" = Windows Live Essentials
"Zoo Tycoon 2 ES Trial Version" = Zoo Tycoon 2 Endangered Species Trial
"Zoo Tycoon 2 Trial Version" = Zoo Tycoon 2 Trial Version

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

[godawgs]

Hello again,

The contents of the registry key looks fine. In post #34 you said that the eventlog service still wouldn't run. Do you remember if it gave any error codes or error messages? If you don't remember exactly what they were, please try to start the service again and record any error codes or error messages it gives if it won't start.


Step-1.

Start Event Service

• Click the Start Orb. Type the following and press the ENTER key.
  

  services.msc

• Click Continue on the UAC. The Services window will come up.
• Scroll down the list that pops up and find Windows Event Log
  • Right click on Windows Event Log and click Properties. The Windows Event Log window will come up.
  • On the General tab, about half way down the page look for Starup type:. Click the down arrow in the box and select Automatic
  • Below that underneath Service status: click Start then click Apply, OK.
• Close the Services window and Reboot.

Step-2.

Things For Your Next Post:
1. Let me know if the eventlog started
2. List any error codes or error messages it gave if it didn't start.

[pa.pete]

godawgs,
This is what I get a few seconds after I click the start.
Pete

[godawgs]

Hi pa.pete,

Thanks for the information. I think we're closing in on it. One of the most common reasons for the 4201 error code is due to a permission being reset. Let's try this first.


Step-1.

Fix EventLog Permissions

• Restart Windows in Safe Mode
  To do that....
  
  • Restart your computer and as soon as it starts booting up again continuously tap the F8 key. An Advanced Boot Options screen will come up where you will be given the option to enter Safe Mode.
    
  • Use the down arrow key to highlight Safe Mode and push the ENTER key.
  
  NOTE: If you miss the Boot menu, continue to let the machine boot up. Then restart the machine and start tapping the F8 key.
  Very Important: Never restart the computer while it is booting up. Bad things, including the computer not being able to load Windows, can occur!
  
• Open the C:\Windows\System32\LogFiles\WMI folder
• Right-click on the RtBackup folder and click Properties
  
  
• Click the Security tab, and click the Edit button.
  
  
• Click Add
  
  
• Type SYSTEM and press the ENTER key
  
  
• In the Permissions for System section, click the box beside Full Control under the Allow column
  
  
• Click OK, and then click Yes when asked for confirmation.
  

Restart Windows (in Normal mode), and check the EventLog service again. If resetting the permission didn't restart it automatically, start the service according to the directions in post #39.


Step-2.

Things For Your Next Post:
1. Let me know if you were able to get the EventLog service started.

[pa.pete]

godawgs,
I followed your steps in safe mode, when I added system in for permission on the RT backup it would not allow it permission, however there was an option in there for Administraitor radwick\pc so I clicked on that and restarted in normal mode. I believe I can clear the logs now, before when I clicked on the arrow next to Event viewer I would always get the error, now you can see in the screen shot I am able to open the event viewer and the windows logs.
Should I clear the logs like you stated in a previous post?
Pete

[godawgs]

Hi,

Trying the admin. account next was a good catch. You may not have to clear the logs. First we need to see if the EventLog service has started. Then we can check to see if the service is reading the logs.


Step-1.

Check EventLog Service

• Click the Start Orb. Type the following and press the ENTER key.
  

  services.msc

• Click Continue on the UAC. The Services window will come up.
• Scroll down the list that pops up and find Windows Event Log
• Right click on Windows Event Log and click Properties. The Windows Event Log window will come up.
  IF: The Startup type box shows Automatic and the Service status line says Started, click the Cancel button and close the Services window. If they don't show that continue with the next steps.
  • On the General tab, about half way down the page look for Starup type:. Click the down arrow in the box and select Automatic
  • Below that underneath Service status: click Start then click Apply, OK.
• Close the Services window and Reboot.

Next you want to get new OTL logs to see if the EventLog service is working properly without having to clear the logs.


Step-2.

OTL Scan

Please re-open OTL

• Double click the on your desktop. Vista /7 users right click and click Run as Administrator. Make sure all other windows are closed .
• You will see a console like the one below:
  
  
  
• At the top of the console click the greyed out None button.<---Very Important
• Make sure the Output box at the top is set to Standard Output.
• In the Extra Registry section, click the Use Safelist button.<---Very Important
• Click the button. Do not change any settings unless otherwise told to do so.
• Let the scan run uninterrupted. The scan won't take long.
• When the scan completes, it will open two notepad windows, OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

I Do Not want you to post these files.

Instead, open the Extras.txt file. Look at the end of the file for the ========== Last 10 Event Log Errors ========== section and see if the error message Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! is still there or if there is a list of Event Log Errors. If the error message is gone, let me know. If it isn't , go on with the directions below.

If the Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! message is still there, Go back to post #33 and follow the steps under Clear the Event Logs.

Then follow the directions under Step 2. in this post a second time and let me know if the event logs are back.


Step-3.

Things For Your Next Post:
1. Let me know what happened with the Event Logs
2. Tell me if any other problems or issues exist.

[pa.pete]

godawgs,
The first time I ran the OTL. in the extras txt. Last 10 event log errors, it listed an error I can't remember what it was and I forgot to save it. I followed post #33 and cleared the logs, then ran the OTL again, in the last 10 event log errors it lists 2 errors now "invalid parameter" and "display is not active". Everything else seems to be working fine.
Pete

[godawgs]

Please post the last Extras.txt log. It should be on the desktop. If you can't find it, follow Step 2 in post 43 but this time post the Extras.txt log