[paukid]

Okay, so I am totally not a computer pro but not totally lost either

Over the past several months when I would go to certain websites and then close out of them, my computer would open the webpage i just clicked out of and not only open it once, but over and over and over again. As quickly as I try to close, more would open. I eventually have to use the Windows Task Manager to shut down everything. At first this didnt happen too frequently but its progressively gotten worse as the weeks have gone by. Now, since yesterday, when I am in my MSN messenger acccount, it would allow to check my mail and I keep getting a "blank" page with "error" on the bottom and cant see my mail.

I am have Avasti Anit-Virus and have run Malwarebytes Anti Malware but nothing comes up. But I am pretty sure I have something going on. My computer no longer works as well as it used to and I am sure there is a virus of malware causing my issues.

Can someone please help me find out what this is and help me remove it? Please!

thank you so much
Paul

Edited by paukid, 03 August 2012 - 05:58 PM.

[Advertisements]

Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report
Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Check the box that says Scan All Users.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

[Gammo]

Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report
Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Check the box that says Scan All Users.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

[paukid]

Hello
first let me say THANK YOU soooo much!! I am totally lost here! I did what you said and I will email them both you one at a time. Right now I am cant open much. It seems all my microsoft programs wont open. No Word documents, Excel etc. Internet Explorer also wont open nor will any videos in media player or any games i have. I can get AOL to open but not by a left click, only by a right click and OPEN. Same with Google Chrome which is what I am using as Explorer is not working now

Okay, here is OTL.txt below. Extras to follow

OTL logfile created on: 8/9/2012 6:16:44 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\ME\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 2.07 Gb Available Physical Memory | 75.35% Memory free
6.79 Gb Paging File | 6.22 Gb Available in Paging File | 91.58% Paging File free
Paging file location(s): C:\pagefile.sys 4300 7000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 461.06 Gb Total Space | 231.56 Gb Free Space | 50.22% Space Free | Partition Type: NTFS
Drive E: | 3.43 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: PAUKID | User Name: ME | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/09 18:13:13 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ME\My Documents\Downloads\OTL.exe
PRC - [2012/08/06 05:57:44 | 000,031,808 | ---- | M] (Just Develop It) -- C:\Program Files\JustCloud\BackupStack.exe
PRC - [2012/07/12 16:52:04 | 001,289,732 | ---- | M] (NCH Software) -- C:\Program Files\NCH Software\Eyeline\eyeline.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/07/03 12:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/07/03 12:21:27 | 000,133,912 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/08 03:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files\Common Files\AOL\1171741720\ee\aolupdates.exe
PRC - [2010/03/08 03:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files\Common Files\AOL\1171741720\ee\aolsoftware.exe
PRC - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2010/01/12 02:01:00 | 000,201,216 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIGAA.EXE
PRC - [2009/08/20 10:24:08 | 016,883,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SoftwareDistribution\Download\Install\IE8-WindowsXP-x86-ENU.exe
PRC - [2009/07/10 15:03:24 | 001,113,696 | ---- | M] (Microsoft Corporation) -- c:\747afd3070833fb001ebf5d04f\update\iesetup.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/26 17:33:00 | 000,135,168 | ---- | M] (Vimicro Corporation) -- C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe
PRC - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2006/07/27 08:19:00 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2003/08/27 12:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/09 04:10:14 | 001,793,024 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12080900\algo.dll
MOD - [2012/08/08 15:06:56 | 001,793,024 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12080801\algo.dll
MOD - [2012/06/13 21:20:43 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012/06/13 21:20:35 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012/06/13 21:17:31 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/13 21:17:20 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/06/13 21:15:38 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/06/13 21:15:35 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/06/13 21:15:34 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2012/05/22 21:49:28 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\29bce0113d611084a9329349e33528ac\System.EnterpriseServices.ni.dll
MOD - [2012/05/22 21:47:13 | 000,679,936 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\129b15861e200613ff78ae15581f9093\System.Security.ni.dll
MOD - [2012/05/22 21:47:10 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/22 21:25:28 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/22 21:24:09 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/22 21:24:02 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/05/15 06:18:00 | 001,570,624 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nView.dll
MOD - [2012/05/15 06:18:00 | 000,357,184 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvShell.dll
MOD - [2011/11/03 11:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/04/18 09:58:58 | 000,904,704 | ---- | M] () -- C:\Program Files\JustCloud\x86\System.Data.SQLite.dll
MOD - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
MOD - [2006/10/20 01:34:18 | 000,118,784 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\dlcqdrpp.dll
MOD - [2006/06/15 06:28:24 | 000,012,288 | ---- | M] () -- C:\Program Files\Dell PC Fax\dlctrstr.dll
MOD - [2006/06/15 06:04:32 | 000,040,960 | ---- | M] () -- C:\WINDOWS\system32\DLPRMON.DLL
MOD - [2006/06/15 06:01:58 | 000,032,768 | ---- | M] () -- C:\Program Files\Dell PC Fax\ipcmt.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/08/06 05:57:44 | 000,031,808 | ---- | M] (Just Develop It) [Auto | Running] -- C:\Program Files\JustCloud\BackupStack.exe -- (BackupStack)
SRV - [2012/08/03 08:51:47 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/12 16:52:04 | 001,289,732 | ---- | M] (NCH Software) [Auto | Running] -- C:\Program Files\NCH Software\Eyeline\eyeline.exe -- (EyelineService)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/07/03 12:21:27 | 000,133,912 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2012/05/15 06:18:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011/12/12 13:17:04 | 001,030,112 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe -- (DMRepairService)
SRV - [2011/12/12 13:16:54 | 001,038,304 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe -- (DMDefragService)
SRV - [2011/12/12 13:16:40 | 000,793,056 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2008/05/02 03:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2006/11/03 15:44:28 | 000,537,480 | ---- | M] ( ) [Disabled | Stopped] -- C:\WINDOWS\system32\dlcqcoms.exe -- (dlcq_device)
SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2003/08/27 12:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\CM106.sys -- (USBMULCD)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/07/12 16:53:37 | 000,037,656 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stdriverx86.sys -- (stdriver)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/07/03 12:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/07/03 12:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/07/03 12:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/07/03 12:21:53 | 000,202,928 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2012/07/03 12:21:53 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/07/03 12:21:53 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/07/03 12:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/07/03 12:21:53 | 000,018,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012/07/03 12:21:52 | 000,113,776 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2012/07/03 12:21:52 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/12/12 13:17:34 | 000,128,120 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCTDSMon.sys -- (PCTDSMon)
DRV - [2011/12/12 13:17:28 | 000,108,864 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCTDMDefrag.sys -- (PCTDMDefrag)
DRV - [2011/05/27 11:12:33 | 000,017,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hitmanpro35.sys -- (hitmanpro35)
DRV - [2011/05/10 07:40:58 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\aswNdis.sys -- (aswNdis)
DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/03/11 14:13:10 | 000,252,032 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMUVC.sys -- (VMUVC)
DRV - [2008/11/12 16:59:08 | 000,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008/11/12 16:59:06 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2008/07/15 18:12:38 | 001,173,016 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2008/07/15 18:11:14 | 000,092,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2008/07/15 18:10:28 | 000,157,208 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2008/07/15 18:09:44 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2008/07/15 18:08:36 | 000,127,000 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2008/07/15 18:08:08 | 000,347,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2008/07/15 18:07:18 | 000,527,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k)
DRV - [2008/07/15 18:06:46 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2008/07/15 17:23:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - [2008/07/15 17:23:22 | 000,170,520 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - [2008/07/15 17:22:46 | 001,323,544 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV - [2008/07/01 11:12:32 | 000,398,720 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vvftUVC.sys -- (vvftUVC)
DRV - [2008/04/13 14:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 14:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2008/02/29 04:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008/02/29 04:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 04:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2006/10/19 11:20:06 | 000,010,664 | ---- | M] (Applied Networking Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gan_adapter.sys -- (hamachi_oem)
DRV - [2006/08/03 06:40:40 | 000,105,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2006/07/27 08:24:28 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/03/09 08:25:00 | 000,143,872 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/02/04 23:09:06 | 000,380,800 | ---- | M] (Lumanate, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Angel2.sys -- (Angel2)
DRV - [2005/09/29 08:34:58 | 000,056,960 | ---- | M] (OrangeWare Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ousb2hub.sys -- (ousb2hub)
DRV - [2005/09/29 08:34:50 | 000,045,824 | ---- | M] (OrangeWare Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ousbehci.sys -- (ousbehci)
DRV - [2003/01/10 17:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)
DRV - [1999/09/10 07:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070104
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co...html?channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070104
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070104
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070104
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-1359408678-2099340390-3988896321-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co...html?channel=us
IE - HKU\S-1-5-21-1359408678-2099340390-3988896321-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co...html?channel=us
IE - HKU\S-1-5-21-1359408678-2099340390-3988896321-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.yhs4.searc...831,19249,0,8,0
IE - HKU\S-1-5-21-1359408678-2099340390-3988896321-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1359408678-2099340390-3988896321-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1359408678-2099340390-3988896321-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AA 7A DE 67 BB 6E CD 01 [binary data]
IE - HKU\S-1-5-21-1359408678-2099340390-3988896321-1006\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKU\S-1-5-21-1359408678-2099340390-3988896321-1006\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-1359408678-2099340390-3988896321-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1359408678-2099340390-3988896321-1006\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...0000019b91b4c90
IE - HKU\S-1-5-21-1359408678-2099340390-3988896321-1006\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...s}&locale=en_US
IE - HKU\S-1-5-21-1359408678-2099340390-3988896321-1006\..\SearchScopes\{52B7FCF5-B7BE-4ADC-938D-30E29AA867E6}: "URL" = http://search.yahoo....0831,6901,0,8,0
IE - HKU\S-1-5-21-1359408678-2099340390-3988896321-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1359408678-2099340390-3988896321-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.aol.com"
FF - prefs.js..browser.search.selectedEngine: "AIM Search"
FF - prefs.js..keyword.URL: "http://slirsredirect...ir=2706&query="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007/06/01 10:11:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/03/24 08:09:33 | 000,000,000 | ---D | M]

[2012/08/04 20:53:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ME\Application Data\Mozilla\Firefox\Profiles\85m9xln3.default\extensions
[2012/08/04 20:53:16 | 000,000,000 | ---D | M] (ShopToWin17) -- C:\Documents and Settings\ME\Application Data\Mozilla\Firefox\Profiles\85m9xln3.default\extensions\{6cfa2c5b-274f-4d68-a6e4-bfb31acd5ee4}
[2008/04/22 20:17:49 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Documents and Settings\ME\Application Data\Mozilla\Firefox\Profiles\85m9xln3.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2009/10/02 20:49:01 | 000,000,000 | ---D | M] (Microsoft Choice Guard) -- C:\Documents and Settings\ME\Application Data\Mozilla\Firefox\Profiles\85m9xln3.default\extensions\ChoiceGuard@Microsoft
[2012/05/23 20:52:23 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\ME\Application Data\Mozilla\Firefox\Profiles\85m9xln3.default\extensions\[email protected]
[2010/02/04 17:45:40 | 000,002,254 | ---- | M] () -- C:\Documents and Settings\ME\Application Data\Mozilla\Firefox\Profiles\85m9xln3.default\searchplugins\askcom.xml
[2007/06/01 10:11:46 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MOZILLA\FIREFOX EXTENSIONS\{3112CA9C-DE6D-4884-A869-9855DE68056C}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\[email protected]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://search.babylo...0000019b91b4c90
CHR - Extension: Entanglement = C:\Documents and Settings\ME\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\ME\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: Poppit = C:\Documents and Settings\ME\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\ME\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2011/05/27 09:11:30 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-1359408678-2099340390-3988896321-1006\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - No CLSID value found.
O3 - HKU\S-1-5-21-1359408678-2099340390-3988896321-1006\..\Toolbar\ShellBrowser: (no name) - {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} - No CLSID value found.
O3 - HKU\S-1-5-21-1359408678-2099340390-3988896321-1006\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - No CLSID value found.
O3 - HKU\S-1-5-21-1359408678-2099340390-3988896321-1006\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1171741720\ee\aolsoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [VMonitorVMUVC] C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe (Vimicro Corporation)
O4 - HKU\S-1-5-21-1359408678-2099340390-3988896321-1006..\Run: [EPSON NX620 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGAA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\.DEFAULT..\RunOnce: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
O4 - HKU\S-1-5-18..\RunOnce: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1359408678-2099340390-3988896321-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1359408678-2099340390-3988896321-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-1359408678-2099340390-3988896321-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKU\S-1-5-21-1359408678-2099340390-3988896321-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKU\S-1-5-21-1359408678-2099340390-3988896321-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKU\S-1-5-21-1359408678-2099340390-3988896321-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKU\S-1-5-21-1359408678-2099340390-3988896321-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1
O7 - HKU\S-1-5-21-1359408678-2099340390-3988896321-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-1359408678-2099340390-3988896321-1006\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech....Detection32.cab (Reg Error: Key error.)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (Reg Error: Key error.)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/...UI.cab55579.cab (Reg Error: Key error.)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} http://fpdownload2.m...ash/swflash.cab (MetaStreamCtl Class)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/...dy.cab55579.cab (MSN Games – Buddy Invite)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/...at.cab55579.cab (MSN Games – Game Chat)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1203786165421 (MUWebControl Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} http://zone.msn.com/...of.cab55579.cab (ZPA_WheelOfFortune Object)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} http://zone.msn.com/...tz.cab99160.cab (MSN Games – Hearts)
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} http://zone.msn.com/...he.cab79352.cab (MSN Games – Texas Holdem Poker)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/...xy.cab55579.cab (MSN Games – Game Communicator)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} http://zone.msn.com/...rp.cab56961.cab (ChessControl Class)
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} http://zone.msn.com/...PA.cab55579.cab (CheckersZPA Object)
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} http://zone.msn.com/...on.cab64162.cab (MSN Games – Backgammon)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.254.2 167.206.254.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89AF5929-1A46-4276-B83E-F8527C5CA95C}: DhcpNameServer = 167.206.254.2 167.206.254.1
O18 - Protocol\Handler\mhtml - No CLSID value found
O18 - Protocol\Handler\wlmailhtml - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logitech\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\ME\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\ME\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 06:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk /k:\??\C: *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/09 03:00:13 | 000,000,000 | ---D | C] -- C:\747afd3070833fb001ebf5d04f
[2012/08/08 18:19:46 | 000,000,000 | ---D | C] -- C:\7d3cb50f9af876c8e9d870d39ca2
[2012/08/07 22:01:30 | 000,000,000 | ---D | C] -- C:\1c34bbd4805baba3a112f91957
[2012/08/07 03:00:14 | 000,000,000 | ---D | C] -- C:\ae947c7caf017d408e28d726c47234
[2012/08/06 18:18:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ME\SyncFolder
[2012/08/06 18:15:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ME\Start Menu\Programs\JustCloud
[2012/08/06 18:15:26 | 000,000,000 | ---D | C] -- C:\Program Files\JustCloud
[2012/08/06 07:33:22 | 000,000,000 | ---D | C] -- C:\7acdaa2495b90f76693344
[2012/08/05 12:31:19 | 000,000,000 | ---D | C] -- C:\2b259c5d11c8500b0318563e
[2012/08/05 11:48:01 | 000,000,000 | ---D | C] -- C:\e481a584ec95bb35b9a599c13a
[2012/08/05 08:25:06 | 000,000,000 | ---D | C] -- C:\06a69f3f19f7f9150bfd3f3648be5e
[2012/08/05 08:07:38 | 000,000,000 | ---D | C] -- C:\e561c0d8b11805ce14d6153eccd2
[2012/08/05 06:00:15 | 000,000,000 | ---D | C] -- C:\62395aec449060b9e2086d
[2012/08/04 22:40:00 | 000,000,000 | ---D | C] -- C:\14fe568a6b3dcf1d5816c7d4ee
[2012/08/04 21:56:37 | 000,000,000 | ---D | C] -- C:\a80f5c3737434fc907
[2012/08/04 21:41:07 | 000,000,000 | ---D | C] -- C:\8e7e3f5f9291050dd87355c042aacb
[2012/08/04 20:53:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ME\My Documents\ShopToWin
[2012/08/04 20:51:07 | 001,561,792 | ---- | C] (W3i, LLC) -- C:\Documents and Settings\ME\Desktop\7zip_installer_1650.exe
[2012/08/04 18:07:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ME\Application Data\MSNInstaller
[2012/07/14 18:53:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ME\Desktop\PCGS
[2012/07/12 16:53:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Audio Related Programs
[2007/01/14 18:43:50 | 000,089,680 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\ME\MSSSerif120.fon
[96 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[92 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/09 17:54:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/09 17:51:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/08/09 07:48:00 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/08/09 01:54:00 | 000,000,874 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/08 22:43:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/08 20:13:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/08 20:13:09 | 2950,008,832 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/07 20:21:56 | 000,054,472 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000004-00001102-00000005-10031102}.rfx
[2012/08/07 20:21:56 | 000,054,472 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000004-00001102-00000005-10031102}.rfx
[2012/08/07 20:21:56 | 000,000,788 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000004-00001102-00000005-10031102}.rfx
[2012/08/05 06:17:41 | 000,008,354 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2012/08/05 06:00:13 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/08/04 20:51:08 | 001,561,792 | ---- | M] (W3i, LLC) -- C:\Documents and Settings\ME\Desktop\7zip_installer_1650.exe
[2012/08/04 19:29:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/08/03 20:52:59 | 000,248,832 | ---- | M] () -- C:\Documents and Settings\ME\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/01 22:34:29 | 000,000,262 | ---- | M] () -- C:\WINDOWS\tasks\debutShakeIcon.job
[2012/07/31 12:33:00 | 000,000,262 | ---- | M] () -- C:\WINDOWS\tasks\prismShakeIcon.job
[2012/07/25 17:21:52 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\ME\Desktop\Microsoft Word 2010.lnk
[2012/07/20 19:43:09 | 000,000,214 | ---- | M] () -- C:\Documents and Settings\ME\Desktop\RAGE.url
[2012/07/19 16:52:00 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\eyelineSevenDays.job
[2012/07/15 19:52:02 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\SoundTapReminder.job
[2012/07/12 16:53:38 | 000,001,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SoundTap Streaming Audio Recorder.lnk
[2012/07/12 16:53:37 | 000,037,656 | ---- | M] () -- C:\WINDOWS\System32\drivers\stdriverx86.sys
[2012/07/12 16:52:05 | 000,000,787 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Eyeline Video System.lnk
[2012/07/12 08:11:34 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/11 08:59:15 | 000,298,048 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[96 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[92 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/04 22:38:18 | 2950,008,832 | -HS- | C] () -- C:\hiberfil.sys
[2012/08/01 22:34:28 | 000,000,262 | ---- | C] () -- C:\WINDOWS\tasks\debutShakeIcon.job
[2012/07/28 12:33:22 | 000,000,262 | ---- | C] () -- C:\WINDOWS\tasks\prismShakeIcon.job
[2012/07/20 19:43:09 | 000,000,214 | ---- | C] () -- C:\Documents and Settings\ME\Desktop\RAGE.url
[2012/07/12 19:52:37 | 000,000,274 | ---- | C] () -- C:\WINDOWS\tasks\SoundTapReminder.job
[2012/07/12 16:53:38 | 000,001,911 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\SoundTap Streaming Audio Recorder.lnk
[2012/07/12 16:53:38 | 000,001,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SoundTap Streaming Audio Recorder.lnk
[2012/07/12 16:53:37 | 000,037,656 | ---- | C] () -- C:\WINDOWS\System32\drivers\stdriverx86.sys
[2012/07/12 16:52:08 | 000,000,270 | ---- | C] () -- C:\WINDOWS\tasks\eyelineSevenDays.job
[2012/07/12 16:52:05 | 000,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Eyeline Video System.lnk
[2012/07/12 16:52:05 | 000,000,787 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Eyeline Video System.lnk
[2012/07/07 19:37:55 | 000,140,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2012/07/07 19:37:54 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\ME\Application Data\PnkBstrK.sys
[2012/07/07 19:37:23 | 000,298,016 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2012/07/07 19:37:16 | 003,130,440 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_blr.exe
[2012/07/07 19:37:16 | 000,076,888 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2012/05/03 19:49:04 | 000,082,227 | ---- | C] () -- C:\Documents and Settings\ME\Application Data\mv.db
[2012/05/03 19:49:04 | 000,000,058 | ---- | C] () -- C:\Documents and Settings\ME\Application Data\settings.ini
[2012/03/02 21:24:33 | 009,342,976 | ---- | C] () -- C:\Documents and Settings\ME\s-1-5-21-1359408678-2099340390-3988896321-1006.rrr
[2012/03/02 19:27:22 | 000,037,344 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe
[2012/02/15 03:30:33 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/27 09:00:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2012/01/26 20:27:27 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2012/01/26 20:27:27 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2012/01/26 20:27:27 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2012/01/26 20:27:27 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2012/01/26 20:27:27 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2012/01/26 20:27:27 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2012/01/26 20:27:27 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2012/01/26 20:27:27 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2012/01/26 20:27:27 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2012/01/26 20:27:27 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2012/01/26 20:27:27 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2012/01/26 20:27:27 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2012/01/26 20:27:27 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2012/01/26 20:27:27 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2012/01/26 20:27:27 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2012/01/26 20:27:27 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2012/01/26 20:26:00 | 000,000,079 | ---- | C] () -- C:\WINDOWS\ENX625.ini
[2011/09/12 19:28:34 | 000,000,173 | ---- | C] () -- C:\WINDOWS\CmdFile.INI
[2011/05/27 09:59:45 | 000,017,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/05/21 06:01:00 | 002,807,708 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2010/10/18 20:56:00 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/10/14 02:36:44 | 000,179,263 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/09/26 11:45:01 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\ME\Application Data\setup_ldm.iss
[2007/11/23 17:24:53 | 000,001,362 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/01/13 02:18:17 | 000,248,832 | ---- | C] () -- C:\Documents and Settings\ME\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/13 01:30:57 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\ME\Local Settings\Application Data\fusioncache.dat

========== LOP Check ==========

[2008/04/14 21:18:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Viewpoint
[2008/12/01 06:33:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/05/30 11:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/05/27 12:27:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/05/23 20:52:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2007/01/14 17:14:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2011/08/20 09:28:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJ
[2011/07/02 13:29:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2007/05/07 00:45:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2007/05/07 00:05:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenu
[2010/11/28 13:19:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Mender
[2012/03/11 20:29:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2012/03/18 11:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Logs
[2012/03/11 20:29:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2012/01/26 20:31:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2011/05/27 11:10:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2012/03/11 19:28:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Origin
[2008/10/25 14:59:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2008/01/09 20:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2010/05/03 18:22:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2012/06/06 12:13:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/03/27 23:48:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/11/07 20:53:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2012/03/04 00:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Epson
[2008/09/12 23:43:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\acccore
[2008/04/26 09:01:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\Aim
[2010/10/24 00:55:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\Auslogics
[2012/05/23 20:52:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\Babylon
[2012/02/03 21:06:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\Canon
[2010/04/17 12:37:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\CNC_Generals_World
[2010/04/18 19:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\Command & Conquer 3 Kane's Wrath
[2010/04/16 16:49:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\Command & Conquer 3 Tiberium Wars
[2010/09/04 16:58:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\Command and Conquer 4
[2012/03/24 08:10:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\DDMSettings
[2012/01/27 05:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\Epson
[2009/03/28 16:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\gnupg
[2007/01/14 18:43:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\Leadertech
[2012/05/23 20:53:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\Media Player Lite
[2012/08/04 18:07:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\MSNInstaller
[2012/03/11 19:25:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\Origin
[2011/01/01 16:28:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\PriceGong
[2012/03/02 19:25:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\Product_PT
[2011/11/12 12:17:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\Product_RM
[2011/11/12 22:00:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\Registry Mechanic
[2008/05/24 11:27:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\SmartDraw
[2010/10/30 20:32:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\Uniblue
[2008/08/09 06:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\Windows Search
[2012/08/09 07:48:00 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job
[2012/08/01 22:34:29 | 000,000,262 | ---- | M] () -- C:\WINDOWS\Tasks\debutShakeIcon.job
[2012/07/19 16:52:00 | 000,000,270 | ---- | M] () -- C:\WINDOWS\Tasks\eyelineSevenDays.job
[2012/07/31 12:33:00 | 000,000,262 | ---- | M] () -- C:\WINDOWS\Tasks\prismShakeIcon.job
[2012/07/15 19:52:02 | 000,000,274 | ---- | M] () -- C:\WINDOWS\Tasks\SoundTapReminder.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F8F5844
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D786AE3
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:73933431
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >

[paukid]

here is the Extras

OTL Extras logfile created on: 8/9/2012 6:16:44 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\ME\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 2.07 Gb Available Physical Memory | 75.35% Memory free
6.79 Gb Paging File | 6.22 Gb Available in Paging File | 91.58% Paging File free
Paging file location(s): C:\pagefile.sys 4300 7000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 461.06 Gb Total Space | 231.56 Gb Free Space | 50.22% Space Free | Partition Type: NTFS
Drive E: | 3.43 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: PAUKID | User Name: ME | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1359408678-2099340390-3988896321-1006\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 4

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
"C:\WINDOWS\system32\dlcqcoms.exe" = C:\WINDOWS\system32\dlcqcoms.exe:*:Enabled:Lexmark Communications System -- ( )
"C:\Program Files\Common Files\AOL\1171741720\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1171741720\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- (AOL Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"C:\Program Files\Steam\SteamApps\paukid\team fortress 2\hl2.exe" = C:\Program Files\Steam\SteamApps\paukid\team fortress 2\hl2.exe:*:Disabled:hl2 -- ()
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL Inc.)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\AOL 9.1\waol.exe" = C:\Program Files\AOL 9.1\waol.exe:*:Enabled:AOL -- (AOL, LLC.)
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL Inc.)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information -- (AOL Inc.)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\AOL Desktop 9.6\waol.exe" = C:\Program Files\AOL Desktop 9.6\waol.exe:*:Enabled:AOL Desktop 9.6 -- (AOL Inc.)
"C:\Program Files\Steam\steamapps\common\command and conquer 3 tiberium wars\CNC3.exe" = C:\Program Files\Steam\steamapps\common\command and conquer 3 tiberium wars\CNC3.exe:*:Enabled:Command and Conquer 3: Tiberium Wars -- (Electronic Arts Inc.)
"C:\Program Files\Steam\steamapps\common\command and conquer 3 tiberium wars\Support\EA Help\Electronic_Arts_Technical_Support.htm" = C:\Program Files\Steam\steamapps\common\command and conquer 3 tiberium wars\Support\EA Help\Electronic_Arts_Technical_Support.htm:*:Enabled:Command and Conquer 3: Tiberium Wars -- ()
"C:\Program Files\Steam\steamapps\common\mass effect 2\docs\EA Help\Electronic_Arts_Technical_Support.htm" = C:\Program Files\Steam\steamapps\common\mass effect 2\docs\EA Help\Electronic_Arts_Technical_Support.htm:*:Enabled:Mass Effect 2
"C:\Program Files\Steam\steamapps\common\fallout 3 goty\FalloutLauncher.exe" = C:\Program Files\Steam\steamapps\common\fallout 3 goty\FalloutLauncher.exe:*:Enabled:Fallout 3 - Game of the Year Edition -- (Bethesda Softworks)
"C:\Program Files\Origin Games\Mass Effect 3\Binaries\Win32\MassEffect3.exe" = C:\Program Files\Origin Games\Mass Effect 3\Binaries\Win32\MassEffect3.exe:*:Enabled:Mass Effect™ 3 -- (BioWare)
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Program Files\Steam\steamapps\common\blacklightretribution\Blacklight Retribution.exe" = C:\Program Files\Steam\steamapps\common\blacklightretribution\Blacklight Retribution.exe:*:Enabled:Blacklight: Retribution -- ()
"C:\Program Files\Steam\steamapps\common\RAGE\Rage.exe" = C:\Program Files\Steam\steamapps\common\RAGE\Rage.exe:*:Enabled:RAGE -- (id Software)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ9602" = CanoScan 9000F Scanner Driver
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21A127AE-2DAF-40B7-8374-34C3E629521C}" = Far Cry (Patch 1.3)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 29
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C662203-292F-4E9D-AE02-281071C06903}" = Far Cry (Patch 1.33)
"{3E7940A4-495B-4DC5-B5C9-D2EE1DE9E5EF}" = Call of Juarez
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}" = Google Earth
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{46C73DE4-E96D-4F7C-8371-F28052183B12}" = Advanced Decoder Patch
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E27575D-3EC5-49E9-AADD-BC2520609642}" = CNC 3 Map Manager
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5A8892A3-36BB-411E-85AA-6AEA544D028B}" = Far Cry (Patch 1.4)
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5BF2B19D-9C79-492A-8969-F059F06A627F}" = Print to Fax
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A9D1594-7791-48f5-9CAA-DE9BCB968320}" = Mass Effect™ 3
"{6CC95B76-D380-46B2-9022-9353938E48BA}" = Logitech GamePanel Software 3.03.133
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71A51A91-E7D3-11DB-A386-005056C00008}" = Digital microscope
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{8C3C4EBD-EB8F-44A2-A571-241CDECBB266}" = VideoMate for You/Stereo Driver
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3D88A98-506E-4CFC-B294-E256C679B0EE}" = Microsoft Store Download Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA027AE9-DD20-4677-AA72-D760A358320B}" = Microsoft VC9 runtime libraries
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.27
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D792A069-B96B-40BA-BCB4-E5651A6E5926}" = Far Cry (Patch 1)
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E1C7EF5E-3A7B-4ED4-A48B-F70F1B36EAB4}" = Corel Paint Shop Pro Photo XI
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E8C06CB3-5DB2-4689-B1DC-4A0220DEA96C}" = Consumer Complete Care Services Agreement
"{ED8EF3C2-FA5B-4A1E-950D-5A0227161F97}" = ArcSoft PhotoStudio 6
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EE8592F6-FC2B-4AFD-B527-109D127C039F}" = Far Cry (Patch 1.31)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}" = Broadcom Management Programs
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIM_6" = AIM 6
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"avast" = avast! Internet Security
"Canon CanoScan 9000F User Registration" = Canon CanoScan 9000F User Registration
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Debut" = Debut Video Capture Software
"Dell PC Fax" = Dell PC Fax
"Dell Photo AIO Printer 966" = Dell Photo AIO Printer 966
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX Setup
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"EPSON NX620 Series" = EPSON NX620 Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"Eyeline" = Eyeline Video System
"FLV Player" = FLV Player 2.0 (build 25)
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{E03B44A3-9237-4B55-B7A5-DB1DD46920D3}" = Wolfenstein™ 1.1 Patch
"JustCloud" = JustCloud
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"MediaPlayerLite" = MediaPlayerLite 0.3
"MicroCapture" = MicroCapture 2.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MP Navigator EX 3.1" = Canon MP Navigator EX 3.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Origin" = Origin
"PC Tools Utilities_is1" = PC Tools Performance Toolkit 2.0
"Prism" = Prism Video File Converter
"PunkBusterSvc" = PunkBuster Services
"Puran Defrag Free Edition_is1" = Puran Defrag Free Edition 7.1
"RealAlt_is1" = Real Alternative 1.60
"Revo Uninstaller" = Revo Uninstaller 1.90
"SoundTap" = SoundTap Streaming Audio Recorder
"Steam App 209870" = Blacklight: Retribution
"Steam App 22370" = Fallout 3 - Game of the Year Edition
"Steam App 24790" = Command and Conquer 3: Tiberium Wars
"Steam App 440" = Team Fortress 2
"Steam App 9200" = RAGE
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WebCam Monitor_is1" = WebCam Monitor 3.66
"WhoCrashed_is1" = WhoCrashed 3.03
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/9/2012 2:27:06 PM | Computer Name = PAUKID | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/9/2012 2:27:06 PM | Computer Name = PAUKID | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/9/2012 3:03:27 PM | Computer Name = PAUKID | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/9/2012 3:03:27 PM | Computer Name = PAUKID | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/9/2012 4:25:06 PM | Computer Name = PAUKID | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/9/2012 4:25:06 PM | Computer Name = PAUKID | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/9/2012 4:39:27 PM | Computer Name = PAUKID | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/9/2012 4:39:27 PM | Computer Name = PAUKID | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/9/2012 6:23:06 PM | Computer Name = PAUKID | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/9/2012 6:23:06 PM | Computer Name = PAUKID | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

[ Application Events ]
Error - 8/9/2012 2:27:06 PM | Computer Name = PAUKID | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/9/2012 2:27:06 PM | Computer Name = PAUKID | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/9/2012 3:03:27 PM | Computer Name = PAUKID | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/9/2012 3:03:27 PM | Computer Name = PAUKID | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/9/2012 4:25:06 PM | Computer Name = PAUKID | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/9/2012 4:25:06 PM | Computer Name = PAUKID | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/9/2012 4:39:27 PM | Computer Name = PAUKID | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/9/2012 4:39:27 PM | Computer Name = PAUKID | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/9/2012 6:23:06 PM | Computer Name = PAUKID | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/9/2012 6:23:06 PM | Computer Name = PAUKID | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

[ System Events ]
Error - 8/8/2012 6:18:08 PM | Computer Name = PAUKID | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft Management
Console
(MMC).

Error - 8/8/2012 6:18:08 PM | Computer Name = PAUKID | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

Error - 8/8/2012 6:18:10 PM | Computer Name = PAUKID | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
nvraid

Error - 8/8/2012 6:18:44 PM | Computer Name = PAUKID | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NVSvc service.

Error - 8/8/2012 8:03:45 PM | Computer Name = PAUKID | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft Management
Console
(MMC).

Error - 8/8/2012 8:03:45 PM | Computer Name = PAUKID | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

Error - 8/8/2012 8:03:52 PM | Computer Name = PAUKID | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
nvraid

Error - 8/8/2012 8:15:17 PM | Computer Name = PAUKID | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft Management
Console
(MMC).

Error - 8/8/2012 8:15:17 PM | Computer Name = PAUKID | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

Error - 8/8/2012 8:15:48 PM | Computer Name = PAUKID | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
nvraid

[ System Events ]
Error - 8/8/2012 6:18:08 PM | Computer Name = PAUKID | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft Management
Console
(MMC).

Error - 8/8/2012 6:18:08 PM | Computer Name = PAUKID | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

Error - 8/8/2012 6:18:10 PM | Computer Name = PAUKID | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
nvraid

Error - 8/8/2012 6:18:44 PM | Computer Name = PAUKID | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NVSvc service.

Error - 8/8/2012 8:03:45 PM | Computer Name = PAUKID | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft Management
Console
(MMC).

Error - 8/8/2012 8:03:45 PM | Computer Name = PAUKID | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

Error - 8/8/2012 8:03:52 PM | Computer Name = PAUKID | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
nvraid

Error - 8/8/2012 8:15:17 PM | Computer Name = PAUKID | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft Management
Console
(MMC).

Error - 8/8/2012 8:15:17 PM | Computer Name = PAUKID | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

Error - 8/8/2012 8:15:48 PM | Computer Name = PAUKID | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
nvraid


< End of report >

[Gammo]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  IE - HKU\S-1-5-21-1359408678-2099340390-3988896321-1006\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...0000019b91b4c90
  IE - HKU\S-1-5-21-1359408678-2099340390-3988896321-1006\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...s}&locale=en_US
  FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
  [2012/08/04 20:53:16 | 000,000,000 | ---D | M] (ShopToWin17) -- C:\Documents and Settings\ME\Application Data\Mozilla\Firefox\Profiles\85m9xln3.default\extensions\{6cfa2c5b-274f-4d68-a6e4-bfb31acd5ee4}
  [2012/05/23 20:52:23 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\ME\Application Data\Mozilla\Firefox\Profiles\85m9xln3.default\extensions\[email protected]
  [2010/02/04 17:45:40 | 000,002,254 | ---- | M] () -- C:\Documents and Settings\ME\Application Data\Mozilla\Firefox\Profiles\85m9xln3.default\searchplugins\askcom.xml
  [2012/08/04 20:53:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ME\My Documents\ShopToWin
  [96 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
  [92 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
  [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
  [2008/04/14 21:18:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Viewpoint
  [2012/05/23 20:52:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
  [2011/03/27 23:48:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
  [2012/05/23 20:52:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\Babylon
  [2011/01/01 16:28:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\PriceGong
  
  :Services
  
  :Reg
  
  :Files
  ipconfig /flushdns /c
  C:\Program Files\Viewpoint
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [emptyflash]
  [createrestorepoint]
  [reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
• Accept the disclaimer and allow to update if it asks
  
  
  
  
  
• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

[paukid]

hello
I pasted your work into OTL and its been running for several hours now. I have a feeling the machine froze up. It says "kILLING PROCESSES. DO NOT INTERRUPT" on hte bottom of the OTL screen but it doesnt look like its actually working.

Does it normally take this long? Should I manually shout down and try again?

thanks so much for helping

Paul

[Gammo]

Should I manually shout down and try again?

Yes please do. If it takes more than 15 minutes you manually shut it down again and continue with ComboFix (the second part of instructions from my previous post).

[paukid]

okay great!
I will do that right now

[paukid]

Hello
here is the combo fix log
Paul

H=ComboFix 12-08-09.01 - ME 08/10/2012 18:10:05.8.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2813.1932 [GMT -4:00]
Running from: c:\documents and settings\ME\My Documents\Downloads\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\ME\Application Data\PriceGong
c:\documents and settings\ME\Application Data\PriceGong\Data\1.xml
c:\documents and settings\ME\Application Data\PriceGong\Data\a.xml
c:\documents and settings\ME\Application Data\PriceGong\Data\b.xml
c:\documents and settings\ME\Application Data\PriceGong\Data\c.xml
c:\documents and settings\ME\Application Data\PriceGong\Data\d.xml
c:\documents and settings\ME\Application Data\PriceGong\Data\e.xml
c:\documents and settings\ME\Application Data\PriceGong\Data\f.xml
c:\documents and settings\ME\Application Data\PriceGong\Data\g.xml
c:\documents and settings\ME\Application Data\PriceGong\Data\h.xml
c:\documents and settings\ME\Application Data\PriceGong\Data\i.xml
c:\documents and settings\ME\Application Data\PriceGong\Data\J.xml
c:\documents and settings\ME\Application Data\PriceGong\Data\k.xml
c:\documents and settings\ME\Application Data\PriceGong\Data\l.xml
c:\documents and settings\ME\Application Data\PriceGong\Data\m.xml
c:\documents and settings\ME\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\ME\Application Data\PriceGong\Data\n.xml
c:\documents and settings\ME\Application Data\PriceGong\Data\o.xml
c:\documents and settings\ME\Application Data\PriceGong\Data\p.xml
c:\documents and settings\ME\Application Data\PriceGong\Data\q.xml
c:\documents and settings\ME\Application Data\PriceGong\Data\r.xml
c:\documents and settings\ME\Application Data\PriceGong\Data\s.xml
c:\documents and settings\ME\Application Data\PriceGong\Data\t.xml
c:\documents and settings\ME\Application Data\PriceGong\Data\u.xml
c:\documents and settings\ME\Application Data\PriceGong\Data\v.xml
c:\documents and settings\ME\Application Data\PriceGong\Data\w.xml
c:\documents and settings\ME\Application Data\PriceGong\Data\x.xml
c:\documents and settings\ME\Application Data\PriceGong\Data\y.xml
c:\documents and settings\ME\Application Data\PriceGong\Data\z.xml
c:\documents and settings\ME\Local Settings\Application Data\Windows Server
c:\documents and settings\ME\Local Settings\Application Data\Windows Server\flags.ini
c:\documents and settings\ME\Local Settings\Application Data\Windows Server\uses32.dat
c:\documents and settings\ME\My Documents\ShopToWin
c:\documents and settings\ME\System
c:\documents and settings\ME\System\win_qs8.jqx
C:\Install.exe
c:\program files\Internet Explorer\SET372.tmp
c:\program files\Internet Explorer\SET373.tmp
c:\program files\Internet Explorer\SET374.tmp
c:\program files\Internet Explorer\SET386.tmp
c:\program files\Internet Explorer\SET387.tmp
c:\program files\Internet Explorer\SET388.tmp
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\SET383.tmp
c:\windows\system32\SET384.tmp
c:\windows\system32\SET385.tmp
c:\windows\system32\SET386.tmp
c:\windows\system32\SET387.tmp
c:\windows\system32\SET388.tmp
c:\windows\system32\SET389.tmp
c:\windows\system32\SET38A.tmp
c:\windows\system32\SET38B.tmp
c:\windows\system32\SET38C.tmp
c:\windows\system32\SET38D.tmp
c:\windows\system32\SET38E.tmp
c:\windows\system32\SET38F.tmp
c:\windows\system32\SET390.tmp
c:\windows\system32\SET391.tmp
c:\windows\system32\SET392.tmp
c:\windows\system32\SET393.tmp
c:\windows\system32\SET394.tmp
c:\windows\system32\SET395.tmp
c:\windows\system32\SET396.tmp
c:\windows\system32\SET397.tmp
c:\windows\system32\SET398.tmp
c:\windows\system32\SET399.tmp
c:\windows\system32\SET39A.tmp
c:\windows\system32\SET39B.tmp
c:\windows\system32\SET39C.tmp
c:\windows\system32\SET39D.tmp
c:\windows\system32\SET39E.tmp
c:\windows\system32\SET39F.tmp
c:\windows\system32\SET3A0.tmp
c:\windows\system32\SET3A1.tmp
c:\windows\system32\SET3A2.tmp
c:\windows\system32\SET3A3.tmp
c:\windows\system32\SET3A4.tmp
c:\windows\system32\SET3A5.tmp
c:\windows\system32\SET3A6.tmp
c:\windows\system32\SET3A7.tmp
c:\windows\system32\SET3A8.tmp
c:\windows\system32\SET3A9.tmp
c:\windows\system32\SET3AA.tmp
c:\windows\system32\SET3AB.tmp
c:\windows\system32\SET3AD.tmp
c:\windows\system32\SET3AE.tmp
c:\windows\system32\SET3AF.tmp
c:\windows\system32\SET3B0.tmp
c:\windows\system32\SET3B1.tmp
c:\windows\system32\SET3B2.tmp
c:\windows\system32\SET3B3.tmp
c:\windows\system32\SET3B4.tmp
c:\windows\system32\SET3B5.tmp
c:\windows\system32\SET3B6.tmp
c:\windows\system32\SET3B7.tmp
c:\windows\system32\SET3C7.tmp
c:\windows\system32\SET3C9.tmp
c:\windows\system32\SET3CA.tmp
c:\windows\system32\SET3CB.tmp
c:\windows\system32\SET3CC.tmp
c:\windows\system32\SET3CD.tmp
c:\windows\system32\SET3CE.tmp
c:\windows\system32\SET3CF.tmp
c:\windows\system32\SET3D0.tmp
c:\windows\system32\SET3D1.tmp
c:\windows\system32\SET3D2.tmp
c:\windows\system32\SET3D3.tmp
c:\windows\system32\SET3D4.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-10 to 2012-08-10 )))))))))))))))))))))))))))))))
.
.
2012-08-10 16:30 . 2012-08-10 16:30 -------- d-----w- C:\_OTL
2012-08-10 07:00 . 2012-08-10 07:00 -------- d-----w- C:\f8569b408a79588482
2012-08-09 07:00 . 2012-08-09 23:00 -------- d-----w- C:\747afd3070833fb001ebf5d04f
2012-08-08 22:19 . 2012-08-08 22:19 -------- d-----w- C:\7d3cb50f9af876c8e9d870d39ca2
2012-08-08 02:01 . 2012-08-08 02:01 -------- d-----w- C:\1c34bbd4805baba3a112f91957
2012-08-07 07:00 . 2012-08-07 07:00 -------- d-----w- C:\ae947c7caf017d408e28d726c47234
2012-08-06 22:18 . 2012-08-06 22:18 -------- d-----w- c:\documents and settings\ME\SyncFolder
2012-08-06 22:15 . 2012-08-06 22:27 -------- d-----w- c:\program files\JustCloud
2012-08-06 11:33 . 2012-08-06 11:33 -------- d-----w- C:\7acdaa2495b90f76693344
2012-08-05 16:31 . 2012-08-05 16:31 -------- d-----w- C:\2b259c5d11c8500b0318563e
2012-08-05 15:48 . 2012-08-05 15:48 -------- d-----w- C:\e481a584ec95bb35b9a599c13a
2012-08-05 12:25 . 2012-08-05 12:25 -------- d-----w- C:\06a69f3f19f7f9150bfd3f3648be5e
2012-08-05 12:07 . 2012-08-05 12:07 -------- d-----w- C:\e561c0d8b11805ce14d6153eccd2
2012-08-05 10:00 . 2012-08-05 10:00 -------- d-----w- C:\62395aec449060b9e2086d
2012-08-05 02:40 . 2012-08-05 02:40 -------- d-----w- C:\14fe568a6b3dcf1d5816c7d4ee
2012-08-05 01:56 . 2012-08-05 01:56 -------- d-----w- C:\a80f5c3737434fc907
2012-08-05 01:41 . 2012-08-05 01:41 -------- d-----w- C:\8e7e3f5f9291050dd87355c042aacb
2012-08-04 22:07 . 2012-08-04 22:07 -------- d-----w- c:\documents and settings\ME\Application Data\MSNInstaller
2012-07-12 20:53 . 2012-07-12 20:53 37656 ----a-w- c:\windows\system32\drivers\stdriverx86.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 12:51 . 2012-03-31 12:53 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-03 12:51 . 2011-05-15 13:55 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-07 23:48 . 2012-07-07 23:37 140480 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-07-07 23:48 . 2012-07-07 23:37 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-07-07 23:47 . 2012-07-07 23:47 298016 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-07-07 23:47 . 2012-07-07 23:37 298016 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-07-07 23:37 . 2012-07-07 23:37 138056 ----a-w- c:\documents and settings\ME\Application Data\PnkBstrK.sys
2012-07-07 23:37 . 2012-07-07 23:37 189248 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-07-07 23:36 . 2012-07-07 23:37 3130440 ----a-w- c:\windows\system32\pbsvc_blr.exe
2012-07-03 17:46 . 2011-09-13 02:21 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 16:21 . 2011-05-27 16:28 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2012-02-25 20:26 18544 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-07-03 16:21 . 2011-05-27 16:28 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2011-05-27 16:28 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2011-05-27 16:28 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-07-03 16:21 . 2011-05-27 16:28 202928 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-07-03 16:21 . 2011-05-27 16:28 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-07-03 16:21 . 2011-05-27 16:28 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-07-03 16:21 . 2011-05-27 16:28 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21 . 2011-05-27 16:28 113776 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-07-03 16:21 . 2011-05-27 16:28 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-07-03 16:21 . 2010-07-02 21:25 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 16:21 . 2011-05-27 16:28 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-13 13:19 . 2005-08-16 10:18 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-06 14:38 . 2012-06-06 14:38 52312 ----a-w- c:\windows\system32\drivers\stdriver32.sys
2012-06-05 15:50 . 2008-07-27 13:34 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2005-08-16 10:18 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2005-08-16 10:18 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19 . 2007-06-20 00:37 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2007-06-20 00:37 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2005-08-16 10:40 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2005-08-16 10:40 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2005-08-16 10:40 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2007-06-20 00:37 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2005-08-16 10:40 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2005-08-16 10:40 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2005-08-16 10:18 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2005-05-26 10:16 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2007-06-20 00:37 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2005-08-16 10:40 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2005-08-16 10:40 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 19:18 . 2008-02-24 12:07 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18 . 2008-02-24 12:07 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 19:18 . 2007-07-31 00:18 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2005-08-16 10:18 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-15 15:39 . 2005-08-16 10:18 832512 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 10:18 . 2010-11-13 17:26 883008 ----a-w- c:\windows\system32\nvgenco32.dll
2012-05-15 10:18 . 2010-11-13 17:26 1000768 ----a-w- c:\windows\system32\nvdispco32.dll
2012-05-15 10:18 . 2010-02-08 03:53 65536 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:18 . 2010-02-08 03:52 17543168 ----a-w- c:\windows\system32\nvcompiler.dll
2012-05-15 10:18 . 2009-07-20 15:58 18771968 ----a-w- c:\windows\system32\nvoglnt.dll
2012-05-15 10:18 . 2009-07-20 15:58 6012928 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:18 . 2009-07-20 15:58 2530624 ----a-w- c:\windows\system32\nvcuvid.dll
2012-05-15 10:18 . 2009-07-20 15:58 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-05-15 10:18 . 2009-07-20 15:58 2359808 ----a-w- c:\windows\system32\nvapi.dll
2012-05-15 10:18 . 2005-08-16 10:35 14014656 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-05-15 10:18 . 2005-08-16 10:35 4373248 ----a-w- c:\windows\system32\nv4_disp.dll
2012-05-15 09:40 . 2010-09-11 04:23 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-05-15 09:40 . 2010-09-11 04:23 15504192 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 09:40 . 2010-09-11 04:23 143680 ----a-w- c:\windows\system32\nvcolor.exe
2012-05-15 09:40 . 2010-09-11 04:23 164160 ----a-w- c:\windows\system32\nvsvc32.exe
2012-05-15 09:40 . 2010-09-11 04:23 108352 ----a-w- c:\windows\system32\nvmctray.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="c:\program files\AOL Desktop 9.6\AOL.EXE" [2011-01-13 42320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-05 49152]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-27 282624]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"HostManager"="c:\program files\Common Files\AOL\1171741720\ee\AOLSoftware.exe" [2010-03-08 41800]
"VMonitorVMUVC"="c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe" [2008-03-26 135168]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192]
"NvMediaCenter"="NvMCTray.dll" [2012-05-15 108352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-15 1634112]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"="MIDIDEF.EXE" [2005-11-08 25600]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 07:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:\??\C: *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^ME^Start Menu^Programs^Startup^Epson all-in-one Registration.lnk]
backup=c:\windows\pss\Epson all-in-one Registration.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iYogi Support Dock
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
2008-06-03 05:35 50528 ----a-w- c:\program files\AOL 9.1\aol.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2010-07-13 20:40 70720 ----a-r- c:\program files\Common Files\AOL\ACS\AOLDial.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-27 23:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2009-09-04 01:43 767312 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHELPER]
2006-12-12 15:46 19456 ----a-w- c:\windows\system32\CtHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2008-07-11 19:50 19968 ----a-w- c:\windows\system32\Ctxfihlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLCQCATS]
2006-10-16 05:31 106496 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\dlcqtime.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlcqmon.exe]
2006-06-20 17:37 286720 ----a-w- c:\program files\Dell Photo AIO Printer 966\dlcqmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 09:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2009-12-03 15:12 976320 ----a-w- c:\program files\Epson Software\Event Manager\EEventManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 20:01 67584 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
2006-06-15 10:03 307200 ----a-w- c:\program files\Dell PC Fax\fm3032.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2010-03-08 07:27 41800 ----a-w- c:\program files\Common Files\AOL\1171741720\ee\aolsoftware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 15:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2008-02-29 08:12 76304 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LGDCore]
2009-08-13 22:59 3161608 ----a-w- c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LgDeviceAgent]
2009-08-13 23:02 357384 ----a-w- c:\program files\Logitech\GamePanel Software\LGDevAgt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryCardManager]
2006-06-27 11:34 299008 ----a-w- c:\program files\Dell Photo AIO Printer 966\memcard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 03:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-08-05 10:51 1353080 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 17:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBDetector]
2003-04-01 15:33 53248 ----a-w- c:\usbstorage\USBDetector.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolPanel]
2005-10-14 17:01 122880 ------w- c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wwEngineSvc"=2 (0x2)
"WLSetupSvc"=3 (0x3)
"wlidsvc"=2 (0x2)
"PCToolsSSDMonitorSvc"=2 (0x2)
"gusvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"dlcq_device"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\WINDOWS\\system32\\dlcqcoms.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\1171741720\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Steam\\SteamApps\\paukid\\team fortress 2\\hl2.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AOL Desktop 9.6\\waol.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\command and conquer 3 tiberium wars\\CNC3.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\command and conquer 3 tiberium wars\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"c:\\Program Files\\Steam\\steamapps\\common\\fallout 3 goty\\FalloutLauncher.exe"=
"c:\\Program Files\\Origin Games\\Mass Effect 3\\Binaries\\Win32\\MassEffect3.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\blacklightretribution\\Blacklight Retribution.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\RAGE\\Rage.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [5/27/2011 12:28 PM 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [5/27/2011 12:28 PM 202928]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [5/27/2011 12:28 PM 113776]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2/25/2012 4:26 PM 18544]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/27/2011 12:28 PM 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/27/2011 12:28 PM 353688]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/27/2011 12:28 PM 21256]
R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [5/27/2011 12:28 PM 133912]
R2 BackupStack;Computer Backup (JustCloud);c:\program files\JustCloud\BackupStack.exe [8/6/2012 5:57 AM 31808]
R2 EyelineService;Eyeline Video System;c:\program files\NCH Software\Eyeline\eyeline.exe [7/12/2012 4:52 PM 1289732]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/6/2012 3:46 PM 655944]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [9/26/2009 11:43 AM 45824]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/12/2011 10:21 PM 22344]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [9/26/2009 11:43 AM 56960]
R3 stdriver;SoundTap Upper Filter Driver v6.04.00;c:\windows\system32\drivers\stdriverx86.sys [7/12/2012 4:53 PM 37656]
R3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [5/3/2012 7:18 PM 252032]
R3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [5/3/2012 7:18 PM 398720]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2/21/2012 10:37 PM 1262400]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/31/2012 8:53 AM 250056]
S3 DMDefragService;PC Tools Performance Toolkit Defrag Service;c:\program files\PC Tools\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe [3/2/2012 7:27 PM 1038304]
S3 DMRepairService;PC Tools Performance Toolkit Repair Service;c:\program files\PC Tools\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe [3/2/2012 7:27 PM 1030112]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [10/19/2006 11:20 AM 10664]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [5/27/2011 9:59 AM 17480]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
S3 PCTDMDefrag;PCTDMDefrag;c:\windows\system32\drivers\PCTDMDefrag.sys [3/2/2012 7:27 PM 108864]
S3 PCTDSMon;PCTDSMon;c:\windows\system32\drivers\PCTDSMon.sys [3/2/2012 7:27 PM 128120]
S3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM106.sys --> c:\windows\system32\drivers\CM106.sys [?]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/6/2011 7:43 PM 135664]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/6/2011 7:43 PM 135664]
S4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [3/2/2012 7:27 PM 793056]
S4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [5/30/2010 9:43 AM 229376]
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 12:51]
.
2012-08-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2012-08-10 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-03 16:21]
.
2012-08-02 c:\windows\Tasks\debutShakeIcon.job
- c:\program files\NCH Software\Debut\debut.exe [2012-06-06 14:38]
.
2012-07-19 c:\windows\Tasks\eyelineSevenDays.job
- c:\program files\NCH Software\Eyeline\eyeline.exe [2012-07-12 20:52]
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-06 23:43]
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-06 23:43]
.
2012-07-31 c:\windows\Tasks\prismShakeIcon.job
- c:\program files\NCH Software\Prism\prism.exe [2012-06-06 14:39]
.
2012-07-15 c:\windows\Tasks\SoundTapReminder.job
- c:\program files\NCH Software\SoundTap\soundtap.exe [2012-07-12 20:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,204,0_0,StartPage,20120831,19249,0,8,0
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 167.206.254.1 167.206.254.2
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-Yahoo! Pager - c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-10 18:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1359408678-2099340390-3988896321-1006\Software\SecuROM\License information*]
"datasecu"=hex:84,d1,5d,e5,09,68,36,33,f6,b0,d7,56,7d,ca,85,cb,e1,b7,21,28,e6,
cb,7d,ba,f8,c0,b5,de,f4,96,d8,e3,99,8a,27,f7,c9,2b,ef,b7,85,79,2d,f5,7f,0f,\
"rkeysecu"=hex:7d,40,10,cb,c7,39,e0,67,0a,69,a8,47,07,da,5b,5c
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1252)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
Completion time: 2012-08-10 18:19:17
ComboFix-quarantined-files.txt 2012-08-10 22:19
.
Pre-Run: 248,982,536,192 bytes free
Post-Run: 251,277,946,880 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 8DC16CFE0A6ACC8C057D8FAE6D9F8608

[Gammo]

Please run a new Quick Scan with OTL and post the resulting log file in your next reply.


Also please do this:

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish, so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

[paukid]

Hi

here is OTL report. I am running MBAM now and will post as soon as it is done

Paul

OTL logfile created on: 8/11/2012 8:16:20 AM - Run 2
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\ME\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 2.05 Gb Available Physical Memory | 74.46% Memory free
6.79 Gb Paging File | 6.20 Gb Available in Paging File | 91.27% Paging File free
Paging file location(s): C:\pagefile.sys 4300 7000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 461.06 Gb Total Space | 233.76 Gb Free Space | 50.70% Space Free | Partition Type: NTFS
Drive E: | 3.43 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: PAUKID | User Name: ME | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/09 18:13:13 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ME\My Documents\Downloads\OTL.exe
PRC - [2012/08/06 05:57:44 | 000,031,808 | ---- | M] (Just Develop It) -- C:\Program Files\JustCloud\BackupStack.exe
PRC - [2012/07/12 16:52:04 | 001,289,732 | ---- | M] (NCH Software) -- C:\Program Files\NCH Software\Eyeline\eyeline.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/07/03 12:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/07/03 12:21:27 | 000,133,912 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2011/01/13 07:20:00 | 000,041,296 | ---- | M] (AOL Inc.) -- C:\Program Files\AOL Desktop 9.6\waol.exe
PRC - [2011/01/13 07:19:58 | 000,045,392 | ---- | M] (AOL Inc.) -- C:\Program Files\AOL Desktop 9.6\shellmon.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/26 17:33:00 | 000,135,168 | ---- | M] (Vimicro Corporation) -- C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe
PRC - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2006/07/27 08:19:00 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2003/08/27 12:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/11 02:09:13 | 001,792,512 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12081100\algo.dll
MOD - [2012/08/10 13:35:50 | 001,792,512 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12081001\algo.dll
MOD - [2012/06/13 21:20:43 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012/06/13 21:20:35 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012/06/13 21:17:31 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/13 21:17:20 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/06/13 21:15:38 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/06/13 21:15:35 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/06/13 21:15:34 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2012/05/22 21:49:28 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\29bce0113d611084a9329349e33528ac\System.EnterpriseServices.ni.dll
MOD - [2012/05/22 21:47:13 | 000,679,936 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\129b15861e200613ff78ae15581f9093\System.Security.ni.dll
MOD - [2012/05/22 21:47:10 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/22 21:25:28 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/22 21:24:09 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/22 21:24:02 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/05/15 06:18:00 | 001,570,624 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nView.dll
MOD - [2012/05/15 06:18:00 | 000,357,184 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvShell.dll
MOD - [2011/11/03 11:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2011/01/13 07:20:01 | 000,048,640 | ---- | M] () -- C:\Program Files\AOL Desktop 9.6\zlib.dll
MOD - [2010/04/18 09:58:58 | 000,904,704 | ---- | M] () -- C:\Program Files\JustCloud\x86\System.Data.SQLite.dll
MOD - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
MOD - [2006/10/20 01:34:18 | 000,118,784 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\dlcqdrpp.dll
MOD - [2006/06/15 06:28:24 | 000,012,288 | ---- | M] () -- C:\Program Files\Dell PC Fax\dlctrstr.dll
MOD - [2006/06/15 06:04:32 | 000,040,960 | ---- | M] () -- C:\WINDOWS\system32\DLPRMON.DLL
MOD - [2006/06/15 06:01:58 | 000,032,768 | ---- | M] () -- C:\Program Files\Dell PC Fax\ipcmt.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/08/06 05:57:44 | 000,031,808 | ---- | M] (Just Develop It) [Auto | Running] -- C:\Program Files\JustCloud\BackupStack.exe -- (BackupStack)
SRV - [2012/08/03 08:51:47 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/12 16:52:04 | 001,289,732 | ---- | M] (NCH Software) [Auto | Running] -- C:\Program Files\NCH Software\Eyeline\eyeline.exe -- (EyelineService)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/07/03 12:21:27 | 000,133,912 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2012/05/15 06:18:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011/12/12 13:17:04 | 001,030,112 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe -- (DMRepairService)
SRV - [2011/12/12 13:16:54 | 001,038,304 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe -- (DMDefragService)
SRV - [2011/12/12 13:16:40 | 000,793,056 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2008/05/02 03:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2006/11/03 15:44:28 | 000,537,480 | ---- | M] ( ) [Disabled | Stopped] -- C:\WINDOWS\system32\dlcqcoms.exe -- (dlcq_device)
SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Start_Pending] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2003/08/27 12:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\CM106.sys -- (USBMULCD)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\ME\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/07/12 16:53:37 | 000,037,656 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stdriverx86.sys -- (stdriver)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/07/03 12:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/07/03 12:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/07/03 12:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/07/03 12:21:53 | 000,202,928 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2012/07/03 12:21:53 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/07/03 12:21:53 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/07/03 12:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/07/03 12:21:53 | 000,018,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012/07/03 12:21:52 | 000,113,776 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2012/07/03 12:21:52 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/12/12 13:17:34 | 000,128,120 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCTDSMon.sys -- (PCTDSMon)
DRV - [2011/12/12 13:17:28 | 000,108,864 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCTDMDefrag.sys -- (PCTDMDefrag)
DRV - [2011/05/27 11:12:33 | 000,017,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hitmanpro35.sys -- (hitmanpro35)
DRV - [2011/05/10 07:40:58 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\aswNdis.sys -- (aswNdis)
DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/03/11 14:13:10 | 000,252,032 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMUVC.sys -- (VMUVC)
DRV - [2008/11/12 16:59:08 | 000,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008/11/12 16:59:06 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2008/07/15 18:12:38 | 001,173,016 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2008/07/15 18:11:14 | 000,092,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2008/07/15 18:10:28 | 000,157,208 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2008/07/15 18:09:44 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2008/07/15 18:08:36 | 000,127,000 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2008/07/15 18:08:08 | 000,347,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2008/07/15 18:07:18 | 000,527,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k)
DRV - [2008/07/15 18:06:46 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2008/07/15 17:23:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - [2008/07/15 17:23:22 | 000,170,520 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - [2008/07/15 17:22:46 | 001,323,544 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV - [2008/07/01 11:12:32 | 000,398,720 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vvftUVC.sys -- (vvftUVC)
DRV - [2008/04/13 14:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 14:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2008/02/29 04:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008/02/29 04:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 04:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2006/10/19 11:20:06 | 000,010,664 | ---- | M] (Applied Networking Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gan_adapter.sys -- (hamachi_oem)
DRV - [2006/08/03 06:40:40 | 000,105,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2006/07/27 08:24:28 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/03/09 08:25:00 | 000,143,872 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/02/04 23:09:06 | 000,380,800 | ---- | M] (Lumanate, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Angel2.sys -- (Angel2)
DRV - [2005/09/29 08:34:58 | 000,056,960 | ---- | M] (OrangeWare Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ousb2hub.sys -- (ousb2hub)
DRV - [2005/09/29 08:34:50 | 000,045,824 | ---- | M] (OrangeWare Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ousbehci.sys -- (ousbehci)
DRV - [2003/01/10 17:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)
DRV - [1999/09/10 07:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070104
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070104
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.yhs4.searc...831,19249,0,8,0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AA 7A DE 67 BB 6E CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...0000019b91b4c90
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...s}&locale=en_US
IE - HKCU\..\SearchScopes\{52B7FCF5-B7BE-4ADC-938D-30E29AA867E6}: "URL" = http://search.yahoo....0831,6901,0,8,0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.aol.com"
FF - prefs.js..browser.search.selectedEngine: "AIM Search"
FF - prefs.js..keyword.URL: "http://slirsredirect...ir=2706&query="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007/06/01 10:11:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/03/24 08:09:33 | 000,000,000 | ---D | M]

[2012/08/04 20:53:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ME\Application Data\Mozilla\Firefox\Profiles\85m9xln3.default\extensions
[2012/08/04 20:53:16 | 000,000,000 | ---D | M] (ShopToWin17) -- C:\Documents and Settings\ME\Application Data\Mozilla\Firefox\Profiles\85m9xln3.default\extensions\{6cfa2c5b-274f-4d68-a6e4-bfb31acd5ee4}
[2008/04/22 20:17:49 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Documents and Settings\ME\Application Data\Mozilla\Firefox\Profiles\85m9xln3.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2009/10/02 20:49:01 | 000,000,000 | ---D | M] (Microsoft Choice Guard) -- C:\Documents and Settings\ME\Application Data\Mozilla\Firefox\Profiles\85m9xln3.default\extensions\ChoiceGuard@Microsoft
[2012/05/23 20:52:23 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\ME\Application Data\Mozilla\Firefox\Profiles\85m9xln3.default\extensions\[email protected]
[2010/02/04 17:45:40 | 000,002,254 | ---- | M] () -- C:\Documents and Settings\ME\Application Data\Mozilla\Firefox\Profiles\85m9xln3.default\searchplugins\askcom.xml
[2007/06/01 10:11:46 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MOZILLA\FIREFOX EXTENSIONS\{3112CA9C-DE6D-4884-A869-9855DE68056C}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\[email protected]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://search.babylo...0000019b91b4c90
CHR - Extension: Entanglement = C:\Documents and Settings\ME\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\ME\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: Poppit = C:\Documents and Settings\ME\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\ME\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2012/08/10 18:17:17 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1171741720\ee\aolsoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [VMonitorVMUVC] C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe (Vimicro Corporation)
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files\AOL Desktop 9.6\AOL.EXE (AOL Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech....Detection32.cab (Reg Error: Key error.)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (Reg Error: Key error.)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/...UI.cab55579.cab (Reg Error: Key error.)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} http://fpdownload2.m...ash/swflash.cab (MetaStreamCtl Class)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/...dy.cab55579.cab (MSN Games – Buddy Invite)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/...at.cab55579.cab (MSN Games – Game Chat)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1203786165421 (MUWebControl Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} http://zone.msn.com/...of.cab55579.cab (ZPA_WheelOfFortune Object)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} http://zone.msn.com/...tz.cab99160.cab (MSN Games – Hearts)
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} http://zone.msn.com/...he.cab79352.cab (MSN Games – Texas Holdem Poker)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/...xy.cab55579.cab (MSN Games – Game Communicator)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} http://zone.msn.com/...rp.cab56961.cab (ChessControl Class)
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} http://zone.msn.com/...PA.cab55579.cab (CheckersZPA Object)
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} http://zone.msn.com/...on.cab64162.cab (MSN Games – Backgammon)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.254.1 167.206.254.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89AF5929-1A46-4276-B83E-F8527C5CA95C}: DhcpNameServer = 167.206.254.1 167.206.254.2
O18 - Protocol\Handler\mhtml - No CLSID value found
O18 - Protocol\Handler\wlmailhtml - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logitech\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\ME\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\ME\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 06:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /k:\??\C: *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/10 18:45:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ME\Desktop\geeks
[2012/08/10 18:07:35 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/08/10 18:05:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/08/10 18:05:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/08/10 18:05:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/08/10 18:05:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/08/10 18:01:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/10 12:30:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/10 03:00:16 | 000,000,000 | ---D | C] -- C:\f8569b408a79588482
[2012/08/09 03:00:13 | 000,000,000 | ---D | C] -- C:\747afd3070833fb001ebf5d04f
[2012/08/08 18:19:46 | 000,000,000 | ---D | C] -- C:\7d3cb50f9af876c8e9d870d39ca2
[2012/08/07 22:01:30 | 000,000,000 | ---D | C] -- C:\1c34bbd4805baba3a112f91957
[2012/08/07 03:00:14 | 000,000,000 | ---D | C] -- C:\ae947c7caf017d408e28d726c47234
[2012/08/06 18:18:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ME\SyncFolder
[2012/08/06 18:15:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ME\Start Menu\Programs\JustCloud
[2012/08/06 18:15:26 | 000,000,000 | ---D | C] -- C:\Program Files\JustCloud
[2012/08/06 07:33:22 | 000,000,000 | ---D | C] -- C:\7acdaa2495b90f76693344
[2012/08/05 12:31:19 | 000,000,000 | ---D | C] -- C:\2b259c5d11c8500b0318563e
[2012/08/05 11:48:01 | 000,000,000 | ---D | C] -- C:\e481a584ec95bb35b9a599c13a
[2012/08/05 08:25:06 | 000,000,000 | ---D | C] -- C:\06a69f3f19f7f9150bfd3f3648be5e
[2012/08/05 08:07:38 | 000,000,000 | ---D | C] -- C:\e561c0d8b11805ce14d6153eccd2
[2012/08/05 06:00:15 | 000,000,000 | ---D | C] -- C:\62395aec449060b9e2086d
[2012/08/04 22:40:00 | 000,000,000 | ---D | C] -- C:\14fe568a6b3dcf1d5816c7d4ee
[2012/08/04 21:56:37 | 000,000,000 | ---D | C] -- C:\a80f5c3737434fc907
[2012/08/04 21:41:07 | 000,000,000 | ---D | C] -- C:\8e7e3f5f9291050dd87355c042aacb
[2012/08/04 20:51:07 | 001,561,792 | ---- | C] (W3i, LLC) -- C:\Documents and Settings\ME\Desktop\7zip_installer_1650.exe
[2012/08/04 18:07:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ME\Application Data\MSNInstaller
[2012/07/14 18:53:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ME\Desktop\PCGS
[2012/07/12 16:53:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Audio Related Programs
[2007/01/14 18:43:50 | 000,089,680 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\ME\MSSSerif120.fon
[92 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[31 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/11 07:54:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/11 07:51:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/08/11 07:48:00 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/08/11 04:25:22 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/11 04:25:19 | 000,000,874 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/10 18:17:17 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/08/10 18:07:41 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2012/08/10 18:04:01 | 000,000,651 | ---- | M] () -- C:\Documents and Settings\ME\Desktop\Shortcut to ComboFix.exe.lnk
[2012/08/10 17:54:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/10 17:53:59 | 2950,008,832 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/07 20:21:56 | 000,054,472 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000004-00001102-00000005-10031102}.rfx
[2012/08/07 20:21:56 | 000,054,472 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000004-00001102-00000005-10031102}.rfx
[2012/08/07 20:21:56 | 000,000,788 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000004-00001102-00000005-10031102}.rfx
[2012/08/05 06:17:41 | 000,008,354 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2012/08/05 06:00:13 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/08/04 20:51:08 | 001,561,792 | ---- | M] (W3i, LLC) -- C:\Documents and Settings\ME\Desktop\7zip_installer_1650.exe
[2012/08/04 19:29:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/08/03 20:52:59 | 000,248,832 | ---- | M] () -- C:\Documents and Settings\ME\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/01 22:34:29 | 000,000,262 | ---- | M] () -- C:\WINDOWS\tasks\debutShakeIcon.job
[2012/07/31 12:33:00 | 000,000,262 | ---- | M] () -- C:\WINDOWS\tasks\prismShakeIcon.job
[2012/07/25 17:21:52 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\ME\Desktop\Microsoft Word 2010.lnk
[2012/07/20 19:43:09 | 000,000,214 | ---- | M] () -- C:\Documents and Settings\ME\Desktop\RAGE.url
[2012/07/19 16:52:00 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\eyelineSevenDays.job
[2012/07/15 19:52:02 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\SoundTapReminder.job
[2012/07/12 16:53:38 | 000,001,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SoundTap Streaming Audio Recorder.lnk
[2012/07/12 16:53:37 | 000,037,656 | ---- | M] () -- C:\WINDOWS\System32\drivers\stdriverx86.sys
[2012/07/12 16:52:05 | 000,000,787 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Eyeline Video System.lnk
[92 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[31 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/10 18:05:17 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/08/10 18:05:17 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/08/10 18:05:17 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/08/10 18:05:17 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/08/10 18:05:17 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/08/10 18:04:01 | 000,000,651 | ---- | C] () -- C:\Documents and Settings\ME\Desktop\Shortcut to ComboFix.exe.lnk
[2012/08/04 22:38:18 | 2950,008,832 | -HS- | C] () -- C:\hiberfil.sys
[2012/08/01 22:34:28 | 000,000,262 | ---- | C] () -- C:\WINDOWS\tasks\debutShakeIcon.job
[2012/07/28 12:33:22 | 000,000,262 | ---- | C] () -- C:\WINDOWS\tasks\prismShakeIcon.job
[2012/07/20 19:43:09 | 000,000,214 | ---- | C] () -- C:\Documents and Settings\ME\Desktop\RAGE.url
[2012/07/12 19:52:37 | 000,000,274 | ---- | C] () -- C:\WINDOWS\tasks\SoundTapReminder.job
[2012/07/12 16:53:38 | 000,001,911 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\SoundTap Streaming Audio Recorder.lnk
[2012/07/12 16:53:38 | 000,001,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SoundTap Streaming Audio Recorder.lnk
[2012/07/12 16:53:37 | 000,037,656 | ---- | C] () -- C:\WINDOWS\System32\drivers\stdriverx86.sys
[2012/07/12 16:52:08 | 000,000,270 | ---- | C] () -- C:\WINDOWS\tasks\eyelineSevenDays.job
[2012/07/12 16:52:05 | 000,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Eyeline Video System.lnk
[2012/07/12 16:52:05 | 000,000,787 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Eyeline Video System.lnk
[2012/07/07 19:37:55 | 000,140,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2012/07/07 19:37:54 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\ME\Application Data\PnkBstrK.sys
[2012/07/07 19:37:23 | 000,298,016 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2012/07/07 19:37:16 | 003,130,440 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_blr.exe
[2012/07/07 19:37:16 | 000,076,888 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2012/05/03 19:49:04 | 000,082,227 | ---- | C] () -- C:\Documents and Settings\ME\Application Data\mv.db
[2012/05/03 19:49:04 | 000,000,058 | ---- | C] () -- C:\Documents and Settings\ME\Application Data\settings.ini
[2012/03/02 21:24:33 | 009,342,976 | ---- | C] () -- C:\Documents and Settings\ME\s-1-5-21-1359408678-2099340390-3988896321-1006.rrr
[2012/03/02 19:27:22 | 000,037,344 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe
[2012/02/15 03:30:33 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/27 09:00:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2012/01/26 20:27:27 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2012/01/26 20:27:27 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2012/01/26 20:27:27 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2012/01/26 20:27:27 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2012/01/26 20:27:27 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2012/01/26 20:27:27 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2012/01/26 20:27:27 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2012/01/26 20:27:27 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2012/01/26 20:27:27 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2012/01/26 20:27:27 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2012/01/26 20:27:27 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2012/01/26 20:27:27 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2012/01/26 20:27:27 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2012/01/26 20:27:27 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2012/01/26 20:27:27 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2012/01/26 20:27:27 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2012/01/26 20:26:00 | 000,000,079 | ---- | C] () -- C:\WINDOWS\ENX625.ini
[2011/09/12 19:28:34 | 000,000,173 | ---- | C] () -- C:\WINDOWS\CmdFile.INI
[2011/05/27 09:59:45 | 000,017,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/05/21 06:01:00 | 002,807,708 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2010/10/18 20:56:00 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/10/14 02:36:44 | 000,179,263 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/09/26 11:45:01 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\ME\Application Data\setup_ldm.iss
[2007/11/23 17:24:53 | 000,001,362 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/01/13 02:18:17 | 000,248,832 | ---- | C] () -- C:\Documents and Settings\ME\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/13 01:30:57 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\ME\Local Settings\Application Data\fusioncache.dat

========== LOP Check ==========

[2008/12/01 06:33:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/05/30 11:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/05/27 12:27:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/05/23 20:52:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2007/01/14 17:14:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2011/08/20 09:28:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJ
[2011/07/02 13:29:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2007/05/07 00:45:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2007/05/07 00:05:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenu
[2010/11/28 13:19:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Mender
[2012/03/11 20:29:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2012/03/18 11:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Logs
[2012/03/11 20:29:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2012/01/26 20:31:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2011/05/27 11:10:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2012/03/11 19:28:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Origin
[2008/10/25 14:59:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2008/01/09 20:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2010/05/03 18:22:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2011/03/27 23:48:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/11/07 20:53:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2008/09/12 23:43:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\acccore
[2008/04/26 09:01:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\Aim
[2010/10/24 00:55:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\Auslogics
[2012/05/23 20:52:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\Babylon
[2012/02/03 21:06:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\Canon
[2010/04/17 12:37:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\CNC_Generals_World
[2010/04/18 19:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\Command & Conquer 3 Kane's Wrath
[2010/04/16 16:49:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\Command & Conquer 3 Tiberium Wars
[2010/09/04 16:58:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\Command and Conquer 4
[2012/03/24 08:10:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\DDMSettings
[2012/01/27 05:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\Epson
[2009/03/28 16:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\gnupg
[2007/01/14 18:43:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\Leadertech
[2012/05/23 20:53:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\Media Player Lite
[2012/08/04 18:07:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\MSNInstaller
[2012/03/11 19:25:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\Origin
[2012/03/02 19:25:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\Product_PT
[2011/11/12 12:17:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\Product_RM
[2011/11/12 22:00:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\Registry Mechanic
[2008/05/24 11:27:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\SmartDraw
[2010/10/30 20:32:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\Uniblue
[2008/08/09 06:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ME\Application Data\Windows Search
[2012/08/11 07:48:00 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job
[2012/08/01 22:34:29 | 000,000,262 | ---- | M] () -- C:\WINDOWS\Tasks\debutShakeIcon.job
[2012/07/19 16:52:00 | 000,000,270 | ---- | M] () -- C:\WINDOWS\Tasks\eyelineSevenDays.job
[2012/07/31 12:33:00 | 000,000,262 | ---- | M] () -- C:\WINDOWS\Tasks\prismShakeIcon.job
[2012/07/15 19:52:02 | 000,000,274 | ---- | M] () -- C:\WINDOWS\Tasks\SoundTapReminder.job

========== Purity Check ==========



< End of report >

[Gammo]

After you've ran Malwarebytes Anti-Malware and posted the log file, please do this:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...0000019b91b4c90
  IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...s}&locale=en_US
  FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
  [2009/10/02 20:49:01 | 000,000,000 | ---D | M] (Microsoft Choice Guard) -- C:\Documents and Settings\ME\Application Data\Mozilla\Firefox\Profiles\85m9xln3.default\extensions\ChoiceGuard@Microsoft
  [2012/05/23 20:52:23 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\ME\Application Data\Mozilla\Firefox\Profiles\85m9xln3.default\extensions\[email protected]
  [2010/02/04 17:45:40 | 000,002,254 | ---- | M] () -- C:\Documents and Settings\ME\Application Data\Mozilla\Firefox\Profiles\85m9xln3.default\searchplugins\askcom.xml
  [92 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
  [31 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
  [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
  
  :Files
  C:\Documents and Settings\Administrator\Application Data\Viewpoint
  C:\Documents and Settings\All Users\Application Data\Babylon
  C:\Documents and Settings\All Users\Application Data\Viewpoint
  C:\Documents and Settings\ME\Application Data\Babylon
  C:\Program Files\Viewpoint
  

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done

1. Did OTL freeze again, or did it run successfully?
2. How is your PC running now?

[paukid]

Hi
here is MBAM report that was in the log tab. It looks different than what was produced after the MBAM scan but this is what was in the log.

There were 5 malware items that Malwarebytes deleted.

Still not able to open anything by double left clicking

I await your next steps

thank you again as always
Paul

2012/08/11 04:25:32 -0400 PAUKID ME MESSAGE Starting IP protection
2012/08/11 04:25:35 -0400 PAUKID ME MESSAGE IP Protection started successfully
2012/08/11 08:28:52 -0400 PAUKID ME MESSAGE Starting database refresh
2012/08/11 08:28:52 -0400 PAUKID ME MESSAGE Stopping IP protection
2012/08/11 08:28:52 -0400 PAUKID ME MESSAGE IP Protection stopped
2012/08/11 08:28:58 -0400 PAUKID ME MESSAGE Database refreshed successfully
2012/08/11 08:28:58 -0400 PAUKID ME MESSAGE Starting IP protection
2012/08/11 08:29:00 -0400 PAUKID ME MESSAGE IP Protection started successfully
2012/08/11 08:58:20 -0400 PAUKID MESSAGE Starting protection
2012/08/11 08:58:52 -0400 PAUKID ME MESSAGE Protection started successfully
2012/08/11 08:58:55 -0400 PAUKID ME MESSAGE Starting IP protection
2012/08/11 08:59:16 -0400 PAUKID ME MESSAGE IP Protection started successfully

[Gammo]

Please run the OTL fix as instructions in my previous post.

1. Did OTL freeze again, or did it run successfully?
2. How is your PC running now?

[paukid]

hello
I ran OTL and it ran successfully this time I am still unable to open any of my Microsoft programs with a double left click or even with a right click and selecting OPEN. Internet Explorer will not open, Media Player or any of my games, Microsoft Office progams (WORD/EXCEL etc.). I am also still unable to open any JPEG files etc. Its almost like the installer programs that allows these programs to open up are gone. Can you tell if I have everything I need on my computer to open up these programs again?

I just went to reboot and Windows wanted to install an update so that is what is happening now but it tried to do this a few days ago before you and I started to work together and it just locked up and never really downloaded the update. As I write this to you on my other computer, it looks like it is happening again and has locked up. I will probaly have to shut down manually and reboot.

Also another thing i wanted to let you know is that for a few weeks now when i go to start up my computer and you get to the black screen that says "Please select the operating system to start:" on top of the screen? For the past 3 or 4 weeks I have needed to highlight the bar that says, "Windows XP Media Center Edition" in order to start Windows manually. In the past, my computer used to just do this automatically but now it stops at that screen until you hit enter manually.

I am getting discouraged that this may not be able to be fixed I hope you can still help

thanks
Paul