Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I don't know what I have, if I have it!

Started by v.of.t.us , Oct 03 2012 09:09 PM

  • Please log in to reply

#1
v.of.t.us
Posted 03 October 2012 - 09:09 PM

v.of.t.us

    Member

  • Member
  • PipPip
  • 63 posts
Windows updates not installing, or indicating it was installed but continues to indicate it needs to be installed. I now have them hidden. I also tried to upgrade to IE 8 through updates, in the update history it indicates it has been installed but the program is IE7.

It all started with Avast indicating it wasn't working. I wasn't able to "fix it", uninstall or reinstall it (I don't remember the error message). I found a removal tool, ran it in safe mode, which successfully completely removed it, then I was able to reinstall it. Ran a boottime scan with nothing found. Removed several programs through "programs and features" uninstall.

Now receiving several information boxes when opening IE "This page is accessing information that is not under it control. This poses a security risk. Do you want to continue". The program will stop working and shut down on occasion.

In running OTL quick scan an error message of "There is no disk in the drive. Please insert a disk in the drive \Device\Harddisk4\DR4" I have a screen print of this error if you would like to see it. I had to select "cancel" 10 times before the scan continued.

I have total faith in GTG, you have helped me with friend's systems with total success. This is my system, thanks for your help in advance. Vilma

OTL logfile created on: 10/3/2012 9:09:47 PM - Run 1
OTL by OldTimer - Version 3.2.70.2 Folder = C:\Users\Vaughan's\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 45.22% Memory free
4.23 Gb Paging File | 2.73 Gb Available in Paging File | 64.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 281.79 Gb Total Space | 115.63 Gb Free Space | 41.03% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.84 Gb Free Space | 58.43% Space Free | Partition Type: NTFS

Computer Name: VAUGHANS-PC | User Name: Vaughan's | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/03 21:07:30 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\Vaughan's\Desktop\OTL.exe
PRC - [2012/08/21 04:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/08/21 04:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/07/30 15:02:22 | 000,640,480 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2011/01/10 09:24:20 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/01/10 09:24:20 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/01/10 09:24:20 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/21 00:45:00 | 000,960,536 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2009/01/21 00:34:36 | 000,377,232 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009/01/21 00:34:26 | 000,618,936 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009/01/21 00:06:10 | 004,359,280 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2008/12/20 08:50:34 | 002,656,528 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008/12/20 08:46:58 | 000,558,864 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2008/12/16 22:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/01/19 02:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/09/04 14:52:08 | 000,095,536 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
PRC - [2007/02/08 00:16:24 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe
PRC - [2006/11/18 07:01:42 | 000,182,744 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
PRC - [2006/11/18 07:01:32 | 000,272,856 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
PRC - [2006/11/18 07:01:26 | 000,195,032 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
PRC - [2006/11/12 02:19:46 | 000,446,976 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2006/11/02 07:33:21 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
PRC - [2006/10/29 09:03:30 | 000,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
PRC - [2006/09/29 12:39:20 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/09/29 12:38:50 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2006/09/26 10:56:00 | 000,423,424 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
PRC - [2006/04/28 09:14:44 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/14 06:39:13 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\65f4d9a8fc295689d68109d0099b356b\System.Management.ni.dll
MOD - [2011/09/14 06:38:51 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9c6fe9d44d22834993e9aa23cc9dc272\System.Windows.Forms.ni.dll
MOD - [2011/09/14 06:38:34 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\64b4c60e1b2b417000db5d8c2828a53f\System.Drawing.ni.dll
MOD - [2011/09/14 06:38:33 | 011,801,088 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\cbca3ed989b8fc96e76f14602ad9c424\System.Web.ni.dll
MOD - [2011/09/14 06:38:25 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\4a2709dbba56d5df9d51d86e68af99ad\System.Runtime.Remoting.ni.dll
MOD - [2011/09/14 06:38:09 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f4e9769eaf42b9c2c0d795b1a99c3dbc\System.Xml.ni.dll
MOD - [2011/09/14 06:38:04 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\415e665ca509b2ed73569278ad57f043\System.Configuration.ni.dll
MOD - [2011/09/14 06:26:14 | 007,949,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b8e4a9556d3ddd49ec70aae0516c2007\System.ni.dll
MOD - [2011/09/14 06:26:06 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\894183c0c47bd4772fbfad4c1a7e3b71\mscorlib.ni.dll
MOD - [2010/09/10 21:20:51 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
MOD - [2008/12/20 08:50:34 | 002,656,528 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
MOD - [2008/12/20 08:46:58 | 000,558,864 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2006/10/26 16:21:22 | 000,056,056 | ---- | M] () -- C:\Windows\System32\DLAAPI_W.DLL
MOD - [2006/10/24 23:44:00 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus®
SRV - [2012/09/21 07:00:40 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/21 04:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/01/10 09:24:20 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/01/10 09:24:20 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2009/09/07 11:45:34 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/01/21 00:34:26 | 000,618,936 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008/12/16 22:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2006/11/18 07:01:26 | 000,195,032 | ---- | M] (Intel® Corporation) [On_Demand | Running] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService)
SRV - [2006/11/18 07:00:48 | 000,550,872 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service)
SRV - [2006/11/18 07:00:06 | 000,174,552 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL)
SRV - [2006/11/18 06:59:38 | 000,081,880 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe -- (ISSM)
SRV - [2006/11/18 06:59:02 | 000,032,216 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server)
SRV - [2006/11/07 13:27:02 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/10/29 09:03:30 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2006/09/29 12:38:50 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DDMI2.sys -- (SDDMI2)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/08/21 04:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/08/21 04:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/08/21 04:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/08/21 04:13:14 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/08/21 04:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/08/21 04:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/01 03:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2009/02/12 19:25:22 | 000,971,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpm174.sys -- (tdrpman174)
DRV - [2009/02/12 19:25:16 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2009/02/12 19:25:16 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/02/12 19:25:14 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snman380.sys -- (snapman380)
DRV - [2008/12/17 01:01:42 | 006,364,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2008/12/17 01:01:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/12/17 01:00:12 | 000,768,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/12/16 22:58:54 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/01/18 23:25:05 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2007/10/11 20:59:12 | 001,920,920 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2007/04/09 06:57:52 | 000,005,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntelDH.sys -- (IntelDH)
DRV - [2007/02/08 20:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 20:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/02/08 00:16:26 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/11/18 07:01:08 | 000,018,904 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP)
DRV - [2006/10/26 16:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/10/26 16:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/10/26 16:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/10/26 16:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/10/26 16:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/10/26 16:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/10/26 16:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/26 16:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/10/24 23:53:08 | 002,068,992 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/10/19 15:49:48 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsunidr.sys -- (nmsunidr)
DRV - [2006/10/18 13:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/09/27 16:37:24 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsgopro.sys -- (nmsgopro)
DRV - [2006/08/17 15:43:52 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Program Files\DellSupport\Drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A88135E-B445-4749-BA63-5A5DA6B39EF8}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DKUS
IE - HKLM\..\SearchScopes\{6A88135E-B445-4749-BA63-5A5DA6B39EF8}: "URL" = http://search.yahoo....ferrer:source?}
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://wpad.wildblue.com/wpad.dat

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{6A88135E-B445-4749-BA63-5A5DA6B39EF8}: "URL" = http://search.yahoo....ferrer:source?}
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2009/09/18 09:06:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vaughan's\AppData\Roaming\Mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - Extension: No name found = C:\Users\Vaughan's\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\

O1 HOSTS File: ([2009/11/18 20:30:19 | 000,357,492 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 12263 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel® Corporation)
O4 - HKLM..\Run: [ECenter] c:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [HPAIO_PrintFolderMgr] C:\Windows\system32\spool\DRIVERS\W32X86\hpoopm07.exe File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [NMSSupport] C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)
O4 - HKLM..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &Search - ?p=ZNxmk772MNUS File not found
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2010/11/15 20:18:55 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2010/11/15 20:18:55 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2010/11/15 20:18:55 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2010/11/15 20:18:55 | 000,000,000 | ---D | M]
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: wildblue.net ([myaccount] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Unable to open value key)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Unable to open value key)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 12.189.32.61
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45CE29D6-1893-4CDA-B1C9-B60078A6B1BB}: DhcpNameServer = 12.189.32.61
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Vaughan's\Pictures\zebra[1].jpg
O24 - Desktop BackupWallPaper: C:\Users\Vaughan's\Pictures\zebra[1].jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{47dc0a90-a2b5-11de-b0cf-0019d1601368}\Shell - "" = AutoRun
O33 - MountPoints2\{47dc0a90-a2b5-11de-b0cf-0019d1601368}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{86fd41c9-e4e5-11df-b91d-0019d1601368}\Shell - "" = AutoRun
O33 - MountPoints2\{86fd41c9-e4e5-11df-b91d-0019d1601368}\Shell\AutoRun\command - "" = G:\PhotoViewer.exe
O33 - MountPoints2\{dd8f4b50-1f8b-11de-854e-0019d1601368}\Shell - "" = AutoRun
O33 - MountPoints2\{dd8f4b50-1f8b-11de-854e-0019d1601368}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -a
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/03 21:07:16 | 000,601,088 | ---- | C] (OldTimer Tools) -- C:\Users\Vaughan's\Desktop\OTL.exe
[2012/10/03 06:59:19 | 000,355,632 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/10/03 06:59:19 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/10/03 06:59:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/10/03 06:59:10 | 000,729,752 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/10/03 06:59:10 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/10/03 06:59:10 | 000,035,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/10/03 06:59:09 | 000,058,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/10/03 06:58:18 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/10/03 06:57:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/10/03 06:57:54 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/10/01 20:14:04 | 000,000,000 | ---D | C] -- C:\Users\Vaughan's\Desktop\arches
[2012/09/27 06:38:30 | 000,000,000 | ---D | C] -- C:\bd262357ca8e37f92dfeeb266070

========== Files - Modified Within 30 Days ==========

[2012/10/03 21:13:45 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{30407CB6-FBC4-47DD-BA61-15B1A43B98AA}.job
[2012/10/03 21:13:14 | 000,002,627 | ---- | M] () -- C:\Users\Vaughan's\Desktop\Microsoft Office Word 2007.lnk
[2012/10/03 21:09:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/03 21:07:30 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\Vaughan's\Desktop\OTL.exe
[2012/10/03 20:59:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/03 20:47:32 | 000,002,633 | ---- | M] () -- C:\Users\Vaughan's\Desktop\Microsoft Office Outlook 2007.lnk
[2012/10/03 20:37:36 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/03 20:37:36 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/03 18:37:39 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/03 18:37:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/03 12:08:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/10/03 06:59:20 | 000,001,831 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/10/03 06:59:09 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt

========== Files Created - No Company Name ==========

[2012/10/03 06:59:20 | 000,001,831 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2009/07/23 08:05:58 | 000,000,680 | ---- | C] () -- C:\Users\Vaughan's\AppData\Local\d3d9caps.dat
[2008/08/09 17:12:49 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/08/04 10:27:06 | 000,000,632 | RHS- | C] () -- C:\Users\Vaughan's\ntuser.pol
[2007/04/11 22:50:14 | 000,236,032 | ---- | C] () -- C:\Users\Vaughan's\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 07:53:06 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/04/11 01:28:24 | 011,584,000 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2009/09/06 07:31:35 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\Acronis
[2009/10/02 20:57:57 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\Advanced Audio Recorder
[2011/03/06 19:13:32 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\Catalina Marketing Corp
[2009/03/20 06:18:32 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/10/02 21:37:58 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\Dropbox
[2009/10/19 07:45:58 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\Gold Casual Games
[2009/11/07 12:26:31 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\GSplit
[2011/12/01 08:18:54 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\jdvoicemail
[2008/10/29 06:21:21 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\Leadertech
[2012/01/05 09:54:51 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\LimeWire
[2009/10/19 15:39:25 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\QuotePad
[2009/10/28 08:22:36 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\SecondLife
[2009/08/21 22:09:17 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\Ubisoft
[2009/09/23 09:23:13 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\w.bloggar
[2009/09/25 11:34:59 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 183 bytes -> C:\ProgramData\TEMP:B0D4D817
@Alternate Data Stream - 164 bytes -> C:\Users\Vaughan's\Desktop\Porch Material List.TIF:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:0A73A758
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:BBE01348
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:25DB76AE

< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 04 October 2012 - 07:09 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets check your system out

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :OTL
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
@Alternate Data Stream - 164 bytes -> C:\Users\Vaughan's\Desktop\Porch Material List.TIF:3or4kl4x13tuuug3Byamue2s4b

:Files
ipconfig /flushdns /c
netsh int ip reset c:\resetlog.txt  /c
ipconfig /release /c
ipconfig /renew /c

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


THEN

Download aswMBR.exe ( 4.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
v.of.t.us
Posted 04 October 2012 - 07:46 PM

v.of.t.us

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Hiya, Thanks for your help.

Below are the logs. in running the OTL quick scan, I received the same error about the disk, I cancel the message 9 times, and it continued.

OTL logfile created on: 10/4/2012 7:50:37 PM - Run 2
OTL by OldTimer - Version 3.2.70.2 Folder = C:\Users\Vaughan's\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.89 Gb Available Physical Memory | 44.65% Memory free
4.23 Gb Paging File | 2.91 Gb Available in Paging File | 68.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 281.79 Gb Total Space | 115.58 Gb Free Space | 41.02% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.84 Gb Free Space | 58.43% Space Free | Partition Type: NTFS

Computer Name: VAUGHANS-PC | User Name: Vaughan's | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/03 21:07:30 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\Vaughan's\Desktop\OTL.exe
PRC - [2012/08/21 04:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/08/21 04:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/07/30 15:02:22 | 000,640,480 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2011/01/10 09:24:20 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/01/10 09:24:20 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/01/10 09:24:20 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/21 00:45:00 | 000,960,536 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2009/01/21 00:34:36 | 000,377,232 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009/01/21 00:34:26 | 000,618,936 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009/01/21 00:06:10 | 004,359,280 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2008/12/20 08:50:34 | 002,656,528 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008/12/20 08:46:58 | 000,558,864 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2008/12/16 22:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/01/19 02:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/19 02:33:16 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
PRC - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/09/04 14:52:08 | 000,095,536 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
PRC - [2007/02/08 00:16:24 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe
PRC - [2006/11/18 07:01:42 | 000,182,744 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
PRC - [2006/11/18 07:01:32 | 000,272,856 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
PRC - [2006/11/18 07:01:26 | 000,195,032 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
PRC - [2006/11/12 02:19:46 | 000,446,976 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2006/11/02 07:33:21 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
PRC - [2006/10/29 09:03:30 | 000,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
PRC - [2006/09/29 12:39:20 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/09/29 12:38:50 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2006/09/26 10:56:00 | 000,423,424 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
PRC - [2006/04/28 09:14:44 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/14 06:39:13 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\65f4d9a8fc295689d68109d0099b356b\System.Management.ni.dll
MOD - [2011/09/14 06:38:51 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9c6fe9d44d22834993e9aa23cc9dc272\System.Windows.Forms.ni.dll
MOD - [2011/09/14 06:38:34 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\64b4c60e1b2b417000db5d8c2828a53f\System.Drawing.ni.dll
MOD - [2011/09/14 06:38:33 | 011,801,088 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\cbca3ed989b8fc96e76f14602ad9c424\System.Web.ni.dll
MOD - [2011/09/14 06:38:25 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\4a2709dbba56d5df9d51d86e68af99ad\System.Runtime.Remoting.ni.dll
MOD - [2011/09/14 06:38:09 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f4e9769eaf42b9c2c0d795b1a99c3dbc\System.Xml.ni.dll
MOD - [2011/09/14 06:38:04 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\415e665ca509b2ed73569278ad57f043\System.Configuration.ni.dll
MOD - [2011/09/14 06:26:14 | 007,949,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b8e4a9556d3ddd49ec70aae0516c2007\System.ni.dll
MOD - [2011/09/14 06:26:06 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\894183c0c47bd4772fbfad4c1a7e3b71\mscorlib.ni.dll
MOD - [2010/09/10 21:20:51 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
MOD - [2008/12/20 08:50:34 | 002,656,528 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
MOD - [2008/12/20 08:46:58 | 000,558,864 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2006/10/26 16:21:22 | 000,056,056 | ---- | M] () -- C:\Windows\System32\DLAAPI_W.DLL
MOD - [2006/10/24 23:44:00 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus®
SRV - [2012/09/21 07:00:40 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/21 04:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/01/10 09:24:20 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/01/10 09:24:20 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2009/09/07 11:45:34 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/01/21 00:34:26 | 000,618,936 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008/12/16 22:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2006/11/18 07:01:26 | 000,195,032 | ---- | M] (Intel® Corporation) [On_Demand | Running] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService)
SRV - [2006/11/18 07:00:48 | 000,550,872 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service)
SRV - [2006/11/18 07:00:06 | 000,174,552 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL)
SRV - [2006/11/18 06:59:38 | 000,081,880 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe -- (ISSM)
SRV - [2006/11/18 06:59:02 | 000,032,216 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server)
SRV - [2006/11/07 13:27:02 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/10/29 09:03:30 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2006/09/29 12:38:50 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DDMI2.sys -- (SDDMI2)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/08/21 04:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/08/21 04:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/08/21 04:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/08/21 04:13:14 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/08/21 04:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/08/21 04:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/01 03:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2009/02/12 19:25:22 | 000,971,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpm174.sys -- (tdrpman174)
DRV - [2009/02/12 19:25:16 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2009/02/12 19:25:16 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/02/12 19:25:14 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snman380.sys -- (snapman380)
DRV - [2008/12/17 01:01:42 | 006,364,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2008/12/17 01:01:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/12/17 01:00:12 | 000,768,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/12/16 22:58:54 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/01/18 23:25:05 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2007/10/11 20:59:12 | 001,920,920 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2007/04/09 06:57:52 | 000,005,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntelDH.sys -- (IntelDH)
DRV - [2007/02/08 20:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 20:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/02/08 00:16:26 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/11/18 07:01:08 | 000,018,904 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP)
DRV - [2006/10/26 16:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/10/26 16:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/10/26 16:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/10/26 16:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/10/26 16:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/10/26 16:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/10/26 16:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/26 16:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/10/24 23:53:08 | 002,068,992 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/10/19 15:49:48 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsunidr.sys -- (nmsunidr)
DRV - [2006/10/18 13:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/09/27 16:37:24 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsgopro.sys -- (nmsgopro)
DRV - [2006/08/17 15:43:52 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Program Files\DellSupport\Drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A88135E-B445-4749-BA63-5A5DA6B39EF8}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DKUS
IE - HKLM\..\SearchScopes\{6A88135E-B445-4749-BA63-5A5DA6B39EF8}: "URL" = http://search.yahoo....ferrer:source?}
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://wpad.wildblue.com/wpad.dat

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{6A88135E-B445-4749-BA63-5A5DA6B39EF8}: "URL" = http://search.yahoo....ferrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2009/09/18 09:06:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vaughan's\AppData\Roaming\Mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - Extension: No name found = C:\Users\Vaughan's\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\

O1 HOSTS File: ([2012/10/04 19:37:37 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel® Corporation)
O4 - HKLM..\Run: [ECenter] c:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [HPAIO_PrintFolderMgr] C:\Windows\system32\spool\DRIVERS\W32X86\hpoopm07.exe File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [NMSSupport] C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)
O4 - HKLM..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &Search - ?p=ZNxmk772MNUS File not found
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2010/11/15 20:18:55 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2010/11/15 20:18:55 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2010/11/15 20:18:55 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2010/11/15 20:18:55 | 000,000,000 | ---D | M]
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: wildblue.net ([myaccount] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Unable to open value key)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Unable to open value key)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 12.189.32.61
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45CE29D6-1893-4CDA-B1C9-B60078A6B1BB}: DhcpNameServer = 12.189.32.61
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Vaughan's\Pictures\zebra[1].jpg
O24 - Desktop BackupWallPaper: C:\Users\Vaughan's\Pictures\zebra[1].jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{47dc0a90-a2b5-11de-b0cf-0019d1601368}\Shell - "" = AutoRun
O33 - MountPoints2\{47dc0a90-a2b5-11de-b0cf-0019d1601368}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{86fd41c9-e4e5-11df-b91d-0019d1601368}\Shell - "" = AutoRun
O33 - MountPoints2\{86fd41c9-e4e5-11df-b91d-0019d1601368}\Shell\AutoRun\command - "" = G:\PhotoViewer.exe
O33 - MountPoints2\{dd8f4b50-1f8b-11de-854e-0019d1601368}\Shell - "" = AutoRun
O33 - MountPoints2\{dd8f4b50-1f8b-11de-854e-0019d1601368}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -a
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/04 19:37:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/03 21:07:16 | 000,601,088 | ---- | C] (OldTimer Tools) -- C:\Users\Vaughan's\Desktop\OTL.exe
[2012/10/03 06:59:19 | 000,355,632 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/10/03 06:59:19 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/10/03 06:59:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/10/03 06:59:10 | 000,729,752 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/10/03 06:59:10 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/10/03 06:59:10 | 000,035,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/10/03 06:59:09 | 000,058,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/10/03 06:58:18 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/10/03 06:57:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/10/03 06:57:54 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/10/01 20:14:04 | 000,000,000 | ---D | C] -- C:\Users\Vaughan's\Desktop\arches
[2012/09/27 06:38:30 | 000,000,000 | ---D | C] -- C:\bd262357ca8e37f92dfeeb266070

========== Files - Modified Within 30 Days ==========

[2012/10/04 19:51:49 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{30407CB6-FBC4-47DD-BA61-15B1A43B98AA}.job
[2012/10/04 19:44:25 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/04 19:42:00 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/04 19:42:00 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/04 19:41:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/04 19:37:37 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/10/04 19:23:31 | 000,002,633 | ---- | M] () -- C:\Users\Vaughan's\Desktop\Microsoft Office Outlook 2007.lnk
[2012/10/04 19:09:17 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/04 18:59:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/04 12:08:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/10/03 21:13:14 | 000,002,627 | ---- | M] () -- C:\Users\Vaughan's\Desktop\Microsoft Office Word 2007.lnk
[2012/10/03 21:07:30 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\Vaughan's\Desktop\OTL.exe
[2012/10/03 06:59:20 | 000,001,831 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/10/03 06:59:09 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt

========== Files Created - No Company Name ==========

[2012/10/03 06:59:20 | 000,001,831 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2009/07/23 08:05:58 | 000,000,680 | ---- | C] () -- C:\Users\Vaughan's\AppData\Local\d3d9caps.dat
[2008/08/09 17:12:49 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/08/04 10:27:06 | 000,000,632 | RHS- | C] () -- C:\Users\Vaughan's\ntuser.pol
[2007/04/11 22:50:14 | 000,236,032 | ---- | C] () -- C:\Users\Vaughan's\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 07:53:06 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/04/11 01:28:24 | 011,584,000 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2009/09/06 07:31:35 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\Acronis
[2009/10/02 20:57:57 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\Advanced Audio Recorder
[2011/03/06 19:13:32 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\Catalina Marketing Corp
[2009/03/20 06:18:32 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/10/02 21:37:58 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\Dropbox
[2009/10/19 07:45:58 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\Gold Casual Games
[2009/11/07 12:26:31 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\GSplit
[2011/12/01 08:18:54 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\jdvoicemail
[2008/10/29 06:21:21 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\Leadertech
[2012/01/05 09:54:51 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\LimeWire
[2009/10/19 15:39:25 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\QuotePad
[2009/10/28 08:22:36 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\SecondLife
[2009/08/21 22:09:17 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\Ubisoft
[2009/09/23 09:23:13 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\w.bloggar
[2009/09/25 11:34:59 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 183 bytes -> C:\ProgramData\TEMP:B0D4D817
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:0A73A758
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:BBE01348
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:25DB76AE

< End of report >


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-04 20:10:17
-----------------------------
20:10:17.206 OS Version: Windows 6.0.6002 Service Pack 2
20:10:17.206 Number of processors: 2 586 0xF06
20:10:17.207 ComputerName: VAUGHANS-PC UserName: Vaughan's
20:10:19.480 Initialize success
20:10:20.567 AVAST engine defs: 12100500
20:10:27.460 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
20:10:27.461 Disk 0 Vendor: WDC_WD32 21.0 Size: 305245MB BusType: 3
20:10:27.487 Disk 0 MBR read successfully
20:10:27.489 Disk 0 MBR scan
20:10:27.491 Disk 0 Windows VISTA default MBR code
20:10:27.495 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
20:10:27.501 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 98304
20:10:27.518 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 288553 MB offset 21069848
20:10:27.521 Disk 0 Partition - 00 05 Extended 6400 MB offset 612028305
20:10:27.552 Disk 0 Partition 4 00 BC BOOTWIZ0 6400 MB offset 612028368
20:10:27.557 Disk 0 scanning sectors +625137345
20:10:27.608 Disk 0 scanning C:\Windows\system32\drivers
20:10:43.819 Service scanning
20:11:09.193 Modules scanning
20:11:39.389 Disk 0 trace - called modules:
20:11:39.407 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
20:11:39.411 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x873154d0]
20:11:39.414 3 CLASSPNP.SYS[891898b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0x85fed030]
20:11:40.526 AVAST engine scan C:\Windows
20:11:43.960 AVAST engine scan C:\Windows\system32
20:16:06.938 AVAST engine scan C:\Windows\system32\drivers
20:16:37.605 AVAST engine scan C:\Users\Vaughan's
20:36:09.598 AVAST engine scan C:\ProgramData
20:44:19.011 Scan finished successfully
20:45:58.710 Disk 0 MBR has been saved successfully to "C:\Users\Vaughan's\Desktop\MBR.dat"
20:45:58.715 The log file has been saved successfully to "C:\Users\Vaughan's\Desktop\aswMBR.txt"
  • 0

#4
Essexboy
Posted 05 October 2012 - 06:02 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

20:10:27.495 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
20:10:27.501 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 98304
20:10:27.518 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 288553 MB offset 21069848
20:10:27.521 Disk 0 Partition - 00 05 Extended 6400 MB offset 612028305
20:10:27.552 Disk 0 Partition 4 00 BC BOOTWIZ0 6400 MB offset 612028368

This appears to be the reason for the disc error

So I would like a slightly different look at the MBR

  • Download RogueKiller and save it on your desktop.

    NOTE: If using IE8 or better Smartscreen Filter will need to be disabled
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
    Posted Image
  • Wait for the end of the scan.
  • The report has been created on the desktop.

  • 0

#5
v.of.t.us
Posted 05 October 2012 - 06:18 AM

v.of.t.us

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
hmmm, hardware issue?

Here's the report:

RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Vaughan's [Admin rights]
Mode : Scan -- Date : 10/05/2012 07:13:39

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH][DLL] explorer.exe -- C:\Windows\explorer.exe : C:\Windows\TEMP\logishrd\LVPrcInj04.dll -> UNLOADED

¤¤¤ Registry Entries : 7 ¤¤¤
[TASK][SUSP PATH] Seagate 2GHKD0B6 Product Registration (Vaughan's) : C:\Users\Vaughan's\AppData\Roaming\Leadertech\PowerRegister\Seagate 2GHKD0B6 Product Registration.exe /remind /language=ENU /loadsrnm="2GHKD0B6" /SRNM="2GHKD0B6" /BRND="Seagate" /BDSR="Seagate 2GHKD0B6" -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[SHELL][BLPATH] [ON_D:]HKLM\Software[...]\Winlogon : Shell (cmd.exe /k start cmd.exe) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\Users\Default\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

ÿ₫1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200KS-75PFB0 +++++
--- User ---
[MBR] 79ca405704049314cc60ebd6a32ef0b1
[BSP] cb96dfa00f188250b5f4e01fecd4dba3 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 98304 | Size: 10240 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21069848 | Size: 288553 Mo
3 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 612028305 | Size: 6400 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

Thank you for your help, V.
  • 0

#6
Essexboy
Posted 05 October 2012 - 06:25 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Maybe not hardware as aswMBR reports 5 partitions but all else report 4

Lets run a check disc first. There are step by step instructions here use method 1

On completion could you re-run OTL and let me know if you get the same error
  • 0

#7
v.of.t.us
Posted 05 October 2012 - 09:00 PM

v.of.t.us

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Okay,

Check disk has run without errors, OTL scan contiues to give the drive error (attached is the screen print). At the bottom of the OTL window, where it indicates the files being scanned; the error is displayed when the "KEY_CURRENT_USER\SOFTWARE\Microsoft\WIndows\CurrentVersion\Explorer\MountPoints2\{dd8f4b50-1"is to be scanned. I select the cancel button 4 times, then the next file is "KEY_CURRENT_USER\SOFTWARE\Microsoft\WIndows\CurrentVersion\Explorer\MountPoints2\l\shell\Auto", again I select the cancel the button 5 times, the error clears and the scan contiues without further error.

Also, IE continues to display an information box as the home page, or while the yahoo page, loads. I don;t get the information boxes when I'm on the GTG page. And when I close out of the home page or yahoo page, I get a box indicating Internet Explorer has quit working, and is closing. I don't get that error when I close out of GTG site. I hope this information helps in some way.

Here is the log from the last OTL scan.

OTL logfile created on: 10/5/2012 9:10:03 PM - Run 3
OTL by OldTimer - Version 3.2.70.2 Folder = C:\Users\Vaughan's\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.17 Gb Available Physical Memory | 58.52% Memory free
4.23 Gb Paging File | 3.11 Gb Available in Paging File | 73.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 281.79 Gb Total Space | 116.30 Gb Free Space | 41.27% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.84 Gb Free Space | 58.43% Space Free | Partition Type: NTFS

Computer Name: VAUGHANS-PC | User Name: Vaughan's | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/03 21:07:30 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\Vaughan's\Desktop\OTL.exe
PRC - [2012/08/21 04:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/08/21 04:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/07/30 15:02:22 | 000,640,480 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2011/01/10 09:24:20 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/01/10 09:24:20 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/01/10 09:24:20 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/21 00:45:00 | 000,960,536 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2009/01/21 00:34:36 | 000,377,232 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009/01/21 00:34:26 | 000,618,936 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009/01/21 00:06:10 | 004,359,280 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2008/12/20 08:50:34 | 002,656,528 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008/12/20 08:46:58 | 000,558,864 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2008/12/16 22:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/01/19 02:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/09/04 14:52:08 | 000,095,536 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
PRC - [2007/02/08 00:16:24 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe
PRC - [2006/11/18 07:01:42 | 000,182,744 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
PRC - [2006/11/18 07:01:32 | 000,272,856 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
PRC - [2006/11/18 07:01:26 | 000,195,032 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
PRC - [2006/11/12 02:19:46 | 000,446,976 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2006/11/02 07:33:21 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
PRC - [2006/10/29 09:03:30 | 000,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
PRC - [2006/09/29 12:39:20 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/09/29 12:38:50 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2006/09/26 10:56:00 | 000,423,424 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
PRC - [2006/04/28 09:14:44 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/14 06:39:13 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\65f4d9a8fc295689d68109d0099b356b\System.Management.ni.dll
MOD - [2011/09/14 06:38:51 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9c6fe9d44d22834993e9aa23cc9dc272\System.Windows.Forms.ni.dll
MOD - [2011/09/14 06:38:34 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\64b4c60e1b2b417000db5d8c2828a53f\System.Drawing.ni.dll
MOD - [2011/09/14 06:38:33 | 011,801,088 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\cbca3ed989b8fc96e76f14602ad9c424\System.Web.ni.dll
MOD - [2011/09/14 06:38:25 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\4a2709dbba56d5df9d51d86e68af99ad\System.Runtime.Remoting.ni.dll
MOD - [2011/09/14 06:38:09 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f4e9769eaf42b9c2c0d795b1a99c3dbc\System.Xml.ni.dll
MOD - [2011/09/14 06:38:04 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\415e665ca509b2ed73569278ad57f043\System.Configuration.ni.dll
MOD - [2011/09/14 06:26:14 | 007,949,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b8e4a9556d3ddd49ec70aae0516c2007\System.ni.dll
MOD - [2011/09/14 06:26:06 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\894183c0c47bd4772fbfad4c1a7e3b71\mscorlib.ni.dll
MOD - [2010/09/10 21:20:51 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
MOD - [2008/12/20 08:50:34 | 002,656,528 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
MOD - [2008/12/20 08:46:58 | 000,558,864 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2006/10/26 16:21:22 | 000,056,056 | ---- | M] () -- C:\Windows\System32\DLAAPI_W.DLL
MOD - [2006/10/24 23:44:00 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus®
SRV - [2012/09/21 07:00:40 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/21 04:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/01/10 09:24:20 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/01/10 09:24:20 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2009/09/07 11:45:34 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/01/21 00:34:26 | 000,618,936 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008/12/16 22:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2006/11/18 07:01:26 | 000,195,032 | ---- | M] (Intel® Corporation) [On_Demand | Running] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService)
SRV - [2006/11/18 07:00:48 | 000,550,872 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service)
SRV - [2006/11/18 07:00:06 | 000,174,552 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL)
SRV - [2006/11/18 06:59:38 | 000,081,880 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe -- (ISSM)
SRV - [2006/11/18 06:59:02 | 000,032,216 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server)
SRV - [2006/11/07 13:27:02 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/10/29 09:03:30 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2006/09/29 12:38:50 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DDMI2.sys -- (SDDMI2)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/08/21 04:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/08/21 04:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/08/21 04:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/08/21 04:13:14 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/08/21 04:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/08/21 04:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/01 03:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2009/02/12 19:25:22 | 000,971,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpm174.sys -- (tdrpman174)
DRV - [2009/02/12 19:25:16 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2009/02/12 19:25:16 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/02/12 19:25:14 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snman380.sys -- (snapman380)
DRV - [2008/12/17 01:01:42 | 006,364,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2008/12/17 01:01:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/12/17 01:00:12 | 000,768,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/12/16 22:58:54 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/01/18 23:25:05 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2007/10/11 20:59:12 | 001,920,920 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2007/04/09 06:57:52 | 000,005,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntelDH.sys -- (IntelDH)
DRV - [2007/02/08 20:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 20:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/02/08 00:16:26 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/11/18 07:01:08 | 000,018,904 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP)
DRV - [2006/10/26 16:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/10/26 16:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/10/26 16:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/10/26 16:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/10/26 16:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/10/26 16:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/10/26 16:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/26 16:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/10/24 23:53:08 | 002,068,992 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/10/19 15:49:48 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsunidr.sys -- (nmsunidr)
DRV - [2006/10/18 13:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/09/27 16:37:24 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsgopro.sys -- (nmsgopro)
DRV - [2006/08/17 15:43:52 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Program Files\DellSupport\Drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A88135E-B445-4749-BA63-5A5DA6B39EF8}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DKUS
IE - HKLM\..\SearchScopes\{6A88135E-B445-4749-BA63-5A5DA6B39EF8}: "URL" = http://search.yahoo....ferrer:source?}
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://wpad.wildblue.com/wpad.dat

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{6A88135E-B445-4749-BA63-5A5DA6B39EF8}: "URL" = http://search.yahoo....ferrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2009/09/18 09:06:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vaughan's\AppData\Roaming\Mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - Extension: No name found = C:\Users\Vaughan's\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\

O1 HOSTS File: ([2012/10/04 19:37:37 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel® Corporation)
O4 - HKLM..\Run: [ECenter] c:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [HPAIO_PrintFolderMgr] C:\Windows\system32\spool\DRIVERS\W32X86\hpoopm07.exe File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [NMSSupport] C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)
O4 - HKLM..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &Search - ?p=ZNxmk772MNUS File not found
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2010/11/15 20:18:55 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2010/11/15 20:18:55 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2010/11/15 20:18:55 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2010/11/15 20:18:55 | 000,000,000 | ---D | M]
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: wildblue.net ([myaccount] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Unable to open value key)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Unable to open value key)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 12.189.32.61
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45CE29D6-1893-4CDA-B1C9-B60078A6B1BB}: DhcpNameServer = 12.189.32.61
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Vaughan's\Pictures\zebra[1].jpg
O24 - Desktop BackupWallPaper: C:\Users\Vaughan's\Pictures\zebra[1].jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{47dc0a90-a2b5-11de-b0cf-0019d1601368}\Shell - "" = AutoRun
O33 - MountPoints2\{47dc0a90-a2b5-11de-b0cf-0019d1601368}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{86fd41c9-e4e5-11df-b91d-0019d1601368}\Shell - "" = AutoRun
O33 - MountPoints2\{86fd41c9-e4e5-11df-b91d-0019d1601368}\Shell\AutoRun\command - "" = G:\PhotoViewer.exe
O33 - MountPoints2\{dd8f4b50-1f8b-11de-854e-0019d1601368}\Shell - "" = AutoRun
O33 - MountPoints2\{dd8f4b50-1f8b-11de-854e-0019d1601368}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -a
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/05 07:10:57 | 000,000,000 | ---D | C] -- C:\Users\Vaughan's\Desktop\RK_Quarantine
[2012/10/04 20:09:17 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Vaughan's\Desktop\aswMBR.exe
[2012/10/04 19:37:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/03 21:07:16 | 000,601,088 | ---- | C] (OldTimer Tools) -- C:\Users\Vaughan's\Desktop\OTL.exe
[2012/10/03 06:59:19 | 000,355,632 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/10/03 06:59:19 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/10/03 06:59:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/10/03 06:59:10 | 000,729,752 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/10/03 06:59:10 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/10/03 06:59:10 | 000,035,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/10/03 06:59:09 | 000,058,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/10/03 06:58:18 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/10/03 06:57:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/10/03 06:57:54 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/10/01 20:14:04 | 000,000,000 | ---D | C] -- C:\Users\Vaughan's\Desktop\arches
[2012/09/27 06:38:30 | 000,000,000 | ---D | C] -- C:\bd262357ca8e37f92dfeeb266070

========== Files - Modified Within 30 Days ==========

[2012/10/05 21:15:19 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{30407CB6-FBC4-47DD-BA61-15B1A43B98AA}.job
[2012/10/05 21:09:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/05 20:59:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/05 19:56:54 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/05 19:56:54 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/05 12:08:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/10/05 09:57:19 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/05 09:56:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/05 07:10:05 | 001,422,336 | ---- | M] () -- C:\Users\Vaughan's\Desktop\RogueKiller.exe
[2012/10/04 21:28:47 | 000,002,633 | ---- | M] () -- C:\Users\Vaughan's\Desktop\Microsoft Office Outlook 2007.lnk
[2012/10/04 20:45:58 | 000,000,512 | ---- | M] () -- C:\Users\Vaughan's\Desktop\MBR.dat
[2012/10/04 20:09:20 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Vaughan's\Desktop\aswMBR.exe
[2012/10/04 19:37:37 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/10/03 21:13:14 | 000,002,627 | ---- | M] () -- C:\Users\Vaughan's\Desktop\Microsoft Office Word 2007.lnk
[2012/10/03 21:07:30 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\Vaughan's\Desktop\OTL.exe
[2012/10/03 06:59:20 | 000,001,831 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/10/03 06:59:09 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt

========== Files Created - No Company Name ==========

[2012/10/05 07:09:55 | 001,422,336 | ---- | C] () -- C:\Users\Vaughan's\Desktop\RogueKiller.exe
[2012/10/04 20:45:58 | 000,000,512 | ---- | C] () -- C:\Users\Vaughan's\Desktop\MBR.dat
[2012/10/03 06:59:20 | 000,001,831 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2009/07/23 08:05:58 | 000,000,680 | ---- | C] () -- C:\Users\Vaughan's\AppData\Local\d3d9caps.dat
[2008/08/09 17:12:49 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/08/04 10:27:06 | 000,000,632 | RHS- | C] () -- C:\Users\Vaughan's\ntuser.pol
[2007/04/11 22:50:14 | 000,236,032 | ---- | C] () -- C:\Users\Vaughan's\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 07:53:06 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/04/11 01:28:24 | 011,584,000 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2009/09/06 07:31:35 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\Acronis
[2009/10/02 20:57:57 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\Advanced Audio Recorder
[2011/03/06 19:13:32 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\Catalina Marketing Corp
[2009/03/20 06:18:32 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/10/02 21:37:58 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\Dropbox
[2009/10/19 07:45:58 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\Gold Casual Games
[2009/11/07 12:26:31 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\GSplit
[2011/12/01 08:18:54 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\jdvoicemail
[2008/10/29 06:21:21 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\Leadertech
[2012/01/05 09:54:51 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\LimeWire
[2009/10/19 15:39:25 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\QuotePad
[2009/10/28 08:22:36 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\SecondLife
[2009/08/21 22:09:17 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\Ubisoft
[2009/09/23 09:23:13 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\w.bloggar
[2009/09/25 11:34:59 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 183 bytes -> C:\ProgramData\TEMP:B0D4D817
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:0A73A758
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:BBE01348
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:25DB76AE

< End of report >

Thank you, Vilma.
  • 0

#8
Essexboy
Posted 06 October 2012 - 04:21 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
We have a minor problem with this version of OTL could you delete the current copy from your desktop and download this version, then run the following scan .. There will only be one log this time

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    qmgr.dll
    /md5stop
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#9
v.of.t.us
Posted 06 October 2012 - 06:17 AM

v.of.t.us

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
The version of OTL, after I removed the last one and downloaded from the link you provided, is 3.2.69.0. It didn't have the option to to include 64 bits, it didn't produce the extras log.

OTL logfile created on: 10/6/2012 6:32:48 AM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Vaughan's\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 41.44% Memory free
4.23 Gb Paging File | 2.84 Gb Available in Paging File | 67.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 281.79 Gb Total Space | 118.05 Gb Free Space | 41.89% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.84 Gb Free Space | 58.43% Space Free | Partition Type: NTFS

Computer Name: VAUGHANS-PC | User Name: Vaughan's | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/06 06:30:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Vaughan's\Desktop\OTL.exe
PRC - [2012/08/21 04:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/08/21 04:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/07/30 15:02:22 | 000,640,480 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2011/01/10 09:24:20 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/01/10 09:24:20 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/01/10 09:24:20 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2009/09/07 11:45:34 | 000,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/21 00:45:00 | 000,960,536 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2009/01/21 00:34:36 | 000,377,232 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009/01/21 00:34:26 | 000,618,936 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009/01/21 00:06:10 | 004,359,280 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2008/12/20 08:50:34 | 002,656,528 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008/12/20 08:46:58 | 000,558,864 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2008/12/16 22:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/01/19 02:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/09/04 14:52:08 | 000,095,536 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
PRC - [2007/02/08 00:16:24 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe
PRC - [2006/11/18 07:01:42 | 000,182,744 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
PRC - [2006/11/18 07:01:32 | 000,272,856 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
PRC - [2006/11/18 07:01:26 | 000,195,032 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
PRC - [2006/11/12 02:19:46 | 000,446,976 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2006/11/02 07:33:21 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
PRC - [2006/10/29 09:03:30 | 000,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
PRC - [2006/09/29 12:39:20 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/09/29 12:38:50 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2006/09/26 10:56:00 | 000,423,424 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
PRC - [2006/04/28 09:14:44 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/30 14:43:19 | 002,666,496 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 9.0\PDFMaker\Common\AdobePDFMakerX.dll
MOD - [2012/07/13 05:48:21 | 000,603,648 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswOtl.dll
MOD - [2012/02/19 07:57:12 | 002,359,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\b47b35ade29d637ac93c4483ed653cac\Microsoft.BusinessSolutions.eCRM.OutlookAddIn.ni.dll
MOD - [2011/09/14 06:40:38 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\11e7010bbb22a78ec4f9310bb5906686\CustomMarshalers.ni.dll
MOD - [2011/09/14 06:39:35 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Extensibility\0b4c5566118cc787cef138290afa52e8\Extensibility.ni.dll
MOD - [2011/09/14 06:39:29 | 004,466,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\aa16f0f0c8192b6e190ba4e9eed91750\Microsoft.BusinessSolutions.eCRM.OutlookAddIn.CSUtils.ni.dll
MOD - [2011/09/14 06:39:26 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\848ebb638e1b40c18a11029aa79104f0\Microsoft.VisualBasic.ni.dll
MOD - [2011/09/14 06:39:21 | 000,462,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\e948a2d060d56475952ef19fa50518c0\Microsoft.BusinessSolutions.eCRM.DataSync.ni.dll
MOD - [2011/09/14 06:39:21 | 000,391,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Iris.Mapi.MessageSt#\c5496864d29d85ef9c16abcc8b49f6b6\Iris.Mapi.MessageStore.ni.dll
MOD - [2011/09/14 06:39:13 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\65f4d9a8fc295689d68109d0099b356b\System.Management.ni.dll
MOD - [2011/09/14 06:39:11 | 003,826,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\BusinessLayer\47c48e56d4e283eb4a0d48691febed13\BusinessLayer.ni.dll
MOD - [2011/09/14 06:39:06 | 002,267,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\d4d7d22696b3c8c4f411ad8a46562272\Microsoft.Office.Interop.Outlook.ni.dll
MOD - [2011/09/14 06:39:02 | 001,039,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\fbfdbdf4391fe2dcb55c40dd82603024\Microsoft.Interop.Mapi.Impl.ni.dll
MOD - [2011/09/14 06:39:02 | 000,177,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\dd823d19a81aebd5e1f3d11c89e46897\Microsoft.Interop.Mapi.PropTags.ni.dll
MOD - [2011/09/14 06:39:00 | 001,526,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\BCMRes\415962932ee105a74540afe36097063e\BCMRes.ni.dll
MOD - [2011/09/14 06:38:59 | 000,963,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\office\a8161bbc7e46370af24ec0ac7629f980\office.ni.dll
MOD - [2011/09/14 06:38:59 | 000,044,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\stdole\6fb97ad4786df4e2a5c0edaa3a284de8\stdole.ni.dll
MOD - [2011/09/14 06:38:58 | 000,062,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.e#\e04b2aa02d542792300973a0ab81485c\Microsoft.Interop.eCRM.Ole.ni.dll
MOD - [2011/09/14 06:38:57 | 000,152,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\e048802cc7e06c1935f91375418a6954\Microsoft.Interop.Mapi.Interfaces.ni.dll
MOD - [2011/09/14 06:38:51 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9c6fe9d44d22834993e9aa23cc9dc272\System.Windows.Forms.ni.dll
MOD - [2011/09/14 06:38:34 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\64b4c60e1b2b417000db5d8c2828a53f\System.Drawing.ni.dll
MOD - [2011/09/14 06:38:33 | 011,801,088 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\cbca3ed989b8fc96e76f14602ad9c424\System.Web.ni.dll
MOD - [2011/09/14 06:38:25 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\4a2709dbba56d5df9d51d86e68af99ad\System.Runtime.Remoting.ni.dll
MOD - [2011/09/14 06:38:15 | 000,484,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\BCMCommon\dab2870e4a77ef197de2d960090b9659\BCMCommon.ni.dll
MOD - [2011/09/14 06:38:09 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f4e9769eaf42b9c2c0d795b1a99c3dbc\System.Xml.ni.dll
MOD - [2011/09/14 06:38:04 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\415e665ca509b2ed73569278ad57f043\System.Configuration.ni.dll
MOD - [2011/09/14 06:26:14 | 007,949,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b8e4a9556d3ddd49ec70aae0516c2007\System.ni.dll
MOD - [2011/09/14 06:26:06 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\894183c0c47bd4772fbfad4c1a7e3b71\mscorlib.ni.dll
MOD - [2011/06/22 12:46:12 | 000,434,016 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
MOD - [2010/09/10 21:20:51 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
MOD - [2009/06/18 07:26:11 | 000,310,720 | ---- | M] () -- C:\Windows\assembly\GAC_32\BCMCommon\3.0.0.0__31bf3856ad364e35\BCMCommon.dll
MOD - [2009/03/29 23:42:11 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2009/02/26 14:46:56 | 000,064,344 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
MOD - [2008/12/20 08:50:34 | 002,656,528 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
MOD - [2008/12/20 08:46:58 | 000,558,864 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2008/01/11 18:50:32 | 000,529,512 | ---- | M] () -- C:\Program Files\Microsoft Small Business\Business Contact Manager\en-US\BCMRes.resources.dll
MOD - [2008/01/07 07:47:40 | 000,591,976 | ---- | M] () -- C:\Windows\assembly\GAC_32\Microsoft.Interop.Mapi.Impl\3.0.0.0__31bf3856ad364e35\Microsoft.Interop.Mapi.Impl.dll
MOD - [2006/10/26 16:21:22 | 000,056,056 | ---- | M] () -- C:\Windows\System32\DLAAPI_W.DLL
MOD - [2006/10/24 23:44:00 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus®
SRV - [2012/09/21 07:00:40 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/21 04:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/01/10 09:24:20 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/01/10 09:24:20 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2009/09/07 11:45:34 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/01/21 00:34:26 | 000,618,936 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008/12/16 22:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2006/11/18 07:01:26 | 000,195,032 | ---- | M] (Intel® Corporation) [On_Demand | Running] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService)
SRV - [2006/11/18 07:00:48 | 000,550,872 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service)
SRV - [2006/11/18 07:00:06 | 000,174,552 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL)
SRV - [2006/11/18 06:59:38 | 000,081,880 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe -- (ISSM)
SRV - [2006/11/18 06:59:02 | 000,032,216 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server)
SRV - [2006/11/07 13:27:02 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/10/29 09:03:30 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2006/09/29 12:38:50 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DDMI2.sys -- (SDDMI2)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/08/21 04:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/08/21 04:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/08/21 04:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/08/21 04:13:14 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/08/21 04:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/08/21 04:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/01 03:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2009/02/12 19:25:22 | 000,971,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpm174.sys -- (tdrpman174)
DRV - [2009/02/12 19:25:16 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2009/02/12 19:25:16 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/02/12 19:25:14 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snman380.sys -- (snapman380)
DRV - [2008/12/17 01:01:42 | 006,364,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2008/12/17 01:01:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/12/17 01:00:12 | 000,768,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/12/16 22:58:54 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/01/18 23:25:05 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2007/10/11 20:59:12 | 001,920,920 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2007/04/09 06:57:52 | 000,005,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntelDH.sys -- (IntelDH)
DRV - [2007/02/08 20:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 20:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/02/08 00:16:26 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/11/18 07:01:08 | 000,018,904 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP)
DRV - [2006/10/26 16:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/10/26 16:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/10/26 16:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/10/26 16:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/10/26 16:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/10/26 16:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/10/26 16:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/26 16:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/10/24 23:53:08 | 002,068,992 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/10/19 15:49:48 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsunidr.sys -- (nmsunidr)
DRV - [2006/10/18 13:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/09/27 16:37:24 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsgopro.sys -- (nmsgopro)
DRV - [2006/08/17 15:43:52 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Program Files\DellSupport\Drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A88135E-B445-4749-BA63-5A5DA6B39EF8}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DKUS
IE - HKLM\..\SearchScopes\{6A88135E-B445-4749-BA63-5A5DA6B39EF8}: "URL" = http://search.yahoo....ferrer:source?}
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://wpad.wildblue.com/wpad.dat


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-847683800-2319636799-1453421709-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-847683800-2319636799-1453421709-1004\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-847683800-2319636799-1453421709-1004\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-847683800-2319636799-1453421709-1004\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-847683800-2319636799-1453421709-1004\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-847683800-2319636799-1453421709-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKU\S-1-5-21-847683800-2319636799-1453421709-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-847683800-2319636799-1453421709-1004\..\SearchScopes\{6A88135E-B445-4749-BA63-5A5DA6B39EF8}: "URL" = http://search.yahoo....ferrer:source?}
IE - HKU\S-1-5-21-847683800-2319636799-1453421709-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-847683800-2319636799-1453421709-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2009/09/18 09:06:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vaughan's\AppData\Roaming\Mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - Extension: No name found = C:\Users\Vaughan's\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\

O1 HOSTS File: ([2012/10/04 19:37:37 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-847683800-2319636799-1453421709-1004\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-847683800-2319636799-1453421709-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel® Corporation)
O4 - HKLM..\Run: [ECenter] c:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [HPAIO_PrintFolderMgr] C:\Windows\system32\spool\DRIVERS\W32X86\hpoopm07.exe File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [NMSSupport] C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)
O4 - HKLM..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-847683800-2319636799-1453421709-1004..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-847683800-2319636799-1453421709-1004..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-847683800-2319636799-1453421709-1004..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
O7 - HKU\S-1-5-21-847683800-2319636799-1453421709-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-847683800-2319636799-1453421709-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-847683800-2319636799-1453421709-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &Search - ?p=ZNxmk772MNUS File not found
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2010/11/15 20:18:55 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2010/11/15 20:18:55 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2010/11/15 20:18:55 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2010/11/15 20:18:55 | 000,000,000 | ---D | M]
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-847683800-2319636799-1453421709-1004\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-847683800-2319636799-1453421709-1004\..Trusted Domains: wildblue.net ([myaccount] https in Trusted sites)
O15 - HKU\S-1-5-21-847683800-2319636799-1453421709-1004\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 12.189.32.61
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45CE29D6-1893-4CDA-B1C9-B60078A6B1BB}: DhcpNameServer = 12.189.32.61
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Vaughan's\Pictures\zebra[1].jpg
O24 - Desktop BackupWallPaper: C:\Users\Vaughan's\Pictures\zebra[1].jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{47dc0a90-a2b5-11de-b0cf-0019d1601368}\Shell - "" = AutoRun
O33 - MountPoints2\{47dc0a90-a2b5-11de-b0cf-0019d1601368}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{86fd41c9-e4e5-11df-b91d-0019d1601368}\Shell - "" = AutoRun
O33 - MountPoints2\{86fd41c9-e4e5-11df-b91d-0019d1601368}\Shell\AutoRun\command - "" = G:\PhotoViewer.exe
O33 - MountPoints2\{dd8f4b50-1f8b-11de-854e-0019d1601368}\Shell - "" = AutoRun
O33 - MountPoints2\{dd8f4b50-1f8b-11de-854e-0019d1601368}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -a
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/10/06 06:30:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Vaughan's\Desktop\OTL.exe
[2012/10/05 07:10:57 | 000,000,000 | ---D | C] -- C:\Users\Vaughan's\Desktop\RK_Quarantine
[2012/10/04 20:09:17 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Vaughan's\Desktop\aswMBR.exe
[2012/10/04 19:37:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/03 06:59:19 | 000,355,632 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/10/03 06:59:19 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/10/03 06:59:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/10/03 06:59:10 | 000,729,752 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/10/03 06:59:10 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/10/03 06:59:10 | 000,035,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/10/03 06:59:09 | 000,058,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/10/03 06:58:18 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/10/03 06:57:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/10/03 06:57:54 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/10/01 20:14:04 | 000,000,000 | ---D | C] -- C:\Users\Vaughan's\Desktop\arches
[2012/09/27 06:38:30 | 000,000,000 | ---D | C] -- C:\bd262357ca8e37f92dfeeb266070

========== Files - Modified Within 30 Days ==========

[2012/10/06 06:30:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Vaughan's\Desktop\OTL.exe
[2012/10/06 06:24:54 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{30407CB6-FBC4-47DD-BA61-15B1A43B98AA}.job
[2012/10/06 06:24:23 | 000,002,633 | ---- | M] () -- C:\Users\Vaughan's\Desktop\Microsoft Office Outlook 2007.lnk
[2012/10/06 06:09:14 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/06 05:59:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/06 05:56:57 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/06 05:56:57 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/05 21:57:15 | 000,159,038 | ---- | M] () -- C:\Users\Vaughan's\Desktop\OTL scan error.pdf
[2012/10/05 12:08:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/10/05 09:57:19 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/05 09:56:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/05 07:10:05 | 001,422,336 | ---- | M] () -- C:\Users\Vaughan's\Desktop\RogueKiller.exe
[2012/10/04 20:09:20 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Vaughan's\Desktop\aswMBR.exe
[2012/10/04 19:37:37 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/10/03 21:13:14 | 000,002,627 | ---- | M] () -- C:\Users\Vaughan's\Desktop\Microsoft Office Word 2007.lnk
[2012/10/03 06:59:20 | 000,001,831 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/10/03 06:59:09 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt

========== Files Created - No Company Name ==========

[2012/10/05 21:57:15 | 000,159,038 | ---- | C] () -- C:\Users\Vaughan's\Desktop\OTL scan error.pdf
[2012/10/05 07:09:55 | 001,422,336 | ---- | C] () -- C:\Users\Vaughan's\Desktop\RogueKiller.exe
[2012/10/03 06:59:20 | 000,001,831 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2009/07/23 08:05:58 | 000,000,680 | ---- | C] () -- C:\Users\Vaughan's\AppData\Local\d3d9caps.dat
[2008/08/09 17:12:49 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/08/04 10:27:06 | 000,000,632 | RHS- | C] () -- C:\Users\Vaughan's\ntuser.pol
[2007/04/11 22:50:14 | 000,236,032 | ---- | C] () -- C:\Users\Vaughan's\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 07:53:06 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/04/11 01:28:24 | 011,584,000 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2009/09/06 07:31:35 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\Acronis
[2009/10/02 20:57:57 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\Advanced Audio Recorder
[2011/03/06 19:13:32 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\Catalina Marketing Corp
[2009/03/20 06:18:32 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/10/02 21:37:58 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\Dropbox
[2009/10/19 07:45:58 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\Gold Casual Games
[2009/11/07 12:26:31 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\GSplit
[2011/12/01 08:18:54 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\jdvoicemail
[2008/10/29 06:21:21 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\Leadertech
[2012/01/05 09:54:51 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\LimeWire
[2009/10/19 15:39:25 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\QuotePad
[2009/10/28 08:22:36 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\SecondLife
[2009/08/21 22:09:17 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\Ubisoft
[2009/09/23 09:23:13 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\w.bloggar
[2009/09/25 11:34:59 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2006/11/02 04:46:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2008/01/19 02:33:43 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2008/01/19 02:33:01 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2009/04/11 01:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2009/04/11 01:28:18 | 000,334,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2009/06/15 07:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/04/11 01:28:19 | 000,268,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2008/01/19 02:33:49 | 000,081,920 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2009/04/11 01:28:18 | 000,129,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2009/04/11 01:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2009/04/11 01:28:18 | 000,204,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/11 01:28:18 | 000,086,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2008/01/19 02:34:08 | 000,057,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/04/11 01:28:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2008/01/19 02:34:34 | 000,288,256 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2009/04/11 01:28:20 | 000,364,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009/04/11 01:28:24 | 000,311,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2008/01/19 02:34:49 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2008/01/19 02:35:36 | 000,274,432 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2008/01/19 02:35:36 | 000,237,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2008/01/19 02:35:38 | 000,168,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2008/01/19 02:35:57 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2009/04/11 01:28:25 | 000,222,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2009/04/11 01:28:05 | 000,127,488 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2009/06/15 07:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
SRV - [2009/04/11 01:28:19 | 000,564,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\emdmgmt.dll -- (EMDMgmt)
SRV - [2008/01/19 02:36:15 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2009/04/11 01:28:24 | 000,262,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2009/04/11 01:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2008/01/19 02:36:20 | 000,019,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2009/06/15 07:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/04/11 01:28:26 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2009/04/11 01:28:24 | 000,122,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2009/04/11 01:28:24 | 000,247,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/04/11 01:27:49 | 003,408,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SLsvc.exe -- (slsvc)
SRV - [2009/04/11 01:28:24 | 000,595,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2009/04/11 01:28:24 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/04/11 01:28:24 | 000,247,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (Themes)
SRV - [2009/04/11 01:28:23 | 000,153,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2009/04/11 01:28:10 | 001,055,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2009/04/11 01:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2009/04/11 01:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2008/01/19 02:36:20 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/11 01:28:25 | 001,017,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (Eventlog)
SRV - [2009/04/11 01:28:20 | 000,407,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2009/04/11 01:28:25 | 000,453,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (stisvc)
SRV - [2009/04/11 01:27:45 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/04/11 01:28:25 | 000,162,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2009/08/06 21:23:45 | 001,929,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2009/04/11 01:28:18 | 000,175,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/11 14:01:42 | 000,513,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2009/06/10 06:42:23 | 000,160,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2005/10/31 10:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe

< MD5 for: EXPLORER.EXE >
[2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007/11/14 17:40:44 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007/11/14 17:40:43 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 04:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 02:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: QMGR.DLL >
[2008/01/19 02:36:13 | 000,758,272 | ---- | M] (Microsoft Corporation) MD5=02ED7B4DBC2A3232A389106DA7515C3D -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_2390c4ecf9720b8c\qmgr.dll
[2006/11/02 04:46:12 | 000,749,568 | ---- | M] (Microsoft Corporation) MD5=733FB484A06B9D6A44DD9CA1D3BE937B -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6000.16386_none_215a02f0fc86fab8\qmgr.dll
[2009/04/11 01:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\System32\qmgr.dll
[2009/04/11 01:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6002.18005_none_257c3df8f693d6d8\qmgr.dll
[2007/08/29 16:40:15 | 000,750,080 | ---- | M] (Microsoft Corporation) MD5=DA551697E34D2B9943C8B1C8EAFFE89A -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6000.16531_none_218b14e6fc62ea9e\qmgr.dll
[2007/08/29 16:40:15 | 000,750,080 | ---- | M] (Microsoft Corporation) MD5=F1148566FA5173A4FD48AF8E8BC09401 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6000.20647_none_220fe38215833e63\qmgr.dll

< MD5 for: SERVICES >
[2006/09/18 16:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services
[2006/09/18 16:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services

< MD5 for: SERVICES.AIP >
[2008/09/18 03:07:48 | 000,118,784 | ---- | M] (Adobe Systems Incorporated) MD5=41EE0A80B951D675B9227F29651511E0 -- C:\Program Files\Adobe\Adobe Illustrator CS4\Plug-ins\Extensions\Services.aip

< MD5 for: SERVICES.EXE >
[2008/01/19 02:33:28 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2006/11/02 04:45:40 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=329CF3C97CE4C19375C8ABCABAE258B0 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
[2009/04/11 01:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 01:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2006/11/02 07:39:23 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\System32\en-US\services.exe.mui
[2006/11/02 07:39:23 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui
[2010/04/13 23:48:00 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=C780967616B794778D1B444B1DB550BB -- C:\Windows\System32\fr-FR\services.exe.mui
[2010/04/13 23:48:00 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=C780967616B794778D1B444B1DB550BB -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_fr-fr_0a4957fe1c0324f4\services.exe.mui
[2010/04/13 23:30:12 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=EF434E74FAA9EB9181B73817B851C0D8 -- C:\Windows\System32\pt-PT\services.exe.mui
[2010/04/13 23:30:12 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=EF434E74FAA9EB9181B73817B851C0D8 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_pt-pt_6a448b0b952d8a68\services.exe.mui

< MD5 for: SERVICES.ICO >
[2005/12/14 18:21:08 | 000,007,318 | ---- | M] () MD5=9443DA63ACDF55D7D153D6B22E40722E -- C:\Program Files\Yahoo!\Common\icons\services.ico

< MD5 for: SERVICES.LNK >
[2008/09/20 07:09:45 | 000,001,688 | ---- | M] () MD5=07DABE4BF61B9889721F8F70A3D045ED -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/09/20 07:09:45 | 000,001,688 | ---- | M] () MD5=07DABE4BF61B9889721F8F70A3D045ED -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2006/09/18 16:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2006/09/18 16:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.mof
[2006/09/18 16:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/18 16:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof

< MD5 for: SERVICES.MSC >
[2010/04/13 23:48:57 | 000,092,751 | ---- | M] () MD5=1E203CFA3C6C7661317793BEEBA3423B -- C:\Windows\System32\fr-FR\services.msc
[2010/04/13 23:48:57 | 000,092,751 | ---- | M] () MD5=1E203CFA3C6C7661317793BEEBA3423B -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_fr-fr_448b27e9f26cbee7\services.msc
[2006/11/02 07:39:59 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2006/09/18 16:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2006/11/02 07:39:59 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/18 16:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6000.16386_none_cd2d20a848cfd40f\services.msc
[2006/09/18 16:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc
[2010/04/13 23:30:04 | 000,092,750 | ---- | M] () MD5=D10CEC9EE745D47F175851A96897BA51 -- C:\Windows\System32\pt-PT\services.msc
[2010/04/13 23:30:04 | 000,092,750 | ---- | M] () MD5=D10CEC9EE745D47F175851A96897BA51 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_pt-pt_a4865af76b97245b\services.msc

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2006/11/02 04:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 02:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 02:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 02:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 02:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 04:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 04:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 02:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 183 bytes -> C:\ProgramData\TEMP:B0D4D817
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:0A73A758
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:BBE01348
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:25DB76AE

< End of report >


Thank you, VIlma
  • 0

#10
Essexboy
Posted 06 October 2012 - 07:37 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I see it now as one of the mountpoints references drive L

I wil clear those away, once done could you let me know what problems remain

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :OTL
O33 - MountPoints2\{47dc0a90-a2b5-11de-b0cf-0019d1601368}\Shell - "" = AutoRun
O33 - MountPoints2\{47dc0a90-a2b5-11de-b0cf-0019d1601368}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{86fd41c9-e4e5-11df-b91d-0019d1601368}\Shell - "" = AutoRun
O33 - MountPoints2\{86fd41c9-e4e5-11df-b91d-0019d1601368}\Shell\AutoRun\command - "" = G:\PhotoViewer.exe
O33 - MountPoints2\{dd8f4b50-1f8b-11de-854e-0019d1601368}\Shell - "" = AutoRun
O33 - MountPoints2\{dd8f4b50-1f8b-11de-854e-0019d1601368}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -a
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a

:Commands
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

Advertisements

#11
v.of.t.us
Posted 06 October 2012 - 11:12 PM

v.of.t.us

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
hmmm interesting the "l" drive is my external hard drive when I have it turned on and powered up, it also the drive my Acronis Backup is on.

After runniing the fix and rebooting I continue to experience the updates wanting to be installed once they have been installed along with the error in IE.

Here's my log:

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{47dc0a90-a2b5-11de-b0cf-0019d1601368}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47dc0a90-a2b5-11de-b0cf-0019d1601368}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{47dc0a90-a2b5-11de-b0cf-0019d1601368}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47dc0a90-a2b5-11de-b0cf-0019d1601368}\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{86fd41c9-e4e5-11df-b91d-0019d1601368}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86fd41c9-e4e5-11df-b91d-0019d1601368}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{86fd41c9-e4e5-11df-b91d-0019d1601368}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86fd41c9-e4e5-11df-b91d-0019d1601368}\ not found.
File G:\PhotoViewer.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd8f4b50-1f8b-11de-854e-0019d1601368}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd8f4b50-1f8b-11de-854e-0019d1601368}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd8f4b50-1f8b-11de-854e-0019d1601368}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd8f4b50-1f8b-11de-854e-0019d1601368}\ not found.
File M:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L\ not found.
File L:\LaunchU3.exe -a not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: IUSR_NMPR
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Vaughan's
->Temp folder emptied: 36987662973 bytes
->Temporary Internet Files folder emptied: 197591423 bytes
->Java cache emptied: 3117985 bytes
->Flash cache emptied: 177204 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 730207758 bytes
RecycleBin emptied: 742618 bytes

Total Files Cleaned = 36,163.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 10062012_234925

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\Windows\temp\logishrd\LVPrcInj04.dll not found!
File move failed. C:\Windows\temp\nmsmc_DQLWinService.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


Thank you Vilma
  • 0

#12
Essexboy
Posted 07 October 2012 - 04:55 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

After runniing the fix and rebooting I continue to experience the updates wanting to be installed once they have been installed along with the error in IE.


Reference the updates what KB number is referenced


Also, IE continues to display an information box as the home page, or while the yahoo page, loads. I don;t get the information boxes when I'm on the GTG page

Could you attach a screen shot of the warning
  • 0

#13
v.of.t.us
Posted 07 October 2012 - 06:04 AM

v.of.t.us

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
the OTL log I sent last night was not a quick scan log, my apologies, here it is.

The capture1 attachment is a "snip it" of my windows updates screen, note how the updates (same KB) continue to install each day, also, where I installed IE8. The other attachment (document1) has the version of IE running on my system, and the errors I am getting from IE.

Thank you so much for you help. Vilma


OTL logfile created on: 10/7/2012 12:13:49 AM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Vaughan's\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 41.54% Memory free
4.23 Gb Paging File | 2.84 Gb Available in Paging File | 67.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 281.79 Gb Total Space | 155.78 Gb Free Space | 55.28% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.84 Gb Free Space | 58.43% Space Free | Partition Type: NTFS

Computer Name: VAUGHANS-PC | User Name: Vaughan's | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/06 06:30:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Vaughan's\Desktop\OTL.exe
PRC - [2012/08/21 04:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/08/21 04:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/07/30 15:02:22 | 000,640,480 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2011/01/10 09:24:20 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/01/10 09:24:20 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/01/10 09:24:20 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/21 00:45:00 | 000,960,536 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2009/01/21 00:34:36 | 000,377,232 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009/01/21 00:34:26 | 000,618,936 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009/01/21 00:06:10 | 004,359,280 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2008/12/20 08:50:34 | 002,656,528 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008/12/20 08:46:58 | 000,558,864 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2008/12/16 22:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/01/19 02:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/09/04 14:52:08 | 000,095,536 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
PRC - [2007/02/08 00:16:24 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe
PRC - [2006/11/18 07:01:42 | 000,182,744 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
PRC - [2006/11/18 07:01:32 | 000,272,856 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
PRC - [2006/11/18 07:01:26 | 000,195,032 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
PRC - [2006/11/12 02:19:46 | 000,446,976 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2006/11/02 07:33:21 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
PRC - [2006/10/29 09:03:30 | 000,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
PRC - [2006/09/29 12:39:20 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/09/29 12:38:50 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2006/09/26 10:56:00 | 000,423,424 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
PRC - [2006/04/28 09:14:44 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/14 06:39:13 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\65f4d9a8fc295689d68109d0099b356b\System.Management.ni.dll
MOD - [2011/09/14 06:38:51 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9c6fe9d44d22834993e9aa23cc9dc272\System.Windows.Forms.ni.dll
MOD - [2011/09/14 06:38:34 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\64b4c60e1b2b417000db5d8c2828a53f\System.Drawing.ni.dll
MOD - [2011/09/14 06:38:33 | 011,801,088 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\cbca3ed989b8fc96e76f14602ad9c424\System.Web.ni.dll
MOD - [2011/09/14 06:38:25 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\4a2709dbba56d5df9d51d86e68af99ad\System.Runtime.Remoting.ni.dll
MOD - [2011/09/14 06:38:09 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f4e9769eaf42b9c2c0d795b1a99c3dbc\System.Xml.ni.dll
MOD - [2011/09/14 06:38:04 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\415e665ca509b2ed73569278ad57f043\System.Configuration.ni.dll
MOD - [2011/09/14 06:26:14 | 007,949,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b8e4a9556d3ddd49ec70aae0516c2007\System.ni.dll
MOD - [2011/09/14 06:26:06 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\894183c0c47bd4772fbfad4c1a7e3b71\mscorlib.ni.dll
MOD - [2010/09/10 21:20:51 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
MOD - [2009/01/18 16:50:02 | 000,417,792 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\AdobeXMP.dll
MOD - [2008/12/20 08:50:34 | 002,656,528 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
MOD - [2008/12/20 08:46:58 | 000,558,864 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2007/11/16 17:02:18 | 000,479,232 | R--- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\ccme_base.dll
MOD - [2007/11/16 17:02:18 | 000,401,408 | R--- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\cryptocme2.dll
MOD - [2006/10/24 23:44:00 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus®
SRV - [2012/09/21 07:00:40 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/21 04:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/01/10 09:24:20 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/01/10 09:24:20 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2009/09/07 11:45:34 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/01/21 00:34:26 | 000,618,936 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008/12/16 22:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2006/11/18 07:01:26 | 000,195,032 | ---- | M] (Intel® Corporation) [On_Demand | Running] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService)
SRV - [2006/11/18 07:00:48 | 000,550,872 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service)
SRV - [2006/11/18 07:00:06 | 000,174,552 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL)
SRV - [2006/11/18 06:59:38 | 000,081,880 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe -- (ISSM)
SRV - [2006/11/18 06:59:02 | 000,032,216 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server)
SRV - [2006/11/07 13:27:02 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/10/29 09:03:30 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2006/09/29 12:38:50 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DDMI2.sys -- (SDDMI2)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/08/21 04:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/08/21 04:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/08/21 04:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/08/21 04:13:14 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/08/21 04:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/08/21 04:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/01 03:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2009/02/12 19:25:22 | 000,971,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpm174.sys -- (tdrpman174)
DRV - [2009/02/12 19:25:16 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2009/02/12 19:25:16 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/02/12 19:25:14 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snman380.sys -- (snapman380)
DRV - [2008/12/17 01:01:42 | 006,364,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2008/12/17 01:01:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/12/17 01:00:12 | 000,768,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/12/16 22:58:54 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/01/18 23:25:05 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2007/10/11 20:59:12 | 001,920,920 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2007/04/09 06:57:52 | 000,005,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntelDH.sys -- (IntelDH)
DRV - [2007/02/08 20:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 20:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/02/08 00:16:26 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/11/18 07:01:08 | 000,018,904 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP)
DRV - [2006/10/26 16:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/10/26 16:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/10/26 16:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/10/26 16:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/10/26 16:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/10/26 16:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/10/26 16:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/26 16:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/10/24 23:53:08 | 002,068,992 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/10/19 15:49:48 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsunidr.sys -- (nmsunidr)
DRV - [2006/10/18 13:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/09/27 16:37:24 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsgopro.sys -- (nmsgopro)
DRV - [2006/08/17 15:43:52 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Program Files\DellSupport\Drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A88135E-B445-4749-BA63-5A5DA6B39EF8}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DKUS
IE - HKLM\..\SearchScopes\{6A88135E-B445-4749-BA63-5A5DA6B39EF8}: "URL" = http://search.yahoo....ferrer:source?}
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://wpad.wildblue.com/wpad.dat

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{6A88135E-B445-4749-BA63-5A5DA6B39EF8}: "URL" = http://search.yahoo....ferrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2009/09/18 09:06:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vaughan's\AppData\Roaming\Mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - Extension: No name found = C:\Users\Vaughan's\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\

O1 HOSTS File: ([2012/10/04 19:37:37 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel® Corporation)
O4 - HKLM..\Run: [ECenter] c:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [HPAIO_PrintFolderMgr] C:\Windows\system32\spool\DRIVERS\W32X86\hpoopm07.exe File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [NMSSupport] C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)
O4 - HKLM..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &Search - ?p=ZNxmk772MNUS File not found
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2010/11/15 20:18:55 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2010/11/15 20:18:55 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2010/11/15 20:18:55 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2010/11/15 20:18:55 | 000,000,000 | ---D | M]
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: wildblue.net ([myaccount] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 12.189.32.61
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45CE29D6-1893-4CDA-B1C9-B60078A6B1BB}: DhcpNameServer = 12.189.32.61
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Vaughan's\Pictures\zebra[1].jpg
O24 - Desktop BackupWallPaper: C:\Users\Vaughan's\Pictures\zebra[1].jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/06 06:30:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Vaughan's\Desktop\OTL.exe
[2012/10/05 07:10:57 | 000,000,000 | ---D | C] -- C:\Users\Vaughan's\Desktop\RK_Quarantine
[2012/10/04 20:09:17 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Vaughan's\Desktop\aswMBR.exe
[2012/10/04 19:37:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/03 06:59:19 | 000,355,632 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/10/03 06:59:19 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/10/03 06:59:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/10/03 06:59:10 | 000,729,752 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/10/03 06:59:10 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/10/03 06:59:10 | 000,035,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/10/03 06:59:09 | 000,058,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/10/03 06:58:18 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/10/03 06:57:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/10/03 06:57:54 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/10/01 20:14:04 | 000,000,000 | ---D | C] -- C:\Users\Vaughan's\Desktop\arches
[2012/09/27 06:38:30 | 000,000,000 | ---D | C] -- C:\bd262357ca8e37f92dfeeb266070

========== Files - Modified Within 30 Days ==========

[2012/10/07 00:09:06 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/07 00:05:34 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{30407CB6-FBC4-47DD-BA61-15B1A43B98AA}.job
[2012/10/06 23:59:17 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/06 23:57:47 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/06 23:57:33 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/06 23:57:33 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/06 23:57:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/06 12:08:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/10/06 06:30:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Vaughan's\Desktop\OTL.exe
[2012/10/06 06:24:23 | 000,002,633 | ---- | M] () -- C:\Users\Vaughan's\Desktop\Microsoft Office Outlook 2007.lnk
[2012/10/05 21:57:15 | 000,159,038 | ---- | M] () -- C:\Users\Vaughan's\Desktop\OTL scan error.pdf
[2012/10/05 07:10:05 | 001,422,336 | ---- | M] () -- C:\Users\Vaughan's\Desktop\RogueKiller.exe
[2012/10/04 20:09:20 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Vaughan's\Desktop\aswMBR.exe
[2012/10/04 19:37:37 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/10/03 21:13:14 | 000,002,627 | ---- | M] () -- C:\Users\Vaughan's\Desktop\Microsoft Office Word 2007.lnk
[2012/10/03 06:59:20 | 000,001,831 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/10/03 06:59:09 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt

========== Files Created - No Company Name ==========

[2012/10/05 21:57:15 | 000,159,038 | ---- | C] () -- C:\Users\Vaughan's\Desktop\OTL scan error.pdf
[2012/10/05 07:09:55 | 001,422,336 | ---- | C] () -- C:\Users\Vaughan's\Desktop\RogueKiller.exe
[2012/10/03 06:59:20 | 000,001,831 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2009/07/23 08:05:58 | 000,000,680 | ---- | C] () -- C:\Users\Vaughan's\AppData\Local\d3d9caps.dat
[2008/08/09 17:12:49 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/08/04 10:27:06 | 000,000,632 | RHS- | C] () -- C:\Users\Vaughan's\ntuser.pol
[2007/04/11 22:50:14 | 000,236,032 | ---- | C] () -- C:\Users\Vaughan's\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 07:53:06 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/04/11 01:28:24 | 011,584,000 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2009/09/06 07:31:35 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\Acronis
[2009/10/02 20:57:57 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\Advanced Audio Recorder
[2011/03/06 19:13:32 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\Catalina Marketing Corp
[2009/03/20 06:18:32 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/10/02 21:37:58 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\Dropbox
[2009/10/19 07:45:58 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\Gold Casual Games
[2009/11/07 12:26:31 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\GSplit
[2011/12/01 08:18:54 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\jdvoicemail
[2008/10/29 06:21:21 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\Leadertech
[2012/01/05 09:54:51 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\LimeWire
[2009/10/19 15:39:25 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\QuotePad
[2009/10/28 08:22:36 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\SecondLife
[2009/08/21 22:09:17 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\Ubisoft
[2009/09/23 09:23:13 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\w.bloggar
[2009/09/25 11:34:59 | 000,000,000 | ---D | M] -- C:\Users\Vaughan's\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 183 bytes -> C:\ProgramData\TEMP:B0D4D817
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:0A73A758
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:BBE01348
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:25DB76AE

< End of report >

Capture1.JPG

Attached File  Document1.pdf   880.28KB   132 downloads
  • 0

#14
Essexboy
Posted 07 October 2012 - 06:16 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK for the C++ error download and install the standalone package from here and install. Let me know of any errors that you receive

For IE Download and install IE9 from here again let me know of any errors received
  • 0

#15
v.of.t.us
Posted 07 October 2012 - 07:16 AM

v.of.t.us

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
I have downloaded and installed both. No errors. After IE 9 finished installing an IE window opened with the same error displaying. I thought it might be that I needed to reboot my system, which I did. The same errors are occuring, and the version continues to be IE7. "All programs" has only one IE program choice, a new Icon wasn't created. I didn't unhide any of the updates to check if they would install and go away. Oh, I forgot to mention, on the last OTL scan there were no errors, thank you. Vilma
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP