Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Can't access taskbar / switch applications [Closed]


  • This topic is locked This topic is locked

#1
ereinholdt

ereinholdt

    Member

  • Member
  • PipPip
  • 11 posts
Two main issues:
1) Internet Browser (Chrome) keeps paging back automatically without any input from me. Windows Explorer actually does this as well, going back one directory from the one I want to be in. This happens about 10 seconds or so after navigating to my target directory.

2) I'm having trouble switching between running applications by clicking on them in the taskbar. Often times the taskbar is unavailable for me to click on it. If I use the Task Manager (Ctl-Alt-Del) I'm able to regain access to any running applications or open windows, but only that allows me access to open applications.

Running XP Pro, 2002, SP3

Thanks for any help you can provide...
-Eric

OTL log:
OTL logfile created on: 8/5/2013 7:57:29 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Eric\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 57.76% Memory free
3.85 Gb Paging File | 3.11 Gb Available in Paging File | 80.84% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.42 Gb Total Space | 0.97 Gb Free Space | 1.30% Space Free | Partition Type: NTFS

Computer Name: EWR | User Name: Eric | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/05 07:44:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eric\My Documents\Downloads\OTL.com
PRC - [2013/07/29 12:14:22 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/07/24 20:49:49 | 000,846,288 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/05/24 20:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Eric\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/03/01 16:06:27 | 000,139,008 | ---- | M] () -- C:\WINDOWS\system32\xgchabgnd.exe
PRC - [2010/02/04 04:17:50 | 000,107,176 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark Z2400 Series\ezprint.exe
PRC - [2010/02/04 04:17:48 | 000,672,424 | ---- | M] () -- C:\Program Files\Lexmark Z2400 Series\lxdqmon.exe
PRC - [2009/07/08 03:53:36 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009/04/28 04:58:26 | 000,094,208 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdqserv.exe
PRC - [2008/04/23 03:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/26 11:57:28 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/02/22 16:29:24 | 002,572,288 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
PRC - [2008/02/22 13:43:38 | 001,245,184 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2008/02/22 13:40:20 | 000,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2008/02/22 11:04:42 | 002,938,184 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2008/01/22 21:13:08 | 000,288,072 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2008/01/09 11:38:44 | 000,288,072 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
PRC - [2007/12/05 21:07:38 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe
PRC - [2007/11/28 10:12:40 | 000,589,824 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdqcoms.exe
PRC - [2007/10/29 15:30:14 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2007/10/04 19:39:42 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2007/09/28 17:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/08/23 12:55:06 | 000,311,296 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
PRC - [2007/01/30 02:52:06 | 000,688,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2007/01/23 16:44:00 | 000,101,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.exe
PRC - [2007/01/12 04:12:18 | 000,244,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
PRC - [2007/01/12 04:09:28 | 000,488,984 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/24 20:49:46 | 000,396,240 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\28.0.1500.95\ppgooglenaclpluginchrome.dll
MOD - [2013/07/24 20:49:45 | 013,599,184 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll
MOD - [2013/07/24 20:49:44 | 004,052,944 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll
MOD - [2013/07/24 20:48:51 | 001,597,392 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\28.0.1500.95\ffmpegsumo.dll
MOD - [2013/03/13 16:48:52 | 024,978,944 | ---- | M] () -- C:\Documents and Settings\Eric\Application Data\Dropbox\bin\libcef.dll
MOD - [2012/11/29 17:59:32 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2012/11/13 19:32:50 | 003,558,400 | ---- | M] () -- C:\Documents and Settings\Eric\Application Data\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2011/03/01 16:06:27 | 000,139,008 | ---- | M] () -- C:\WINDOWS\system32\xgchabgnd.exe
MOD - [2010/02/04 04:17:48 | 000,672,424 | ---- | M] () -- C:\Program Files\Lexmark Z2400 Series\lxdqmon.exe
MOD - [2009/08/13 07:02:22 | 000,147,968 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdqdrpp.dll
MOD - [2009/08/12 00:02:47 | 000,167,936 | ---- | M] () -- C:\WINDOWS\system32\xrx_xslt.dll
MOD - [2009/08/12 00:02:46 | 000,909,312 | ---- | M] () -- C:\WINDOWS\system32\xrx_xml2.dll
MOD - [2009/08/12 00:02:44 | 000,434,176 | ---- | M] () -- C:\WINDOWS\system32\xipxmlsec.dll
MOD - [2009/08/12 00:02:42 | 000,303,104 | ---- | M] () -- C:\WINDOWS\system32\xiputil.dll
MOD - [2009/08/12 00:02:41 | 000,188,416 | ---- | M] () -- C:\WINDOWS\system32\xipsup.dll
MOD - [2009/08/12 00:02:40 | 000,008,192 | ---- | M] () -- C:\WINDOWS\system32\xiplibxml.dll
MOD - [2009/08/12 00:02:39 | 000,368,640 | ---- | M] () -- C:\WINDOWS\system32\xipinterp.dll
MOD - [2009/08/12 00:02:38 | 000,155,648 | ---- | M] () -- C:\WINDOWS\system32\xi.dll
MOD - [2009/08/12 00:02:37 | 000,155,648 | ---- | M] () -- C:\WINDOWS\system32\xesup.dll
MOD - [2009/08/12 00:02:35 | 003,284,992 | ---- | M] () -- C:\WINDOWS\system32\xeng.dll
MOD - [2009/08/12 00:02:34 | 001,417,216 | ---- | M] () -- C:\WINDOWS\system32\xeext.dll
MOD - [2009/08/12 00:02:33 | 000,172,032 | ---- | M] () -- C:\WINDOWS\system32\lcms.dll
MOD - [2009/08/12 00:02:30 | 000,241,664 | ---- | M] () -- C:\WINDOWS\system32\documentio.dll
MOD - [2009/08/12 00:02:29 | 000,077,824 | ---- | M] () -- C:\WINDOWS\system32\diotifffx.dll
MOD - [2009/07/13 18:37:04 | 000,152,112 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
MOD - [2009/07/13 18:37:04 | 000,098,304 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll
MOD - [2008/09/12 15:24:09 | 000,051,716 | ---- | M] () -- C:\WINDOWS\system32\pdf995mon.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/02/22 13:45:06 | 000,098,304 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll
MOD - [2007/10/09 05:17:44 | 000,139,264 | ---- | M] () -- C:\WINDOWS\system32\preflib.dll
MOD - [2007/10/09 05:17:36 | 000,753,664 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2007/08/08 16:55:30 | 000,364,544 | ---- | M] () -- C:\Program Files\Lexmark Z2400 Series\iptk.dll
MOD - [2007/07/23 16:04:46 | 000,068,080 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\dlaapi_w.dll
MOD - [2007/07/10 00:45:34 | 000,151,552 | ---- | M] () -- C:\Program Files\Lexmark Z2400 Series\lxdqptp.dll
MOD - [2005/10/13 13:53:36 | 000,090,223 | ---- | M] () -- C:\Program Files\Dell\QuickSet\preflibcl.dll
MOD - [2005/07/22 22:30:18 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\TosCommAPI.dll
MOD - [2001/07/31 10:17:12 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHealr.dll


========== Services (SafeList) ==========

SRV - [2013/07/29 12:14:22 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/06/12 11:46:41 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2009/10/23 13:31:44 | 000,401,920 | ---- | M] (Amazon.com) [On_Demand | Stopped] -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)
SRV - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/04/28 04:58:26 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdqserv.exe -- (lxdqCATSCustConnectService)
SRV - [2008/09/11 13:58:04 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008/02/22 13:40:20 | 000,475,136 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2007/11/28 10:12:40 | 000,589,824 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\system32\lxdqcoms.exe -- (lxdq_device)
SRV - [2007/09/28 17:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\WaveFDE.sys -- (WaveFDE)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2011/12/09 15:35:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)
DRV - [2011/12/09 15:35:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)
DRV - [2011/12/09 15:35:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)
DRV - [2011/12/09 15:35:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)
DRV - [2011/12/09 15:35:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)
DRV - [2009/10/07 04:49:50 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/10/07 04:49:38 | 006,756,632 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2009/10/07 04:47:55 | 000,266,008 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/07/07 15:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2009/07/07 15:48:44 | 000,025,392 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/06/15 20:35:02 | 000,985,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2008/06/15 20:35:00 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2008/06/15 20:35:00 | 000,210,688 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2008/04/01 15:22:34 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2008/04/01 15:22:30 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2008/04/01 15:22:28 | 000,074,240 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2008/04/01 15:22:26 | 000,064,128 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2008/04/01 15:22:26 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2008/04/01 15:22:24 | 000,131,712 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2008/04/01 15:22:22 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2007/12/05 21:07:36 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/11/28 17:18:24 | 000,062,208 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2007/10/09 05:17:42 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/07/23 16:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 16:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 16:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 16:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 16:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 16:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 16:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 16:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 15:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 15:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/07/17 20:46:12 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/17 20:46:10 | 000,056,832 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/17 20:46:08 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/17 15:16:36 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/07/16 17:29:44 | 000,020,504 | R--- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpfxfax.sys -- (HPFXFAX)
DRV - [2007/01/23 16:45:00 | 000,034,576 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/01/23 16:45:00 | 000,033,296 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080904
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co...?channel=us-smb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080904

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080904
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co...?channel=us-smb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co...?channel=us-smb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...F5-CF7038DC8F3E
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll (Amazon.com, Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Eric\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Java™ Platform SE 7 U4 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Docs = C:\Documents and Settings\Eric\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Eric\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Eric\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\Eric\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Documents and Settings\Eric\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Aimersoft Helper Compact.exe] C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [ECenter] C:\dell\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark Z2400 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe (Logitech Inc.)
O4 - HKLM..\Run: [lxdqmon.exe] C:\Program Files\Lexmark Z2400 Series\lxdqmon.exe ()
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [XeroxEndeavorBackgroundTask] C:\WINDOWS\System32\xgchabgnd.exe ()
O4 - HKLM..\Run: [XeroxScanUtility] C:\Program Files\Xerox\Scan_Utility\xrxzipui.exe (Xerox Corporation)
O4 - HKCU..\Run: [200F9819A9400929B2A9A341524FE82A7B3DF1F9._service_run] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\Eric\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Eric\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://kitchenplanne...yerAX_Win32.cab (20-20 3D Viewer)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1238673246421 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1354542456328 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 12.127.16.68 130.111.32.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6372476A-120E-484F-A033-AC9A840E28F6}: NameServer = 4.2.2.1,4.2.2.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE5A7EC9-EF68-4F10-805F-9DE81E700818}: DhcpNameServer = 208.67.222.222 12.127.16.68 130.111.32.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE5A7EC9-EF68-4F10-805F-9DE81E700818}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - http://remodelista.c.../asap-milan.jpg
O24 - Desktop Components:1 () - file:///C:/DOCUME~1/Eric/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.jpg
O24 - Desktop Components:2 () - http://remodelista.c...at 14.17.09.png
O24 - Desktop Components:3 () - file:///C:/DOCUME~1/Eric/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg
O24 - Desktop Components:4 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Eric\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Eric\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{ba6c2eb2-8da3-11de-9a6e-002186810d1e}\Shell\AutoRun\command - "" = F:\Setup_FlipShare.exe
O33 - MountPoints2\{ba6c2eb2-8da3-11de-9a6e-002186810d1e}\Shell\Setup FlipShare\command - "" = F:\Setup_FlipShare.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/05 07:26:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Eric\Start Menu\Programs\Administrative Tools
[2013/07/29 12:14:47 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/07/29 12:14:47 | 000,144,896 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/07/29 12:14:41 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/07/29 12:14:41 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/07/29 12:14:41 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/07/29 06:23:59 | 000,278,528 | ---- | C] (HP) -- C:\WINDOWS\System32\hpdj5100
[2013/07/08 09:18:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2013/07/08 09:02:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CamStudio 2.7
[2013/07/08 09:02:04 | 000,000,000 | ---D | C] -- C:\Program Files\CamStudio 2.7
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/08/05 07:45:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/08/05 07:44:25 | 000,445,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/08/05 07:44:25 | 000,072,978 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/08/05 07:42:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/05 07:40:12 | 000,162,812 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2013/08/05 07:40:12 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/08/05 07:40:01 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/05 07:40:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-378850062-1537319479-2186320372-1005.job
[2013/08/05 07:39:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/08/05 07:39:55 | 2145,521,664 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/05 06:56:30 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\Eric\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook 2007.lnk
[2013/08/04 11:12:38 | 000,004,517 | ---- | M] () -- C:\Documents and Settings\Eric\Application Data\CamStudio.cfg
[2013/08/04 11:12:38 | 000,000,408 | ---- | M] () -- C:\Documents and Settings\Eric\Application Data\CamShapes.ini
[2013/08/04 11:12:38 | 000,000,408 | ---- | M] () -- C:\Documents and Settings\Eric\Application Data\CamLayout.ini
[2013/08/04 11:12:38 | 000,000,096 | ---- | M] () -- C:\Documents and Settings\Eric\Application Data\Camdata.ini
[2013/08/04 11:12:23 | 000,013,312 | ---- | M] () -- C:\Documents and Settings\Eric\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/08/04 10:51:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2013/08/04 10:51:17 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2013/08/03 12:01:14 | 020,746,166 | ---- | M] () -- C:\Documents and Settings\Eric\Desktop\longhouseSUbkgrnd.skb
[2013/08/01 09:51:11 | 000,012,292 | -H-- | M] () -- C:\Documents and Settings\All Users\Documents\.DS_Store
[2013/07/31 09:31:22 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\Eric\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2013/07/30 20:28:44 | 000,198,592 | ---- | M] () -- C:\Documents and Settings\Eric\Desktop\longbarn_floorplan2.jpg
[2013/07/30 20:27:23 | 000,224,067 | ---- | M] () -- C:\Documents and Settings\Eric\Desktop\longbarn_floorplan1.jpg
[2013/07/30 20:21:51 | 000,726,236 | ---- | M] () -- C:\Documents and Settings\Eric\Desktop\longbarn_elev_image2.jpg
[2013/07/30 20:21:02 | 000,709,451 | ---- | M] () -- C:\Documents and Settings\Eric\Desktop\longbarn_elev_image1.jpg
[2013/07/30 20:09:49 | 000,368,426 | ---- | M] () -- C:\Documents and Settings\Eric\Desktop\longbarn_elev2.pdf
[2013/07/30 20:09:37 | 000,306,619 | ---- | M] () -- C:\Documents and Settings\Eric\Desktop\longbarn_elev1.pdf
[2013/07/30 17:02:14 | 000,109,196 | ---- | M] () -- C:\Documents and Settings\Eric\Desktop\longbarn_floorplans1.pdf
[2013/07/30 17:01:42 | 000,043,481 | ---- | M] () -- C:\Documents and Settings\Eric\Desktop\longbarn_floorplans2.pdf
[2013/07/29 12:14:24 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/07/29 12:14:20 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/07/29 12:14:20 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/07/29 12:14:20 | 000,144,896 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/07/29 12:14:19 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2013/07/29 12:14:19 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013/07/29 12:14:19 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/07/29 09:16:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-378850062-1537319479-2186320372-1005.job
[2013/07/29 06:24:40 | 000,002,339 | ---- | M] () -- C:\WINDOWS\sounder.his
[2013/07/29 06:24:06 | 000,028,748 | ---- | M] () -- C:\WINDOWS\hpdj5100.his
[2013/07/29 06:24:06 | 000,004,626 | ---- | M] () -- C:\WINDOWS\hpdj5100.ini
[2013/07/29 06:02:56 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/07/20 16:16:46 | 000,038,372 | ---- | M] () -- C:\Documents and Settings\Eric\Desktop\tob_barn.jpg
[2013/07/20 16:06:44 | 000,375,833 | ---- | M] () -- C:\Documents and Settings\Eric\Desktop\tob_wall.jpg
[2013/07/20 16:04:29 | 000,239,224 | ---- | M] () -- C:\Documents and Settings\Eric\Desktop\tob_waall.jpg
[2013/07/20 15:52:45 | 000,282,874 | ---- | M] () -- C:\Documents and Settings\Eric\Desktop\longbarn_elev_images.jpg
[2013/07/20 15:52:01 | 000,325,408 | ---- | M] () -- C:\Documents and Settings\Eric\Desktop\longbarn_floorplan_images.jpg
[2013/07/17 13:52:05 | 000,193,398 | ---- | M] () -- C:\Documents and Settings\Eric\Desktop\longhouse_dogtrot_elev3.jpg
[2013/07/14 17:18:29 | 000,638,176 | ---- | M] () -- C:\Documents and Settings\Eric\Desktop\podcastarchitect_splash.psd
[2013/07/14 17:07:34 | 000,126,304 | ---- | M] () -- C:\Documents and Settings\Eric\Desktop\podcastarchitect_splash.jpg
[2013/07/08 10:03:20 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CamStudio.lnk
[2013/07/08 09:28:13 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\Eric\Application Data\Microsoft\Internet Explorer\Quick Launch\CamStudio.lnk
[2013/07/08 09:19:13 | 000,000,000 | ---- | M] () -- C:\END
[2013/07/06 08:06:46 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\Eric\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/08/03 12:01:09 | 020,746,166 | ---- | C] () -- C:\Documents and Settings\Eric\Desktop\longhouseSUbkgrnd.skb
[2013/07/30 20:28:41 | 000,198,592 | ---- | C] () -- C:\Documents and Settings\Eric\Desktop\longbarn_floorplan2.jpg
[2013/07/30 20:27:13 | 000,224,067 | ---- | C] () -- C:\Documents and Settings\Eric\Desktop\longbarn_floorplan1.jpg
[2013/07/30 20:21:49 | 000,726,236 | ---- | C] () -- C:\Documents and Settings\Eric\Desktop\longbarn_elev_image2.jpg
[2013/07/30 20:20:58 | 000,709,451 | ---- | C] () -- C:\Documents and Settings\Eric\Desktop\longbarn_elev_image1.jpg
[2013/07/30 20:09:49 | 000,368,426 | ---- | C] () -- C:\Documents and Settings\Eric\Desktop\longbarn_elev2.pdf
[2013/07/30 20:09:37 | 000,306,619 | ---- | C] () -- C:\Documents and Settings\Eric\Desktop\longbarn_elev1.pdf
[2013/07/30 17:00:15 | 000,043,481 | ---- | C] () -- C:\Documents and Settings\Eric\Desktop\longbarn_floorplans2.pdf
[2013/07/30 16:50:42 | 000,109,196 | ---- | C] () -- C:\Documents and Settings\Eric\Desktop\longbarn_floorplans1.pdf
[2013/07/29 06:23:21 | 000,159,736 | ---- | C] () -- C:\WINDOWS\hpdj5100.hi1
[2013/07/29 06:23:21 | 000,007,538 | ---- | C] () -- C:\WINDOWS\hpdj5100.bu1
[2013/07/20 16:16:45 | 000,038,372 | ---- | C] () -- C:\Documents and Settings\Eric\Desktop\tob_barn.jpg
[2013/07/20 16:06:42 | 000,375,833 | ---- | C] () -- C:\Documents and Settings\Eric\Desktop\tob_wall.jpg
[2013/07/20 16:04:29 | 000,239,224 | ---- | C] () -- C:\Documents and Settings\Eric\Desktop\tob_waall.jpg
[2013/07/20 15:52:45 | 000,282,874 | ---- | C] () -- C:\Documents and Settings\Eric\Desktop\longbarn_elev_images.jpg
[2013/07/20 15:52:00 | 000,325,408 | ---- | C] () -- C:\Documents and Settings\Eric\Desktop\longbarn_floorplan_images.jpg
[2013/07/17 13:52:05 | 000,193,398 | ---- | C] () -- C:\Documents and Settings\Eric\Desktop\longhouse_dogtrot_elev3.jpg
[2013/07/14 16:46:32 | 000,126,304 | ---- | C] () -- C:\Documents and Settings\Eric\Desktop\podcastarchitect_splash.jpg
[2013/07/14 15:44:37 | 000,638,176 | ---- | C] () -- C:\Documents and Settings\Eric\Desktop\podcastarchitect_splash.psd
[2013/07/08 09:28:13 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\Eric\Application Data\Microsoft\Internet Explorer\Quick Launch\CamStudio.lnk
[2013/07/08 09:19:13 | 000,000,000 | ---- | C] () -- C:\END
[2013/07/08 09:18:25 | 000,004,517 | ---- | C] () -- C:\Documents and Settings\Eric\Application Data\CamStudio.cfg
[2013/07/08 09:18:25 | 000,000,408 | ---- | C] () -- C:\Documents and Settings\Eric\Application Data\CamShapes.ini
[2013/07/08 09:18:25 | 000,000,408 | ---- | C] () -- C:\Documents and Settings\Eric\Application Data\CamLayout.ini
[2013/07/08 09:18:25 | 000,000,096 | ---- | C] () -- C:\Documents and Settings\Eric\Application Data\Camdata.ini
[2013/07/08 09:02:07 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CamStudio.lnk
[2013/06/12 08:00:11 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdqvs.dll
[2013/06/12 08:00:09 | 000,409,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdqcoin.dll
[2013/06/12 07:59:33 | 001,101,824 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdqserv.dll
[2013/06/12 07:59:33 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdqcomc.dll
[2013/06/12 07:59:33 | 000,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdqusb1.dll
[2013/06/12 07:59:33 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdqhbn3.dll
[2013/06/12 07:59:33 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdqpmui.dll
[2013/06/12 07:59:33 | 000,589,824 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdqcoms.exe
[2013/06/12 07:59:33 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdqlmpm.dll
[2013/06/12 07:59:33 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDQhcp.dll
[2013/06/12 07:59:33 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdqcomm.dll
[2013/06/12 07:59:33 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdqinpa.dll
[2013/06/12 07:59:33 | 000,360,448 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdqcfg.exe
[2013/06/12 07:59:33 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\LXDQinst.dll
[2013/06/12 07:59:33 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdqiesc.dll
[2013/06/12 07:59:33 | 000,315,392 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdqih.exe
[2013/06/12 07:59:33 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdqgrd.dll
[2013/06/12 07:59:33 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdqprox.dll
[2013/06/03 14:30:41 | 000,000,088 | ---- | C] () -- C:\Documents and Settings\Eric\.c79792229cdae4d8fe4e261fc4d6976b.key
[2013/06/03 14:30:38 | 000,000,088 | ---- | C] () -- C:\Documents and Settings\Eric\.95d691779473f3e03bc4b4e56319d74c.key
[2013/05/29 08:47:16 | 000,009,378 | ---- | C] () -- C:\Documents and Settings\Eric\Application Data\Comma Separated Values (Windows).EML
[2012/12/03 09:54:39 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/09/24 09:35:48 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\xrx_xslt.dll
[2012/09/24 09:35:48 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xrx_exslt.dll
[2012/09/24 09:35:47 | 000,909,312 | ---- | C] () -- C:\WINDOWS\System32\xrx_xml2.dll
[2012/09/24 09:35:47 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\xipxmlsec.dll
[2012/09/24 09:35:47 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\xiputil.dll
[2012/09/24 09:35:47 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xi.dll
[2012/09/24 09:35:47 | 000,025,088 | R--- | C] () -- C:\WINDOWS\System32\xipxml.dll
[2012/09/24 09:35:47 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\xiplibxml.dll
[2012/09/24 09:35:46 | 003,284,992 | ---- | C] () -- C:\WINDOWS\System32\xeng.dll
[2012/09/24 09:35:46 | 001,417,216 | ---- | C] () -- C:\WINDOWS\System32\xeext.dll
[2012/09/24 09:35:46 | 000,368,640 | ---- | C] () -- C:\WINDOWS\System32\xipinterp.dll
[2012/09/24 09:35:46 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\xipsup.dll
[2012/09/24 09:35:46 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xesup.dll
[2012/09/24 09:35:45 | 000,831,488 | R--- | C] () -- C:\WINDOWS\System32\xlibeay.dll
[2012/09/24 09:35:45 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\documentio.dll
[2012/09/24 09:35:45 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\lcms.dll
[2012/09/24 09:35:45 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\diotifffx.dll
[2012/09/24 09:35:44 | 000,139,008 | ---- | C] () -- C:\WINDOWS\System32\xgchabgnd.exe
[2011/11/10 08:42:14 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2011/11/10 08:41:57 | 000,040,129 | ---- | C] () -- C:\WINDOWS\iccsigs.dat
[2011/09/15 08:49:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ui.INI
[2010/06/22 13:52:58 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\Eric\Local Settings\Application Data\DonationCoder_desktopcoral_InstallInfo.dat
[2009/12/16 18:16:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Eric\settings.dat
[2009/06/30 17:28:05 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2009/04/02 09:19:18 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Eric\SendTo.mydocs
[2008/09/26 15:47:16 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Eric\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/11 13:35:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Eric\Local Settings\Application Data\WavXMapDrive.bat

========== ZeroAccess Check ==========

[2004/08/11 18:21:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012/08/30 16:29:36 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2008/04/13 20:11:53 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/05/30 17:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2011/01/24 13:44:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Amazon
[2013/06/17 08:32:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask
[2008/09/14 18:14:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2010/06/22 13:52:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DonationCoder
[2011/06/09 12:26:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2012/10/03 13:11:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Guitar Pro 6
[2008/12/11 14:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Laplink
[2013/07/30 17:02:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2008/12/11 14:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spearit
[2013/01/24 08:45:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2009/12/16 16:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/08/12 18:13:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2011/09/07 12:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZipSE
[2012/09/24 09:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Xerox
[2010/08/08 09:18:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/02 14:40:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2012/06/04 08:02:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\Amazon
[2010/02/15 17:17:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\Autodesk
[2011/08/03 16:06:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\Canon
[2012/06/04 08:11:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\com.amazon.music.uploader
[2013/06/03 14:30:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\com.longtailpro.LongTailPro
[2010/06/22 13:52:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\DonationCoder
[2013/08/05 07:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\Dropbox
[2008/12/23 17:18:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\Eltima Software
[2010/06/28 20:44:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\eMachineShop
[2013/07/17 19:13:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\FileZilla
[2010/09/14 08:53:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\Leadertech
[2009/10/09 09:29:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\OpenOffice.org
[2012/05/23 16:12:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\Oracle
[2009/06/02 11:23:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\pdf995
[2010/06/15 10:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\PGP
[2010/06/08 21:15:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\Quicken WillMaker
[2012/02/17 09:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\REAPER
[2009/08/18 13:19:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\Softplicity
[2008/12/11 14:26:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\Spearit
[2013/01/24 08:50:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\TaxCut
[2008/09/04 05:10:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\Wave Systems Corp
[2012/05/23 16:10:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\WDC
[2012/09/24 09:35:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eric\Application Data\Xerox

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 160 bytes -> C:\Documents and Settings\Eric\Desktop\01649_silhouet_1440x900.jpg:com.dropbox.attributes

< End of report >
  • 0

Advertisements


#2
crooleeck

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts
Hi ereinholdt and welcome at GeekstoGo!

I'm crooleeck and I'll try to help you. But first please notice that I'm not limitless, I'm not familiar with all software, I don't know everything. However, it has taken me years to learn what I know. I would be glad to help you.

Fight against malware is NOT instantaneous, most infections require several courses of action to completely eradicate. It's also time-consuming, so be patient! We all like to know final result, so if you have since resolved the issues you were originally experiencing, or have received help elsewhere, please post.

Note:
  • Please watch this topic.
  • Do exactly - step by step - what I wish for. Don't be afraid! If there's anything you don't understand, stop and ask!
  • Please don't run unsupervised tools or fix on your own without my direction - it can be dangerous.

Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them. Just keep in mind that you get the advantage as you have 2 people examining your issue.

I'll post instruction as fast I can. Middle time please post:
C:\Documents and Settings\Eric\My Documents\Downloads\Extras.txt content

Step 2:
  • Download aswMBR to your desktop.
  • Double click the aswMBR.exe to run it.
  • Agreed to update.
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply

    Posted Image

  • 0

#3
ereinholdt

ereinholdt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Thanks again for looking into this, much appreciated! I'm downloading and running the scan, in the meantime, here's the extras.txt file:

OTL Extras logfile created on: 8/5/2013 7:48:56 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Eric\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 57.44% Memory free
3.85 Gb Paging File | 3.09 Gb Available in Paging File | 80.43% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.42 Gb Total Space | 0.97 Gb Free Space | 1.30% Space Free | Partition Type: NTFS

Computer Name: EWR | User Name: Eric | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
"C:\Program Files\Google\Google SketchUp 6\SketchUp.exe" = C:\Program Files\Google\Google SketchUp 6\SketchUp.exe:*:Enabled:SketchUp Application -- (Google, Inc.)
"C:\Program Files\Laplink\PCmover\PCmover.exe" = C:\Program Files\Laplink\PCmover\PCmover.exe:*:Enabled:PCmover
"C:\Program Files\Eltima Software\SWF & FLV Player\swf_player.exe" = C:\Program Files\Eltima Software\SWF & FLV Player\swf_player.exe:*:Enabled:SWF & FLV Movie player
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Documents and Settings\Eric\Local Settings\Temp\lxdq\wireless\lxdqwpss.exe" = C:\Documents and Settings\Eric\Local Settings\Temp\lxdq\wireless\lxdqwpss.exe:*:Enabled:
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Documents and Settings\Eric\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Eric\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth
"C:\WINDOWS\twain_32\L12U16U2\SrvMod.exe" = C:\WINDOWS\twain_32\L12U16U2\SrvMod.exe:*:Disabled:SrvMod
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Documents and Settings\Eric\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Eric\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Documents and Settings\Eric\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\Eric\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Disabled:Octoshape add-in for Adobe Flash Player
"C:\Program Files\Common Files\Apple\Windows Migration Assistant\MigrationAssistant.exe" = C:\Program Files\Common Files\Apple\Windows Migration Assistant\MigrationAssistant.exe:*:Enabled:Migration Assistant -- (Apple Inc.)
"C:\Documents and Settings\Eric\Application Data\Spotify\spotify.exe" = C:\Documents and Settings\Eric\Application Data\Spotify\spotify.exe:*:Enabled:Spotify
"C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe" = C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe:*:Enabled:Adobe Photoshop -- (Adobe Systems, Incorporated)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\system32\lxdqcoms.exe" = C:\WINDOWS\system32\lxdqcoms.exe:*:Enabled:Z2400 Series Server -- ( )
"C:\WINDOWS\system32\lxdqcfg.exe" = C:\WINDOWS\system32\lxdqcfg.exe:*:Enabled:Printer Communication System -- ( )
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdqpswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdqpswx.exe:*:Enabled:Printer Status Window Interface -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdqtime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdqtime.exe:*:Enabled:Lexmark Connect Time Executable -- (Lexmark International, Inc.)
"C:\Program Files\Lexmark Z2400 Series\lxdqmon.exe" = C:\Program Files\Lexmark Z2400 Series\lxdqmon.exe:*:Enabled:Printer Device Monitor -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdqjswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdqjswx.exe:*:Enabled:Job Status Window Interface -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdqwbgw.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdqwbgw.exe:*:Enabled:Lexmark Web Gateway -- ()
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" = C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service -- (Cisco Systems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{0412CCFF-BFAC-83D8-44FB-3BE60F05FCF8}" = Amazon MP3 Uploader
"{04B83666-3A62-452B-85D3-70F8117F2329}_is1" = CamStudio version 2.7
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{10964A8F-21C1-45EA-BC2D-F84B505C3848}" = H&R Block Deluxe + Efile + State 2010
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{11E568E0-3244-4BCB-875E-F334269DFDCB}" = iTunes
"{12E75B98-8463-4C1F-8DDA-F6CF31566A55}" = Google SketchUp Pro 6
"{1554D079-F1ED-43B5-98AB-8EC2D1BF17C8}" = H&R Block Maine 2009
"{177D1318-3E4B-4A7C-A300-AC4E21BE090B}" = Broadcom Management Programs
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{25368463-57FD-4603-A514-2EC22D92C984}" = H&R Block Maine 2010
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{294EAADF-E50F-4DD8-AD8D-19587EA10512}" = Modem Diagnostic Tool
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53A19323-917A-4822-B27E-A57D1EF6E9FC}" = H&R Block Deluxe + Efile + State 2009
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5783F2D7-6009-0409-0002-0060B0CE6BBA}" = AutoCAD LT 2008 - English
"{58E4D8CB-F90F-4EAF-9306-726C529513FD}" = 32 Bit HP CIO Components Installer
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89D20029-0578-4D8D-979A-695C8D868868}" = H&R Block Deluxe + Efile + State 2012
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97F4D62E-5AEB-4649-BABF-4712C6EF6845}" = DeductionPro 2009
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D210D79-AEC5-453B-960C-4DD2C73931E1}" = Bonjour Print Services
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A1FD2949-2D77-4951-8E57-656FE9798F70}" = H&R Block Maine 2012
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{BD202930-5F70-4B35-B875-1E28604F328D}" = Logitech Communications Manager
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C12D609B-EB71-411B-82C3-9BE6D40435D7}" = Google SketchUp LayOut 6
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C6006AED-E5A7-4F77-BAD5-95AC43DE04F3}" = H&R Block Deluxe + Efile + State 2011
"{C89C8D86-4423-4A58-AA40-DD259ACE07C1}" = KhalSetup
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CA675D92-CA27-413C-838D-02A8201E6815}" = H&R Block Maine 2011
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D8BC400A-9D14-468B-A674-1D76A987AAFC}" = Windows Migration Assistant
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E5D52570-5EF1-4576-A434-6CCD92268F0F}" = Google SketchUp 7
"{EB459C2F-41CA-4222-B9CA-F8EBA40B8DAB}" = Google SketchUp 6 Exporters
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.1.0 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0.1" = Adobe Photoshop 7.0.1
"Amazon Games & Software Downloader_is1" = Amazon Games & Software Downloader
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17
"AutoCAD LT 2008 - English" = AutoCAD LT 2008 - English
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"camcodec" = CamStudio Lossless Codec v1.5
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"com.amazon.music.uploader" = Amazon MP3 Uploader
"EPSON Printer and Utilities" = EPSON Printer Software
"FileZilla Client" = FileZilla Client 3.6.0.2
"Google Chrome" = Google Chrome
"Lexmark Z2400 Series" = Lexmark Z2400 Series
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Network MagicUninstall" = Network Magic
"NVIDIA Drivers" = NVIDIA Drivers
"Pdf995" = Pdf995
"Picasa 3" = Picasa 3
"Quicken WillMaker Plus 2010" = Quicken WillMaker Plus 2010
"SearchAssist" = SearchAssist
"STANDARDR" = Microsoft Office Standard 2007
"SynTPDeinstKey" = Dell Touchpad
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"WinZip Self-Extractor" = WinZip Self-Extractor
"Xvid Video Codec 1.3.1" = Xvid Video Codec
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/4/2013 4:11:17 PM | Computer Name = EWR | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 27547

Error - 8/4/2013 4:11:18 PM | Computer Name = EWR | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/4/2013 4:11:18 PM | Computer Name = EWR | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 29500

Error - 8/4/2013 4:11:18 PM | Computer Name = EWR | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 29500

Error - 8/4/2013 4:11:20 PM | Computer Name = EWR | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/4/2013 4:11:20 PM | Computer Name = EWR | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 31500

Error - 8/4/2013 4:11:20 PM | Computer Name = EWR | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 31500

Error - 8/5/2013 6:56:02 AM | Computer Name = EWR | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 8/5/2013 7:41:11 AM | Computer Name = EWR | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 8/5/2013 7:42:08 AM | Computer Name = EWR | Source = MsiInstaller | ID = 11706
Description = Product: Adobe Acrobat 7.0 Professional -- Error 1706.No valid source
could be found for product Adobe Acrobat 7.0 Professional. The Windows Installer
cannot continue.

[ OSession Events ]
Error - 1/23/2012 6:47:24 PM | Computer Name = EWR | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 388
seconds with 60 seconds of active time. This session ended with a crash.

Error - 1/31/2012 6:32:02 PM | Computer Name = EWR | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 42
seconds with 0 seconds of active time. This session ended with a crash.

Error - 3/12/2012 8:10:44 AM | Computer Name = EWR | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 71949
seconds with 300 seconds of active time. This session ended with a crash.

Error - 7/11/2012 9:59:46 AM | Computer Name = EWR | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 609
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/20/2012 2:02:34 PM | Computer Name = EWR | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 282567
seconds with 5940 seconds of active time. This session ended with a crash.

Error - 8/27/2012 10:53:41 AM | Computer Name = EWR | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 5670
seconds with 1680 seconds of active time. This session ended with a crash.

Error - 10/4/2012 11:25:40 AM | Computer Name = EWR | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 181349
seconds with 9060 seconds of active time. This session ended with a crash.

Error - 3/1/2013 9:35:52 AM | Computer Name = EWR | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3313
seconds with 720 seconds of active time. This session ended with a crash.

Error - 3/1/2013 9:39:51 AM | Computer Name = EWR | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 113
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/11/2013 9:53:28 AM | Computer Name = EWR | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 60804
seconds with 180 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 8/3/2013 11:03:34 AM | Computer Name = EWR | Source = Print | ID = 6161
Description = The document 30X40BUSCARDs.psd owned by Eric failed to print on printer
Lexmark Z2400 Series. Data type: RAW. Size of the spool file in bytes: 6548492.
Number of bytes printed: 0. Total number of pages in the document: 1. Number of
pages printed: 0. Client machine: \\EWR. Win32 error code returned by the print
processor: 0 (0x0).

Error - 8/5/2013 6:42:28 AM | Computer Name = EWR | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 8/5/2013 6:42:28 AM | Computer Name = EWR | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 8/5/2013 6:42:28 AM | Computer Name = EWR | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 8/5/2013 6:42:28 AM | Computer Name = EWR | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 8/5/2013 6:42:28 AM | Computer Name = EWR | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 8/5/2013 6:43:35 AM | Computer Name = EWR | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 8/5/2013 6:43:35 AM | Computer Name = EWR | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 8/5/2013 6:43:38 AM | Computer Name = EWR | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 8/5/2013 6:43:38 AM | Computer Name = EWR | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.


< End of report >
  • 0

#4
ereinholdt

ereinholdt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Here's the aswMBR log:

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-08-05 11:34:06
-----------------------------
11:34:06.250 OS Version: Windows 5.1.2600 Service Pack 3
11:34:06.250 Number of processors: 2 586 0x1706
11:34:06.250 ComputerName: EWR UserName:
11:34:06.968 Initialize success
11:51:40.359 AVAST engine defs: 13080500
11:51:49.562 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
11:51:49.562 Disk 0 Vendor: Hitachi_HTS722080K9A300 DCBOCA1H Size: 76319MB BusType: 3
11:51:49.671 Disk 0 MBR read successfully
11:51:49.671 Disk 0 MBR scan
11:51:49.718 Disk 0 Windows XP default MBR code
11:51:49.718 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 101 MB offset 63
11:51:49.734 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76206 MB offset 208845
11:51:49.734 Disk 0 scanning sectors +156280320
11:51:49.796 Disk 0 scanning C:\WINDOWS\system32\drivers
11:52:03.593 Service scanning
11:52:23.140 Modules scanning
11:52:44.500 Disk 0 trace - called modules:
11:52:44.531 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
11:52:44.593 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a892ab8]
11:52:44.593 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8a899940]
11:52:45.734 AVAST engine scan C:\WINDOWS
11:52:54.046 AVAST engine scan C:\WINDOWS\system32
11:55:50.250 AVAST engine scan C:\WINDOWS\system32\drivers
11:56:05.421 AVAST engine scan C:\Documents and Settings\Eric
12:08:33.062 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Eric\Desktop\MBR.dat"
12:08:33.062 The log file has been saved successfully to "C:\Documents and Settings\Eric\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-08-05 11:34:06
-----------------------------
11:34:06.250 OS Version: Windows 5.1.2600 Service Pack 3
11:34:06.250 Number of processors: 2 586 0x1706
11:34:06.250 ComputerName: EWR UserName:
11:34:06.968 Initialize success
11:51:40.359 AVAST engine defs: 13080500
11:51:49.562 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
11:51:49.562 Disk 0 Vendor: Hitachi_HTS722080K9A300 DCBOCA1H Size: 76319MB BusType: 3
11:51:49.671 Disk 0 MBR read successfully
11:51:49.671 Disk 0 MBR scan
11:51:49.718 Disk 0 Windows XP default MBR code
11:51:49.718 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 101 MB offset 63
11:51:49.734 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76206 MB offset 208845
11:51:49.734 Disk 0 scanning sectors +156280320
11:51:49.796 Disk 0 scanning C:\WINDOWS\system32\drivers
11:52:03.593 Service scanning
11:52:23.140 Modules scanning
11:52:44.500 Disk 0 trace - called modules:
11:52:44.531 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
11:52:44.593 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a892ab8]
11:52:44.593 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8a899940]
11:52:45.734 AVAST engine scan C:\WINDOWS
11:52:54.046 AVAST engine scan C:\WINDOWS\system32
11:55:50.250 AVAST engine scan C:\WINDOWS\system32\drivers
11:56:05.421 AVAST engine scan C:\Documents and Settings\Eric
12:08:33.062 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Eric\Desktop\MBR.dat"
12:08:33.062 The log file has been saved successfully to "C:\Documents and Settings\Eric\Desktop\aswMBR.txt"
12:34:02.843 AVAST engine scan C:\Documents and Settings\All Users
12:36:30.093 Scan finished successfully
12:36:37.546 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Eric\Desktop\MBR.dat"
12:36:37.546 The log file has been saved successfully to "C:\Documents and Settings\Eric\Desktop\aswMBR.txt"
  • 0

#5
crooleeck

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts
Step 1:
OTL fix:
Please copy following script:

:otl
MOD - [2011/03/01 16:06:27 | 000,139,008 | ---- | M] () -- C:\WINDOWS\system32\xgchabgnd.exe
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...F5-CF7038DC8F3E
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [Aimersoft Helper Compact.exe] C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe File not found
O4 - HKCU..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk = File not found
O24 - Desktop Components:0 () - http://remodelista.c.../asap-milan.jpg
O24 - Desktop Components:1 () - file:///C:/DOCUME~1/Eric/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.jpg
O24 - Desktop Components:2 () - http://remodelista.c...%2014.17.09.png
O24 - Desktop Components:3 () - file:///C:/DOCUME~1/Eric/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg
O24 - Desktop Components:4 (My Current Home Page) - About:Home

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"200F9819A9400929B2A9A341524FE82A7B3DF1F9._service_run"=-

:files
ipconfig /flushdns /C
nslookup time.windows.com /C

:commands
[CLEARALLRESTOREPOINTS]
[emptytemp]


Run OTL, under Custom Scan/Fixes paste it. Close all windows without OTL and hit Run Fix button. Please agreed for restart. After computer starts, OTL will display removing log, please post it.

Step 2:
Please try to make more free space on C drive. Windows needs at least 20% free space on system drive. If you have photos or movies, please transfer them to another disk or burn on DVD. We need to at least three DVDs or move 15GB.

Step 3:
Download AdwCleaner to your desktop.
  • run AdwCleaner and select Delete
  • when it has finished it will ask to reboot - allow the reboot
  • on reboot a log will be shown, please copy content and post in next replay

  • 0

#6
ereinholdt

ereinholdt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Still doing it unfortunately: hard to get these replies in before it automatically backs me out:
STEP 1:

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Aimersoft Helper Compact.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\RocketDock deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk moved successfully.
C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe moved successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk moved successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0\ deleted successfully.
File http://remodelista.c.../asap-milan.jpg not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1\ deleted successfully.
File file:///C:/DOCUME~1/Eric/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.jpg not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2\ deleted successfully.
File http://remodelista.c...%2014.17.09.png not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\3\ deleted successfully.
File file:///C:/DOCUME~1/Eric/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\4\ deleted successfully.
File About:Home not found.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\200F9819A9400929B2A9A341524FE82A7B3DF1F9._service_run deleted successfully.
========== FILES ==========
< ipconfig /flushdns /C >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Eric\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Eric\My Documents\Downloads\cmd.txt deleted successfully.
< nslookup time.windows.com /C >
DNS request timed out.
timeout was 2 seconds.
Server: b.resolvers.Level3.net
Address: 4.2.2.2
DNS request timed out.
timeout was 2 seconds.
Name: time.microsoft.akadns.net
Address: 65.55.56.206
Aliases: time.windows.com
C:\Documents and Settings\Eric\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Eric\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: All Users

User: Default User
->Temp folder emptied: 49152 bytes
->Temporary Internet Files folder emptied: 43921 bytes
->Flash cache emptied: 57472 bytes

User: Eric
->Temp folder emptied: 344217993 bytes
->Temporary Internet Files folder emptied: 332673393 bytes
->Java cache emptied: 23170948 bytes
->Google Chrome cache emptied: 116907459 bytes
->Flash cache emptied: 472474 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Google Chrome cache emptied: 1642864 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 6471046 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 39138 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 70264431 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 42667963 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 895.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 08052013_175012

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

STEP 2: Done.
STEP 3: ADW Cleaner log:
# AdwCleaner v2.306 - Logfile created 08/05/2013 at 17:59:21
# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Eric - EWR
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Eric\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\END
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : HKLM\Software\TENCENT
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v6.0.2900.5512

[OK] Registry is clean.

-\\ Google Chrome v28.0.1500.95

File : C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Documents and Settings\Eric\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [3053 octets] - [05/08/2013 17:59:21]

########## EOF - C:\AdwCleaner[S1].txt - [3113 octets] ##########
  • 0

#7
crooleeck

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts
OK, I need ask you for one more log.

If you use Internet Explorer, please download by clicking on this link Silent Runner's save it to your Desktop

If you use FireFox right-click on the above link and choose "Save Link As" and save it to your Desktop.
Then:
  • Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
  • You will see a text file appear on the desktop - it's not done, let it run (it won't appear to be doing anything!)
  • Once you receive the prompt All Done! , you can then attach this text file log to your next message.

NOTE: If you receive any warning messages from your antivirus or antispyware programs about a script trying to be run , please choose to allow the script to run.
  • 0

#8
ereinholdt

ereinholdt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi I always use Chrome (I recently tried deleting the Ask plug-in BTW), but here's the Silent Runner log:

"Silent Runners.vbs", revision 69.2, http://www.silentrunners.org/
Operating System: Microsoft Windows XP Professional Service Pack 3 (32-bit)
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
ISUSPM = "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler [Macrovision Corporation]
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe [MS]
200F9819A9400929B2A9A341524FE82A7B3DF1F9._service_run = "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=service [Google Inc.]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [Synaptics, Inc.]
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [MS]
nwiz = nwiz.exe /installquiet [NVIDIA Corporation]
NVHotkey = rundll32.exe nvHotkey.dll,Start [MS]
NvMediaCenter = RunDLL32.exe NvMCTray.dll,NvTaskbarInit [MS]
Dell QuickSet = C:\Program Files\Dell\QuickSet\quickset.exe [Dell Inc.]
Broadcom Wireless Manager UI = C:\WINDOWS\system32\WLTRAY.exe [Dell Inc.]
ITSecMng = C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
ECenter = C:\Dell\E-Center\EULALauncher.exe [null data]
PDVDDXSrv = "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [CyberLink Corp.]
Kernel and Hardware Abstraction Layer = KHALMNPR.EXE [Logitech Inc.]
LogitechCommunicationsManager = "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [Logitech Inc.]
LVCOMSX = "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [Logitech Inc.]
HPDJ Taskbar Utility = C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [HP]
nmctxth = "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [Cisco Systems, Inc.]
nmapp = "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash [Cisco Systems, Inc.]
Acrobat Assistant 7.0 = "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [Adobe Systems Inc.]
QuickTime Task = "C:\Program Files\QuickTime\QTTask.exe" -atboottime [Apple Inc.]
SigmatelSysTrayApp = C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
APSDaemon = "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [Apple Inc.]
XeroxScanUtility = C:\Program Files\Xerox\Scan_Utility\xrxzipui.exe 1 [Xerox Corporation]
XeroxEndeavorBackgroundTask = C:\WINDOWS\system32\xgchabgnd.exe 1 [null data]
Adobe ARM = "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [Adobe Systems Incorporated]
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe" [Apple Inc.]
lxdqmon.exe = "C:\Program Files\Lexmark Z2400 Series\lxdqmon.exe" [null data]
EzPrint = "C:\Program Files\Lexmark Z2400 Series\ezprint.exe" [Lexmark International Inc.]
SunJavaUpdateSched = "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [Oracle Corporation]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = Adobe PDF Reader Link Helper
\InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe Systems Incorporated]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = Java™ Plug-In SSV Helper
\InProcServer32\(Default) = C:\Program Files\Java\jre7\bin\ssv.dll [Oracle Corporation]

{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = Windows Live Sign-in Helper
\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]

{AE7CD045-E861-484f-8273-0445EE161910}\(Default) = (no title provided)
-> {HKLM...CLSID} = Adobe PDF Conversion Toolbar Helper
\InProcServer32\(Default) = C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe Systems Incorporated]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
-> {HKLM...CLSID} = Java™ Plug-In 2 SSV Helper
\InProcServer32\(Default) = C:\Program Files\Java\jre7\bin\jp2ssv.dll [Oracle Corporation]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

AutoCAD Digital Signatures Icon Overlay Handler\(Default) = {36A21736-36C2-4C11-8ACB-D4136F2B57BD}
-> {HKLM...CLSID} = AcSignIcon
\InProcServer32\(Default) = C:\WINDOWS\system32\AcSignIcon.dll [Autodesk, Inc.]

DropboxExt1\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
-> {HKCU...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Documents and Settings\Eric\Application Data\Dropbox\bin\DropboxExt.19.dll [Dropbox, Inc.]

DropboxExt2\(Default) = {FB314EDA-A251-47B7-93E1-CDD82E34AF8B}
-> {HKCU...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Documents and Settings\Eric\Application Data\Dropbox\bin\DropboxExt.19.dll [Dropbox, Inc.]

DropboxExt3\(Default) = {FB314EDB-A251-47B7-93E1-CDD82E34AF8B}
-> {HKCU...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Documents and Settings\Eric\Application Data\Dropbox\bin\DropboxExt.19.dll [Dropbox, Inc.]

DropboxExt4\(Default) = {FB314EDC-A251-47B7-93E1-CDD82E34AF8B}
-> {HKCU...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Documents and Settings\Eric\Application Data\Dropbox\bin\DropboxExt.19.dll [Dropbox, Inc.]

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt
-> {HKCU...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Documents and Settings\Eric\Application Data\Dropbox\bin\DropboxExt.19.dll [Dropbox, Inc.]

{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt
-> {HKCU...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Documents and Settings\Eric\Application Data\Dropbox\bin\DropboxExt.19.dll [Dropbox, Inc.]

{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt
-> {HKCU...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Documents and Settings\Eric\Application Data\Dropbox\bin\DropboxExt.19.dll [Dropbox, Inc.]

{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt
-> {HKCU...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Documents and Settings\Eric\Application Data\Dropbox\bin\DropboxExt.19.dll [Dropbox, Inc.]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{42071714-76d4-11d1-8b24-00a0c9068ff3} = Display Panning CPL Extension
-> {HKLM...CLSID} = Display Panning CPL Extension
\InProcServer32\(Default) = deskpan.dll [file not found]

{88895560-9AA2-1069-930E-00AA0030EBC8} = HyperTerminal Icon Ext
-> {HKLM...CLSID} = HyperTerminal Icon Ext
\InProcServer32\(Default) = C:\WINDOWS\system32\hticons.dll [Hilgraeve, Inc.]

{2F603045-309F-11CF-9774-0020AFD0CFF6} = Synaptics Control Panel
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\Synaptics\SynTP\SynTPCpl.dll [Synaptics, Inc.]

{A70C977A-BF00-412C-90B7-034C51DA2439} = NvCpl DesktopContext Class
-> {HKLM...CLSID} = DesktopContext Class
\InProcServer32\(Default) = C:\WINDOWS\system32\nvcpl.dll [NVIDIA Corporation]

{1CDB2949-8F65-4355-8456-263E7C208A5D} = Desktop Explorer
-> {HKLM...CLSID} = Desktop Explorer
\InProcServer32\(Default) = C:\WINDOWS\system32\nvshell.dll [NVIDIA Corporation]

{1E9B04FB-F9E5-4718-997B-B8DA88302A47} = Desktop Explorer Menu
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\WINDOWS\system32\nvshell.dll [NVIDIA Corporation]

{1E9B04FB-F9E5-4718-997B-B8DA88302A48} = nView Desktop Context Menu
-> {HKLM...CLSID} = nView Desktop Context Menu
\InProcServer32\(Default) = C:\WINDOWS\system32\nvshell.dll [NVIDIA Corporation]

{5E44E225-A408-11CF-B581-008029601108} = Roxio DragToDisc Shell Extension
-> {HKLM...CLSID} = Roxio DragToDisc Shell Extension
\InProcServer32\(Default) = C:\Program Files\Roxio\Drag-to-Disc\Shellex.dll [Roxio]

{5800AD5B-72C1-477B-9A08-CA112DF06D97} = AutoCAD DWG InfoTip Handler
-> {HKLM...CLSID} = AcInfoTipHandler
\InProcServer32\(Default) = C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [Autodesk]

{8A0BC933-7552-42E2-A228-3BE055777227} = AutoCAD DWG Column Handler
-> {HKLM...CLSID} = AcColumnHandler
\InProcServer32\(Default) = C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [Autodesk]

{ADC46291-D8A1-4486-A24C-86FFB392AEFA} = Autodesk Dgn File Preview
-> {HKLM...CLSID} = AcDgnImageExtractor
\InProcServer32\(Default) = C:\Program Files\Common Files\Autodesk Shared\AcDgnCOM17.dll [Autodesk]

{36A21736-36C2-4C11-8ACB-D4136F2B57BD} = AutoCAD Digital Signatures Icon Overlay Handler
-> {HKLM...CLSID} = AcSignIcon
\InProcServer32\(Default) = C:\WINDOWS\system32\AcSignIcon.dll [Autodesk, Inc.]

{AC1DB655-4F9A-4c39-8AD2-A65324A4C446} = Autodesk Drawing Preview
-> {HKLM...CLSID} = ACTHUMBNAIL
\InProcServer32\(Default) = C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcThumbnail16.dll [Autodesk, Inc.]

{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} = Logitech Setpoint Extension
-> {HKLM...CLSID} = KbLogiExt Class
\InProcServer32\(Default) = C:\Program Files\Logitech\SetPoint\kbcplext.dll [Logitech Inc.]

{B9B9F083-2B04-452A-8691-83694AC1037B} = Logitech Setpoint Extension
-> {HKLM...CLSID} = LogiExt Class
\InProcServer32\(Default) = C:\Program Files\Logitech\SetPoint\mcplext.dll [Logitech Inc.]

{0006F045-0000-0000-C000-000000000046} = Microsoft Office Outlook Custom Icon Handler
-> {HKLM...CLSID} = Outlook File Icon Extension
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL [MS]

{00020D75-0000-0000-C000-000000000046} = Microsoft Office Outlook Desktop Icon Handler
-> {HKLM...CLSID} = Microsoft Office Outlook
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL [MS]

{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\msohevi.dll [MS]

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
-> {HKLM...CLSID} = Microsoft Office Metadata Handler
\InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS]

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
-> {HKLM...CLSID} = Microsoft Office Thumbnail Handler
\InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS]

{FFB699E0-306A-11d3-8BD1-00104B6F7516} = Play on my TV helper
-> {HKLM...CLSID} = NVIDIA CPL Extension
\InProcServer32\(Default) = C:\WINDOWS\system32\nvcpl.dll [NVIDIA Corporation]

{C55C499D-3518-44a1-998E-796AC5FC989D} = NetworkMagic
-> {HKLM...CLSID} = Network Magic Folders
\InProcServer32\(Default) = C:\Program Files\Pure Networks\Network Magic\nmspce2.dll [Cisco Systems, Inc.]

{33F85093-44BB-4587-B25B-FFD05D5B9916} = NetworkMagic
-> {HKLM...CLSID} = Network Magic Folders
\InProcServer32\(Default) = C:\Program Files\Pure Networks\Network Magic\nmspce2.dll [Cisco Systems, Inc.]

{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = Adobe.Acrobat.ContextMenu
-> {HKLM...CLSID} = Acrobat Elements Context Menu
\InProcServer32\(Default) = C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll [Adobe Systems Inc.]

{16148659-720A-457d-850B-2DBD87BB129D} = Audible Shlell Extension
-> {HKLM...CLSID} = AudibleShlExt Class
\InProcServer32\(Default) = C:\Program Files\Audible\Bin\AudibleExt.dll [file not found]

{B41DB860-8EE4-11D2-9906-E49FADC173CA} = WinRAR shell extension
-> {HKLM...CLSID} = WinRAR
\InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]

{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} = iTunes
-> {HKLM...CLSID} = iTunes
\InProcServer32\(Default) = C:\Program Files\iTunes\iTunesMiniPlayer.dll [Apple Inc.]

{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B} = Bluetooth
-> {HKLM...CLSID} = Bluetooth Information Exchanger
\InProcServer32\(Default) = C:\WINDOWS\system32\TosBtExt.dll [TOSHIBA]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = {807563E5-5146-11D5-A672-00B0D022E945}
-> {HKLM...CLSID} = Microsoft Office InfoPath XML Mime Filter
\InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL [MS]

HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\

<<!>> ms-help\CLSID = {314111c7-a502-11d2-bbca-00c04f8ec294}
-> {HKLM...CLSID} = HxProtocol Class
\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll [MS]

<<!>> pure-go\CLSID = {4746C79A-2042-4332-8650-48966E44ABA8}
-> {HKLM...CLSID} = CPureGoProtoInfo Object
\InProcServer32\(Default) = C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll [Cisco Systems, Inc.]

HKCU\Software\Classes\*\shellex\ContextMenuHandlers\

DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
-> {HKCU...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Documents and Settings\Eric\Application Data\Dropbox\bin\DropboxExt.19.dll [Dropbox, Inc.]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

Adobe.Acrobat.ContextMenu\(Default) = {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}
-> {HKLM...CLSID} = Acrobat Elements Context Menu
\InProcServer32\(Default) = C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll [Adobe Systems Inc.]

tosBtShllExt\(Default) = {6BEF3D0B-53F0-4b0d-B91C-C19ED3D4C9D1}
-> {HKLM...CLSID} = Bluetooth File Extenstion
\InProcServer32\(Default) = C:\WINDOWS\system32\TosBtShell.dll [TOSHIBA]

WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
-> {HKLM...CLSID} = WinRAR
\InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
-> {HKLM...CLSID} = MBAMShlExt Class
\InProcServer32\(Default) = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll [file not found]

HKCU\Software\Classes\Directory\shellex\ContextMenuHandlers\

DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
-> {HKCU...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Documents and Settings\Eric\Application Data\Dropbox\bin\DropboxExt.19.dll [Dropbox, Inc.]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

tosBtShllExt\(Default) = {6BEF3D0B-53F0-4b0d-B91C-C19ED3D4C9D1}
-> {HKLM...CLSID} = Bluetooth File Extenstion
\InProcServer32\(Default) = C:\WINDOWS\system32\TosBtShell.dll [TOSHIBA]

WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
-> {HKLM...CLSID} = WinRAR
\InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]

{33F85093-44BB-4587-B25B-FFD05D5B9916}\(Default) = (no title provided)
-> {HKLM...CLSID} = Network Magic Folders
\InProcServer32\(Default) = C:\Program Files\Pure Networks\Network Magic\nmspce2.dll [Cisco Systems, Inc.]

HKLM\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\

FileZilla3CopyHook\(Default) = {DB70412E-EEC9-479C-BBA9-BE36BFDDA41B}
-> {HKLM...CLSID} = FileZilla 3 Shell Extension
\InProcServer32\(Default) = C:\Program Files\FileZilla FTP Client\fzshellext.dll [null data]

Roxio DragToDisc Shell Extension\(Default) = {5E44E225-A408-11CF-B581-008029601108}
-> {HKLM...CLSID} = Roxio DragToDisc Shell Extension
\InProcServer32\(Default) = C:\Program Files\Roxio\Drag-to-Disc\Shellex.dll [Roxio]

HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\

WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
-> {HKLM...CLSID} = WinRAR
\InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]

{5E44E225-A408-11CF-B581-008029601108}\(Default) = Roxio DragToDisc Shell Extension
-> {HKLM...CLSID} = Roxio DragToDisc Shell Extension
\InProcServer32\(Default) = C:\Program Files\Roxio\Drag-to-Disc\Shellex.dll [Roxio]

HKCU\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\

DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
-> {HKCU...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Documents and Settings\Eric\Application Data\Dropbox\bin\DropboxExt.19.dll [Dropbox, Inc.]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

00nView\(Default) = {1E9B04FB-F9E5-4718-997B-B8DA88302A48}
-> {HKLM...CLSID} = nView Desktop Context Menu
\InProcServer32\(Default) = C:\WINDOWS\system32\nvshell.dll [NVIDIA Corporation]

NvCplDesktopContext\(Default) = {A70C977A-BF00-412C-90B7-034C51DA2439}
-> {HKLM...CLSID} = DesktopContext Class
\InProcServer32\(Default) = C:\WINDOWS\system32\nvcpl.dll [NVIDIA Corporation]

{33F85093-44BB-4587-B25B-FFD05D5B9916}\(Default) = (no title provided)
-> {HKLM...CLSID} = Network Magic Folders
\InProcServer32\(Default) = C:\Program Files\Pure Networks\Network Magic\nmspce2.dll [Cisco Systems, Inc.]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{16148659-720A-457d-850B-2DBD87BB129D}\(Default) = Audible Column Ext
-> {HKLM...CLSID} = AudibleShlExt Class
\InProcServer32\(Default) = C:\Program Files\Audible\Bin\AudibleExt.dll [file not found]

{8A0BC933-7552-42E2-A228-3BE055777227}\(Default) = AutoCAD DWG column info
-> {HKLM...CLSID} = AcColumnHandler
\InProcServer32\(Default) = C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [Autodesk]

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info
-> {HKLM...CLSID} = PDF Shell Extension
\InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
-> {HKLM...CLSID} = MBAMShlExt Class
\InProcServer32\(Default) = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll [file not found]

WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
-> {HKLM...CLSID} = WinRAR
\InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]

{33F85093-44BB-4587-B25B-FFD05D5B9916}\(Default) = (no title provided)
-> {HKLM...CLSID} = Network Magic Folders
\InProcServer32\(Default) = C:\Program Files\Pure Networks\Network Magic\nmspce2.dll [Cisco Systems, Inc.]

HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\

tosBtExt\(Default) = {45C6AFA5-2C13-402f-BC5D-45CC8172EF6B}
-> {HKLM...CLSID} = Bluetooth Information Exchanger
\InProcServer32\(Default) = C:\WINDOWS\system32\TosBtExt.dll [TOSHIBA]

WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
-> {HKLM...CLSID} = WinRAR
\InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]


Default executables:
--------------------

.scr
HKCU\Software\Classes\.scr\(Default) = AutoCADLTScriptFile
HKCU\Software\Classes\AutoCADLTScriptFile\(Default) = AutoCAD LT Script
HKCU\Software\Classes\AutoCADLTScriptFile\shell\open\command\(Default) = "C:\WINDOWS\system32\notepad.exe" "%1" [MS]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\

LowRiskFileTypes = (REG_SZ) .adh
{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

NoSaveSettings = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Desktop|
Don't save settings at exit}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

DisableRegistryTools = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}

DisableTaskMgr = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

DisableRegistryTools = (REG_DWORD) dword:0x00000000
{unrecognized setting}

DisableTaskMgr = (REG_DWORD) dword:0x00000000
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be enabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
Wallpaper = C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
Wallpaper = C:\Documents and Settings\Eric\Local Settings\Application Data\Microsoft\Wallpaper1.bmp


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
SCRNSAVE.EXE = C:\WINDOWS\system32\scrnsave.scr [MS]


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

DropboxAutoplayProxy\
Provider = Dropbox
InvokeProgID = Dropbox.AutoplayEventHandlerProxy
InvokeVerb = import
HKLM\SOFTWARE\Classes\Dropbox.AutoplayEventHandlerProxy\shell\import\DropTarget\CLSID = {F38F335B-BC2E-450E-8FC6-0E13E17FC8FE}
-> {HKLM...CLSID} = Dropbox Autoplay Proxy COM Server
\LocalServer32\(Default) = C:\Program Files\Dropbox\DropboxProxy.exe /autoplayproxy [Dropbox, Inc.]

EpShowApp\
Provider = Lexmark Fast Pics
InvokeProgID = EzPrint
InvokeVerb = Play
HKLM\SOFTWARE\Classes\EzPrint\shell\Play\DropTarget\CLSID = {225F2F50-F37D-4eb3-B3A6-F675C9B52C83}
-> {HKLM...CLSID} = (no title provided)
\LocalServer32\(Default) = C:\Program Files\Lexmark Z2400 Series\ezprint.exe [Lexmark International Inc.]

iTunesBurnCDOnArrival\
Provider = iTunes
InvokeProgID = iTunes.BurnCD
InvokeVerb = burn
HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /AutoPlayBurn "%L" [Apple Inc.]

iTunesImportSongsOnArrival\
Provider = iTunes
InvokeProgID = iTunes.ImportSongsOnCD
InvokeVerb = import
HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /AutoPlayImportSongs "%L" [Apple Inc.]

iTunesPlaySongsOnArrival\
Provider = iTunes
InvokeProgID = iTunes.PlaySongsOnCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /playCD "%L" [Apple Inc.]

iTunesShowSongsOnArrival\
Provider = iTunes
InvokeProgID = iTunes.ShowSongsOnCD
InvokeVerb = showsongs
HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /AutoPlayShowSongs "%L" [Apple Inc.]

PDVDDXPlayDVDMovieOnArrival\
Provider = PowerDVD
InvokeProgID = DVD
InvokeVerb = PlayWithPDVDDX
HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPDVDDX\Command\(Default) = "C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" AUTOPLAY MOVIE "%L" [CyberLink Corp.]

PDVDDXPlayVideoCDMovieOnArrival\
Provider = PowerDVD
InvokeProgID = VCD
InvokeVerb = PlayWithPDVDDX
HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPDVDDX\Command\(Default) = "C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" AUTOPLAY MOVIE "%L" [CyberLink Corp.]

Picasa2ImportPicturesOnArrival\
Provider = Picasa3
InvokeProgID = picasa2.autoplay
InvokeVerb = import
HKLM\SOFTWARE\Classes\picasa2.autoplay\shell\import\command\(Default) = C:\Program Files\Google\Picasa3\Picasa3.exe "%1" [Google Inc.]

RoxioSCAudioCDTask33\
Provider = Roxio Creator Audio
InvokeProgID = Roxio.RoxioCentral33
InvokeVerb = AudioCDTask
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral33\shell\AudioCDTask\Command\(Default) = "C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe" /Launch {8E376824-EA6C-4CB7-AA05-A30CB84D359B} [null data]

RoxioSCCopyCD33\
Provider = Roxio Creator Copy
InvokeProgID = Roxio.RoxioCentral33
InvokeVerb = ExactCopyJob
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral33\shell\ExactCopyJob\Command\(Default) = "C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe" /Launch {6123D5C0-0B6A-4B67-A692-C0863AB98CDA} [null data]

RoxioSCCopyDisc33\
Provider = Roxio Creator Copy
InvokeProgID = Roxio.RoxioCentral33
InvokeVerb = ExactCopyJob
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral33\shell\ExactCopyJob\Command\(Default) = "C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe" /Launch {6123D5C0-0B6A-4B67-A692-C0863AB98CDA} [null data]

RoxioSCDataProject33\
Provider = Roxio Creator Data
InvokeProgID = Roxio.RoxioCentral33
InvokeVerb = DataGuide
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral33\shell\DataGuide\Command\(Default) = "C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe" /Launch Data [null data]

RoxioSCDataTask33\
Provider = Roxio Creator Data
InvokeProgID = Roxio.RoxioCentral33
InvokeVerb = DataTask
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral33\shell\DataTask\Command\(Default) = "C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe" /Launch {D085B12D-4D9B-49C2-8323-5053831CBD54} [null data]


Startup items in "Eric" & "All Users" startup folders:
------------------------------------------------------

C:\Documents and Settings\Eric\Start Menu\Programs\Startup {++}
Dropbox -> shortcut to: C:\Documents and Settings\Eric\Application Data\Dropbox\bin\Dropbox.exe /systemstartup [Dropbox, Inc.]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup {++}
Adobe Gamma Loader -> shortcut to: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [Adobe Systems, Inc.]
Bluetooth Manager -> shortcut to: C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [TOSHIBA CORPORATION.]
Logitech SetPoint -> shortcut to: C:\Program Files\Logitech\SetPoint\SetPoint.exe [Logitech Inc.]


Enabled Scheduled Tasks: {++}
------------------------

Adobe Flash Player Updater -> launches: C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated]
GoogleUpdateTaskMachineCore -> launches: C:\Program Files\Google\Update\GoogleUpdate.exe /c [Google Inc.]
GoogleUpdateTaskMachineUA -> launches: C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]
RealUpgradeLogonTaskS-1-5-21-378850062-1537319479-2186320372-1005 -> launches: C:\Program Files\Real\RealUpgrade\realupgrade.exe /logoncheck [file not found]
RealUpgradeScheduledTaskS-1-5-21-378850062-1537319479-2186320372-1005 -> launches: C:\Program Files\Real\RealUpgrade\realupgrade.exe /scheduledcheck [file not found]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000002\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
000000000003\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000004\LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll [Apple Inc.]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

{47833539-D0C5-4125-9FA8-0819E2EAAC93}
-> {HKLM...CLSID} = Adobe PDF
\InProcServer32\(Default) = C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe Systems Incorporated]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
{47833539-D0C5-4125-9FA8-0819E2EAAC93} = (no title provided)
-> {HKLM...CLSID} = Adobe PDF
\InProcServer32\(Default) = C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe Systems Incorporated]

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

{182EC0BE-5110-49C8-A062-BEB1D02A220B}\(Default) = (no title provided)
-> {HKLM...CLSID} = Adobe PDF
\InProcServer32\(Default) = C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe Systems Incorporated]

HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = &Research
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
ButtonText = Research
BandCLSID = {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
-> {HKLM...CLSID} = &Research
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL [MS]

{E2E2DD38-D088-4134-82B7-F2BA38496583}\
MenuText = @xpsp3res.dll,-20001
Exec = %windir%\Network Diagnostic\xpnetdiag.exe [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Apple Mobile Device, Apple Mobile Device, "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [Apple Inc.]
Bonjour Service, Bonjour Service, "C:\Program Files\Bonjour\mDNSResponder.exe" [Apple Inc.]
Dell Wireless WLAN Tray Service, wltrysvc, C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe [null data]
iPod Service, iPod Service, "C:\Program Files\iPod\bin\iPodService.exe" [Apple Inc.]
Java Quick Starter, JavaQuickStarterService, "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [Oracle Corporation]
lxdq_device, lxdq_device, C:\WINDOWS\system32\lxdqcoms.exe -service [ ]
lxdqCATSCustConnectService, lxdqCATSCustConnectService, C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdqserv.exe [Lexmark International, Inc.]
NICCONFIGSVC, NICCONFIGSVC, C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [Dell Inc.]
NVIDIA Display Driver Service, NVSvc, C:\WINDOWS\system32\nvsvc32.exe [NVIDIA Corporation]
Pure Networks Platform Service, nmservice, "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" [Cisco Systems, Inc.]
TOSHIBA Bluetooth Service, TOSHIBA Bluetooth Service, C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [TOSHIBA CORPORATION]


Safe Mode Drivers & Services (subkey name, subkey default value):
-----------------------------------------------------------------

HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\

<<!>> WdfLoadGroup,

HKLM\System\CurrentControlSet\Control\SafeBoot\Network\

<<!>> WdfLoadGroup,


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Adobe PDF Port\Driver = C:\WINDOWS\system32\AdobePDF.dll [Adobe Systems Incorporated.]
EPSON Stylus Photo 1400 Series 32MonitorBA\Driver = E_FLBBUA.DLL [SEIKO EPSON CORPORATION]
HP DesignJet ECP Monitor\Driver = HPLTLM.DLL [Hewlett-Packard Corporation, Microsoft Corporation]
HP Language Monitor\Driver = hpltlm5.dll [Hewlett-Packard Corporation, Microsoft Corporation]
HP Master Monitor\Driver = hpbmmon.dll [Hewlett-Packard]
HP Standard TCP/IP Port\Driver = hptcpmon.dll [Hewlett Packard]
Microsoft Shared Fax Monitor\Driver = FXSMON.DLL [MS]
PDF995 Monitor\Driver = pdf995mon.dll [null data]
PDFill Writer Monitor\Driver = C:\Program Files\PlotSoft\PDFill\PDFWriter\Driver\PDFillWriterMon.dll [Windows ® Codename Longhorn DDK provider]
Toshiba Bluetooth Monitor\Driver = tbtmon.dll [TOSHIBA CORPORATION.]
Z2400 Series Port\Driver = lxdqlmpm.dll [ ]


---------- (launch time: 2013-08-06 06:33:31)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 41 seconds, including 18 seconds for message boxes)
  • 0

#9
crooleeck

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts
Step 1: Start the System Configuration Utility

1.Click Start, click Run, type msconfig, and then click OK.
2.The System Configuration Utility dialog box is displayed.

Step 2: Configure selective startup options

1.In the System Configuration Utility dialog box, click the General tab, and then click Selective Startup.
2.Click to clear the Process SYSTEM.INI File check box.
3.Click to clear the Process WIN.INI File check box.
4.Click to clear the Load Startup Items check box. Verify that Load System Services and Use Original BOOT.INI are checked.
5.Click the Services tab.
6.Click to select the Hide All Microsoft Services check box.
7.Click Disable All, and then click OK.
8.When you are prompted, click Restart to restart the computer.

How is your computer running in clean boot?
  • 0

#10
ereinholdt

ereinholdt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Unfortunately, it's exactly the same.

There's an active window and that's all I can click on and use. To switch between applications I have to use the task manager <switch to> function.

Only the foreground task is operable, the screen saver doesn't even activate. The cursor will change to the arrow when I go to the taskbar area but it doesn't register any clicks.

I can minimize the window but then I'm not able to click on anything on the desktop, any other application or even go back to the one I just minimized.

Anything else I can try?
Thanks...
  • 0

Advertisements


#11
ereinholdt

ereinholdt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Also, I just rebooted in normal mode again and it now displays the error message:

Error loading C:\Windows\abafaniv.dll
The specified module could not be found
  • 0

#12
crooleeck

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts
Sorry for delay.

  • Remove Google Chrome in Add/Remove programs in Control Panel
  • Please navigate to location: "C:\Documents and Settings\Eric\Local Settings\Application Data\" and remove Google folder
  • Download and install new version. After installation please do not synchronize with google account.

How is it working?
  • 0

#13
ereinholdt

ereinholdt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Same behavior still, can't switch between tasks on the taskbar and it still goes back in the browser. Maddening really.
Thanks...
  • 0

#14
crooleeck

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts
Let's overview the problem:

Your traditions :D
1. Turn on computer.
2. Run Chrome.
A) Is Chrome only, or there are other programs, that you starts?
B) Can you take a screenshot or photo by smartphone?
C) When Chrome was switched, what is active window?
D) Did you try left ALT + TAB to switch?

We have two more tools to general scan on our track, but I like to shout the problem first.
  • 0

#15
ereinholdt

ereinholdt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Problem Overview:
1. Run Chrome
2. Browse to any page. Within 10 seconds browser automatically pages back through all previous pages to home screen and stops.
3. At this point, I'm not able to access any other applications on the taskbar to switch between applications.
4. I can use Alt-Tab to switch, but to get back to my open application (the one that I'm using and running) every 10-30 seconds is painful.
5. This is not specific to Chrome. It happens in Windows Explorer (not IE, but Explorer) + Outlook too. It goes back through previously browsed files, emails, folders and then hangs up. At this point I have to use the Alt-Tab to re-activate the program I'm using (Explorer/Outlook).
6. I don't know how I could capture a picture of this to explain it...it backs up so quickly (esp. explorer).
7. As I mentioned earlier, my screensaver isn't working either. If I minimize an application to get back to the desktop, the desktop icons aren't clickable. It's like the computer doesn't recognize the task priority. Seems like there's a problem with how background and foreground tasks are being managed. It's almost like there's a timeout happening and then it's locking my foreground task.
Thanks...
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP