Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Sudden Slow Computer Speed Killing Me/Virus?


  • Please log in to reply

#1
USAFA74F15

USAFA74F15

    New Member

  • Member
  • Pip
  • 8 posts
In the past few months my computer speed has gone from pretty good to ridiculously slow. Downloaded several programs to "speed it up, identify and resolve problems" (I thought) examples: Advanced System Care, SmartDefrag2, Speccy, Malwarebytes Anti-Malware......

Am a atypical ex-F-15 jockey....thinking I can control and take care of anything...obviously not true. So, I am fallimg on my sword and respectfully requesting some guidance/direction from those that are more informed about the "PC world" than I and willing to help an old ex-fighter jock to be able to spend more time with his wife than his PC. LOL... Many thanks...in advance..

Ran the OTL...results follow:



OTL logfile created on: 7/27/2013 1:37:31 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\BRUCE\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.49 Gb Total Physical Memory | 0.35 Gb Available Physical Memory | 23.30% Memory free
3.23 Gb Paging File | 1.30 Gb Available in Paging File | 40.17% Paging File free
Paging file location(s): c:\pagefile.sys 1825 2287 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 290.41 Gb Total Space | 169.64 Gb Free Space | 58.42% Space Free | Partition Type: NTFS
Drive D: | 7.68 Gb Total Space | 0.90 Gb Free Space | 11.72% Space Free | Partition Type: NTFS
Drive L: | 298.02 Gb Total Space | 181.14 Gb Free Space | 60.78% Space Free | Partition Type: FAT32

Computer Name: BRUCE-PC | User Name: BRUCE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/27 13:33:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\BRUCE\Downloads\OTL.exe
PRC - [2013/07/20 04:56:54 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2013/07/20 01:19:44 | 000,814,984 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe
PRC - [2013/07/18 00:36:56 | 000,217,992 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
PRC - [2013/07/13 00:11:32 | 002,236,080 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2013/07/03 15:00:44 | 005,271,040 | ---- | M] (Joyent, Inc) -- C:\Program Files\ATT\8.3.1.7\ma\bin\node.exe
PRC - [2013/07/03 15:00:44 | 000,321,024 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\ATT\8.3.1.7\ma\bin\MAHostService.exe
PRC - [2013/06/30 10:31:02 | 001,888,576 | ---- | M] (IObit) -- C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2013/06/26 09:22:49 | 001,598,128 | ---- | M] (AVG Secure Search) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
PRC - [2013/06/26 09:22:49 | 000,152,240 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe
PRC - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/07 10:57:52 | 001,984,000 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\ATT-SST\pcTrayApp.exe
PRC - [2013/05/07 10:54:54 | 000,369,152 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\pcCMService.exe
PRC - [2013/05/07 10:54:02 | 000,342,528 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\pcServiceHost.exe
PRC - [2013/04/18 20:38:38 | 000,491,840 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
PRC - [2013/04/18 16:58:08 | 000,574,272 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
PRC - [2013/04/16 03:07:06 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/04/08 19:02:16 | 000,720,192 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/27 16:18:02 | 001,098,072 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files\Garmin\Express Tray\ExpressTray.exe
PRC - [2013/03/27 16:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
PRC - [2013/03/13 18:40:08 | 001,278,064 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2013/03/08 16:30:12 | 000,957,512 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
PRC - [2013/02/19 21:10:16 | 000,203,848 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe
PRC - [2013/02/19 15:12:14 | 000,172,416 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe
PRC - [2013/02/19 15:08:52 | 000,169,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2013/02/19 15:06:50 | 000,203,840 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2012/11/16 22:07:20 | 000,279,048 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe
PRC - [2012/09/10 23:33:30 | 000,694,168 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MQS\QcShm.exe
PRC - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2012/08/31 13:00:52 | 000,078,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\Core\mchost.exe
PRC - [2012/03/28 02:28:44 | 000,735,168 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2012/03/28 02:27:06 | 000,309,184 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2012/03/28 02:10:02 | 000,075,712 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\ssonsvr.exe
PRC - [2011/09/26 18:15:36 | 000,117,920 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\IPROSetMonitor.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/06/02 18:50:34 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2006/09/03 12:32:28 | 000,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/19 18:45:17 | 000,369,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\c24b36ceb832eabefe020b7453994a87\System.ServiceModel.Routing.ni.dll
MOD - [2013/07/19 18:45:16 | 001,141,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\4e250337cd18240b68997db97a661701\System.ServiceModel.Discovery.ni.dll
MOD - [2013/07/19 18:45:14 | 000,082,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\aab5ffcd3df45c984400184a9a041a8f\System.ServiceModel.Channels.ni.dll
MOD - [2013/07/19 18:45:13 | 001,394,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\fd6ee30e73a33e86f4da7180a38feec7\System.ServiceModel.Activities.ni.dll
MOD - [2013/07/19 18:45:09 | 018,101,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\1fd03dbce5fb842598861bcc46d549a2\System.ServiceModel.ni.dll
MOD - [2013/07/19 18:44:23 | 001,078,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\1489265c93f726f72f59fa268b99af37\System.IdentityModel.ni.dll
MOD - [2013/07/18 06:42:29 | 000,649,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\5ec5f80f35fbc6665e2eddb7711a8410\System.Transactions.ni.dll
MOD - [2013/07/18 06:42:28 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\da2cc25eb270a9d8607ab7486f3ce890\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/07/18 06:42:25 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\8a26ba5b45d30874fbebb0a475b22a75\SMDiagnostics.ni.dll
MOD - [2013/07/18 06:42:24 | 002,647,552 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\6b3adc90b6f811b557d290e1436e7ff8\System.Runtime.Serialization.ni.dll
MOD - [2013/07/18 06:42:19 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\ac41c2666bb4e3dee06bc72eb45c765d\System.Xml.Linq.ni.dll
MOD - [2013/07/18 06:42:18 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\e8aafadcd1fc0f8f406434176fb97477\System.Xaml.ni.dll
MOD - [2013/07/18 01:25:14 | 018,003,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\4c152db66c5438fbf9e3975858dde0bc\PresentationFramework.ni.dll
MOD - [2013/07/18 01:24:47 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\8d9db55b1eef7728c04fb1ec500089c6\PresentationCore.ni.dll
MOD - [2013/07/18 01:24:36 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\6ea5ee4386d67f4b432a27c40fbff93c\System.Windows.Forms.ni.dll
MOD - [2013/07/18 01:24:24 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9631f1dac820cb6987560f074492150d\PresentationFramework.Aero.ni.dll
MOD - [2013/07/18 01:24:19 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4787bb699ed4291859fb86f15d793add\System.Drawing.ni.dll
MOD - [2013/07/18 01:24:15 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\d3c944049319ebe51e939c9342f0bcc2\WindowsBase.ni.dll
MOD - [2013/07/18 01:24:07 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\a1c174e579c9ad4e5b6eeed8a58a721b\System.Core.ni.dll
MOD - [2013/07/18 01:24:01 | 005,628,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\91c185bd043af039dcdc93e3fcf87f3d\System.Xml.ni.dll
MOD - [2013/07/18 01:23:54 | 001,013,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\256b7bb1216345c5a66ced50c1cf239d\System.Configuration.ni.dll
MOD - [2013/07/18 01:23:53 | 009,099,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\8a6d1c8abeb8eb82f06c7d075130cc67\System.ni.dll
MOD - [2013/07/18 01:23:42 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll
MOD - [2013/07/13 00:11:32 | 002,236,080 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2013/06/26 09:22:50 | 000,521,392 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\log4cplusU.dll
MOD - [2013/06/26 09:22:50 | 000,145,072 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\SiteSafety.dll
MOD - [2013/06/08 18:14:16 | 000,048,960 | ---- | M] () -- C:\Program Files\IObit\Smart Defrag 2\NtfsData.dll
MOD - [2013/01/15 18:48:26 | 000,348,992 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\madexcept_.bpl
MOD - [2013/01/15 18:48:26 | 000,051,008 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\maddisAsm_.bpl
MOD - [2013/01/15 18:48:24 | 000,183,616 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\madbasic_.bpl
MOD - [2013/01/15 18:47:56 | 000,893,248 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\webres.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (stllssvr)
SRV - [2013/07/20 01:19:45 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/03 15:00:44 | 000,321,024 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\ATT\8.3.1.7\ma\bin\MAHostService.exe -- (ATT MAHostService)
SRV - [2013/06/26 09:22:49 | 001,598,128 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe -- (vToolbarUpdater15.3.0)
SRV - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/05/07 10:54:54 | 000,369,152 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\pcCMService.exe -- (pcCMService)
SRV - [2013/05/07 10:54:02 | 000,342,528 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\pcServiceHost.exe -- (pcServiceHost)
SRV - [2013/04/18 16:58:08 | 000,574,272 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6)
SRV - [2013/04/16 03:07:06 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/27 16:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2013/02/19 21:10:16 | 000,203,848 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe -- (RtkAudioService)
SRV - [2013/02/19 15:12:14 | 000,172,416 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\WINDOWS\System32\mfevtps.exe -- (mfevtp)
SRV - [2013/02/19 15:08:52 | 000,169,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2013/02/19 15:06:50 | 000,203,840 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2012/11/16 22:07:20 | 000,279,048 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/09/26 18:15:36 | 000,117,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\System32\IPROSetMonitor.exe -- (Intel®
SRV - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2008/06/02 18:50:34 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/09/11 18:02:44 | 000,544,256 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service)
SRV - [2006/09/11 18:01:04 | 000,167,936 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL)
SRV - [2006/09/11 17:56:32 | 000,075,264 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe -- (ISSM)
SRV - [2006/09/11 17:56:20 | 000,188,416 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService)
SRV - [2006/09/03 12:32:28 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2006/09/01 01:47:56 | 000,026,624 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server)
SRV - [2006/05/10 11:13:52 | 000,029,696 | R--- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe -- (IntelDHSvcConf)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\wzpsizsq.sys -- (wzpsizsq)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\veswwxxj.sys -- (veswwxxj)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\unugthvf.sys -- (unugthvf)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\tdnfehvc.sys -- (tdnfehvc)
DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - File not found [Adapter | Unavailable | Unknown] -- -- (PnSson)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\pjubrhyx.sys -- (pjubrhyx)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\owyrxwoz.sys -- (owyrxwoz)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\nmrsgymi.sys -- (nmrsgymi)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\mlokiizn.sys -- (mlokiizn)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\jdbelzad.sys -- (jdbelzad)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\frctpota.sys -- (frctpota)
DRV - [2013/06/26 09:22:50 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/05/22 18:49:32 | 000,015,672 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/02/19 15:15:04 | 000,060,920 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2013/02/19 15:12:24 | 000,210,608 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2013/02/19 15:10:52 | 000,092,632 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2013/02/19 15:09:52 | 000,565,888 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2013/02/19 15:09:02 | 000,363,080 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2013/02/19 15:08:40 | 000,065,928 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2013/02/19 15:08:20 | 000,235,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2013/02/19 15:07:50 | 000,133,416 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012/04/20 16:40:44 | 000,146,872 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HipShieldK.sys -- (HipShieldK)
DRV - [2012/03/19 09:18:46 | 000,064,800 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2010/02/02 15:09:42 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/02/02 15:09:42 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/12/30 10:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/04/10 23:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\winusb.sys -- (winusb)
DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/02 02:41:53 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2005/12/12 11:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\PS2.sys -- (Ps2)
DRV - [1999/12/31 19:00:00 | 000,193,640 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.live.com/?mkt=en-us
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{09D7EC1D-6FDC-4B5F-A20F-68F6F7A297A5}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt
IE - HKLM\..\SearchScopes\{354CB769-8CC6-4415-AFE8-D464FAA80346}: "URL" = http://search.live.c...#38;FORM=HVDUS7
IE - HKLM\..\SearchScopes\{45D28774-DBC0-449D-8168-FE1C2E29AD9A}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {6edc3889-b841-4127-a2bf-c5fc48f972c7} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-08-01 03:38:16&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{CDD78D09-C4B0-44D4-84EF-A93F498B398D}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@consona.com/ScriptRunner: C:\Program Files\Common Files\supportsoft\bin\nptgctlsr.dll (SupportSoft, Inc.)
FF - HKLM\Software\MozillaPlugins\@consona.com/SmartIssue: C:\Program Files\Common Files\supportsoft\bin\nptgctlsi.dll (SupportSoft, Inc.)
FF - HKLM\Software\MozillaPlugins\@ei.TotalRecipeSearch_14.com/Plugin: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=3.0: C:\Program Files\Virtual Earth 3D\ [2008/11/05 20:22:38 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\ATT\8.3.1.7\ma\bin\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@Motive.com/npMotiveRequest,version=1.0: C:\Program Files\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin: C:\Program Files\PDFlite\npPdfViewer.dll (Simon Bünzli)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin: C:\Program Files\PDFlite\npPdfViewer.dll (Simon Bünzli)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\15.3.0.11 [2013/07/13 00:12:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2013/07/19 18:29:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2013/07/27 04:16:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/07/20 04:59:02 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://search.yahoo....r=spigot-yhp-ch
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\BRUCE\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\BRUCE\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Motive Extension = C:\Users\BRUCE\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec\1.1_0\
CHR - Extension: SiteAdvisor = C:\Users\BRUCE\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_0\
CHR - Extension: avast! Online Security = C:\Users\BRUCE\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0\
CHR - Extension: RealDownloader = C:\Users\BRUCE\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_0\
CHR - Extension: AVG Security Toolbar = C:\Users\BRUCE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.3.0.11_0\
CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\BRUCE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\
CHR - Extension: Gmail = C:\Users\BRUCE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20130306015620.dll (McAfee, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll (AVG Secure Search)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {6EDC3889-B841-4127-A2BF-C5FC48F972C7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\pcTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [Advanced SystemCare 6] C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
O4 - HKCU..\Run: [GarminExpressTrayApp] C:\Program Files\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: google.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: poha.com ([exchange] https in Trusted sites)
O15 - HKCU\..Trusted Domains: taxnotebook.com ([www] https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.micr...tualEarth3D.cab (Reg Error: Value error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} http://www.symantec....sa/LSSupCtl.cab (Reg Error: Value error.)
O16 - DPF: {22055A00-27C0-438B-BF53-44E973A4C48A} http://www.thesecret.../vivid_ocx.jpeg (Reg Error: Value error.)
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} http://intel-drv-cdn...reqlab_srlx.cab (Reg Error: Value error.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.0.cab (Reg Error: Value error.)
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} http://www.srtest.co...sreqlab_ind.cab (Reg Error: Value error.)
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} http://www.kodakgall..._2/axofupld.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.micro...gWebControl.cab (Reg Error: Value error.)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} http://www.symantec....sa/SymAData.cab (ActiveDataInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://plugin.driver...driveragent.cab (Reg Error: Value error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...xControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1735FE75-10B7-4896-91FA-5E0551B9DDE9}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll (AVG Secure Search)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\BRUCE\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\BRUCE\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/03/21 18:15:50 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/11/15 11:08:04 | 000,000,036 | -H-- | M] () - L:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{2a5e7693-a966-11df-a181-001a92b6890f}\Shell - "" = AutoRun
O33 - MountPoints2\{2a5e7693-a966-11df-a181-001a92b6890f}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{e1f1afc7-c375-11de-8a1a-001a92b6890f}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://www.garmin.com/agent
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/27 04:20:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013/07/24 08:21:30 | 000,000,000 | ---D | C] -- C:\Windows\tasks\TaskDisabled
[2013/07/22 18:39:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/07/22 18:39:37 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/07/20 18:23:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AT&T
[2013/07/20 18:22:23 | 000,000,000 | ---D | C] -- C:\Program Files\ATT-SST
[2013/07/20 17:00:37 | 000,000,000 | ---D | C] -- C:\Users\BRUCE\AppData\Local\{6A7F261E-3225-4D98-B609-1C8DA4B8E763}
[2013/07/20 16:49:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/07/20 16:35:48 | 000,000,000 | ---D | C] -- C:\Users\BRUCE\AppData\Roaming\Oracle
[2013/07/20 05:00:42 | 000,000,000 | ---D | C] -- C:\Users\BRUCE\AppData\Roaming\RealNetworks
[2013/07/20 04:58:55 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks
[2013/07/20 04:58:42 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2013/07/20 04:58:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2013/07/20 04:57:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2013/07/20 04:57:01 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2013/07/20 04:53:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix
[2013/07/20 04:30:48 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2013/07/20 00:59:52 | 000,000,000 | ---D | C] -- C:\Users\BRUCE\AppData\Local\Secunia PSI
[2013/07/19 22:31:55 | 000,029,528 | ---- | C] (IObit) -- C:\Windows\System32\SmartDefragBootTime.exe
[2013/07/19 18:24:01 | 000,000,000 | ---D | C] -- C:\Users\BRUCE\AppData\Local\{EF428126-1D9B-4E51-BA3D-B26892C36840}
[2013/07/17 21:55:08 | 000,000,000 | ---D | C] -- C:\Users\BRUCE\AppData\Roaming\DriverCure
[2013/07/17 21:55:06 | 000,000,000 | ---D | C] -- C:\Users\BRUCE\AppData\Roaming\SpeedyPC Software
[2013/07/17 21:54:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2013/07/14 16:27:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/07/13 03:12:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2013/07/13 01:39:40 | 000,000,000 | ---D | C] -- C:\Users\BRUCE\AppData\Local\AVG Secure Search
[2013/07/12 20:53:52 | 000,000,000 | ---D | C] -- C:\ProgramData\RoboForm
[2013/07/12 20:42:50 | 000,000,000 | ---D | C] -- C:\Users\BRUCE\Documents\My Avast EasyPass Data
[2013/07/12 20:37:30 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/07/12 20:36:06 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/07/12 16:02:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Citrix
[2013/07/12 16:00:03 | 000,000,000 | ---D | C] -- C:\Users\BRUCE\AppData\Roaming\ICAClient
[2013/07/12 16:00:03 | 000,000,000 | ---D | C] -- C:\Users\BRUCE\AppData\Local\Citrix
[2013/07/12 15:59:55 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2013/07/12 15:44:36 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2013/07/12 00:50:11 | 000,000,000 | ---D | C] -- C:\Users\BRUCE\AppData\Roaming\Virus Scan
[2013/07/11 18:55:37 | 000,000,000 | ---D | C] -- C:\ProgramData\AskPartnerNetwork
[2013/07/11 18:55:35 | 000,000,000 | ---D | C] -- C:\Program Files\AskPartnerNetwork
[2013/07/11 18:55:30 | 000,000,000 | ---D | C] -- C:\Users\BRUCE\Documents\RegWhiz
[2013/07/11 18:55:14 | 000,000,000 | ---D | C] -- C:\Users\BRUCE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesOpened
[2013/07/11 18:42:54 | 000,000,000 | ---D | C] -- C:\Users\BRUCE\AppData\Local\ElevatedDiagnostics
[2013/07/10 21:47:20 | 000,000,000 | ---D | C] -- C:\Users\BRUCE\Documents\Sony PMB
[2013/07/10 21:46:00 | 000,000,000 | ---D | C] -- C:\Users\BRUCE\AppData\Roaming\Sony Corporation
[2013/07/10 21:39:09 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2013/07/10 20:03:19 | 000,000,000 | ---D | C] -- C:\Users\BRUCE\Documents\TX Unclaimed property
[2013/07/10 07:11:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2013/07/05 21:21:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation
[2013/06/28 01:48:39 | 000,000,000 | ---D | C] -- C:\Windows\System32\SRSLabs
[2013/06/28 01:48:20 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2013/06/28 01:46:00 | 000,345,328 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2013/06/28 01:46:00 | 000,185,584 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2013/06/28 01:46:00 | 000,140,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2013/06/28 01:45:59 | 000,173,296 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2013/06/28 01:45:55 | 000,214,368 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFNHK.dll
[2013/06/28 01:45:54 | 000,214,352 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\System32\SFFXProc.dll
[2013/06/28 01:45:54 | 000,074,064 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\System32\SFFXSAPO.dll
[2013/06/28 01:45:54 | 000,074,064 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\System32\SFFXHAPO.dll
[2013/06/28 01:45:53 | 000,074,064 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\System32\SFFXDAPO.dll
[2013/06/28 01:45:52 | 000,078,672 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\System32\SFFXComm.dll
[2013/06/28 01:45:51 | 000,074,080 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFCOM.dll
[2013/06/28 01:45:51 | 000,068,960 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFAPO.dll
[2013/06/28 01:44:35 | 000,359,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll
[2013/06/28 01:44:34 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll
[2013/06/28 01:44:34 | 000,064,856 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll
[2013/06/28 01:44:33 | 000,170,840 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll
[2013/06/28 01:44:26 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll
[2013/06/28 01:44:26 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll
[2013/06/28 01:43:33 | 002,386,464 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
[2013/06/28 01:43:24 | 000,090,624 | ---- | C] (Real Sound Lab SIA) -- C:\Windows\System32\CONEQMSAPOGUILibrary.dll
[2013/06/27 23:46:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimComputer
[2013/06/27 22:42:09 | 000,023,872 | ---- | C] (IObit) -- C:\Windows\System32\RegistryDefragBootTime.exe
[2013/06/27 22:21:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 2
[2013/06/27 22:18:51 | 000,000,000 | ---D | C] -- C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
[2013/06/27 22:18:44 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2013/06/27 22:18:43 | 000,000,000 | ---D | C] -- C:\Users\BRUCE\AppData\Roaming\IObit
[2013/06/27 22:18:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 6
[2013/06/27 22:18:09 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2013/06/27 22:07:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers
[2013/06/27 22:07:32 | 000,000,000 | ---D | C] -- C:\Program Files\SlimDrivers
[2010/03/08 02:29:07 | 027,024,112 | ---- | C] (Microsoft Corporation) -- C:\Users\BRUCE\PowerPointViewer.exe

========== Files - Modified Within 30 Days ==========

[2013/07/27 13:36:42 | 000,000,551 | ---- | M] () -- C:\Users\BRUCE\Desktop\OTL - Shortcut.lnk
[2013/07/27 13:27:27 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/27 13:27:26 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/27 12:57:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/27 12:54:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/27 04:16:03 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/27 04:16:03 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2013/07/27 04:16:03 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
[2013/07/27 04:12:35 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013/07/27 04:12:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/27 04:12:14 | 1600,614,400 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/27 00:04:56 | 166,937,013 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/07/25 03:00:00 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\RegSERVO.job
[2013/07/24 22:29:05 | 000,000,905 | ---- | M] () -- C:\Users\BRUCE\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/07/24 21:49:44 | 000,000,000 | ---- | M] () -- C:\asc_rdflag
[2013/07/24 21:38:32 | 000,001,910 | ---- | M] () -- C:\Users\Public\Desktop\AT&T Troubleshoot & Resolve Tool.lnk
[2013/07/23 00:40:51 | 000,302,536 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/07/22 18:39:52 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/20 16:49:28 | 000,002,035 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/07/20 04:59:19 | 000,000,847 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/07/20 04:57:01 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2013/07/20 04:53:41 | 000,002,026 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Online plug-in.lnk
[2013/07/20 03:35:23 | 000,005,892 | ---- | M] () -- C:\Users\BRUCE\AppData\Local\d3d9caps.dat
[2013/07/19 22:31:33 | 000,000,949 | ---- | M] () -- C:\Users\BRUCE\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Defrag 2.lnk
[2013/07/19 22:31:33 | 000,000,925 | ---- | M] () -- C:\Users\Public\Desktop\Smart Defrag 2.lnk
[2013/07/18 01:21:42 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/07/18 01:21:42 | 000,104,202 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/07/18 00:32:01 | 000,001,000 | ---- | M] () -- C:\Users\BRUCE\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare 6.lnk
[2013/07/18 00:32:01 | 000,000,976 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 6.lnk
[2013/07/15 12:48:50 | 002,705,244 | ---- | M] () -- C:\Users\BRUCE\Desktop\PC REPORT.html
[2013/07/13 03:12:27 | 000,000,000 | ---- | M] () -- C:\search.sqlite
[2013/06/27 23:46:54 | 000,001,856 | ---- | M] () -- C:\Users\Public\Desktop\SlimComputer.lnk
[2013/06/27 23:18:52 | 000,001,081 | ---- | M] () -- C:\Users\BRUCE\Desktop\Cloned Files Scanner.lnk
[2013/06/27 23:14:53 | 000,077,536 | ---- | M] () -- C:\Users\BRUCE\Desktop\System Information Report.html
[2013/06/27 22:07:33 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\SlimDrivers.lnk

========== Files Created - No Company Name ==========

[2013/07/27 13:36:42 | 000,000,551 | ---- | C] () -- C:\Users\BRUCE\Desktop\OTL - Shortcut.lnk
[2013/07/27 00:04:56 | 166,937,013 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/07/24 21:49:44 | 000,000,000 | ---- | C] () -- C:\asc_rdflag
[2013/07/22 18:39:52 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/20 18:23:58 | 000,001,910 | ---- | C] () -- C:\Users\Public\Desktop\AT&T Troubleshoot & Resolve Tool.lnk
[2013/07/20 16:24:57 | 000,001,924 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2013/07/20 04:59:19 | 000,000,847 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/07/20 04:53:41 | 000,002,026 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Online plug-in.lnk
[2013/07/20 04:01:35 | 1600,614,400 | -HS- | C] () -- C:\hiberfil.sys
[2013/07/19 22:31:34 | 000,015,672 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2013/07/18 00:45:04 | 000,000,925 | ---- | C] () -- C:\Users\Public\Desktop\Smart Defrag 2.lnk
[2013/07/15 12:53:36 | 002,705,244 | ---- | C] () -- C:\Users\BRUCE\Desktop\PC REPORT.html
[2013/07/13 03:12:27 | 000,000,000 | ---- | C] () -- C:\search.sqlite
[2013/06/28 01:44:27 | 000,449,481 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2013/06/27 23:46:54 | 000,001,856 | ---- | C] () -- C:\Users\Public\Desktop\SlimComputer.lnk
[2013/06/27 23:18:52 | 000,001,081 | ---- | C] () -- C:\Users\BRUCE\Desktop\Cloned Files Scanner.lnk
[2013/06/27 23:14:53 | 000,077,536 | ---- | C] () -- C:\Users\BRUCE\Desktop\System Information Report.html
[2013/06/27 22:21:02 | 000,000,949 | ---- | C] () -- C:\Users\BRUCE\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Defrag 2.lnk
[2013/06/27 22:18:42 | 000,000,976 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare 6.lnk
[2013/06/27 22:18:41 | 000,001,000 | ---- | C] () -- C:\Users\BRUCE\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare 6.lnk
[2013/06/27 22:07:33 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\SlimDrivers.lnk
[2013/03/25 00:42:12 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2012/07/19 00:36:26 | 004,503,728 | ---- | C] () -- C:\ProgramData\pmt_0piot.pad
[2012/01/30 14:48:42 | 000,005,892 | ---- | C] () -- C:\Users\BRUCE\AppData\Local\d3d9caps.dat
[2011/02/14 01:36:16 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/10/26 01:46:53 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Ambience
[2010/10/26 01:46:52 | 000,000,268 | -H-- | C] () -- C:\Users\BRUCE\AppData\Roaming\AccountTypes
[2010/10/26 00:02:09 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2010/03/14 13:43:55 | 000,000,088 | ---- | C] () -- C:\Users\BRUCE\AppData\Roaming\usb.inf
[2007/07/25 16:06:10 | 000,031,802 | ---- | C] () -- C:\Users\BRUCE\AppData\Roaming\UserTile.png
[2007/06/28 10:19:37 | 000,030,208 | ---- | C] () -- C:\Users\BRUCE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/05 09:54:26 | 000,000,314 | ---- | C] () -- C:\Users\BRUCE\AppData\Roaming\wklnhst.dat
[2007/05/30 23:26:59 | 000,000,318 | ---- | C] () -- C:\Users\BRUCE\Public.lnk

========== ZeroAccess Check ==========

[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2008/07/09 16:38:18 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/07/17 21:55:08 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\DriverCure
[2013/06/20 00:41:14 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\GARMIN
[2013/07/17 23:57:39 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\GlarySoft
[2013/07/20 04:45:47 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\ICAClient
[2013/07/17 23:57:40 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\IObit
[2008/05/24 17:54:19 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\Laplink
[2009/10/28 00:45:07 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\Leadertech
[2011/11/10 05:30:07 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\muvee Technologies
[2012/10/03 05:19:10 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\Nico Mak Computing
[2011/11/10 09:04:37 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\Nikon
[2013/07/20 16:35:48 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\Oracle
[2007/10/23 02:54:04 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\ParetoLogic
[2013/01/04 12:49:15 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\PC Utility Kit
[2013/04/05 23:17:18 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\PDFlite
[2013/07/17 21:55:06 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\SpeedyPC Software
[2007/06/05 09:54:30 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\Template
[2011/03/10 02:54:54 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\Tific
[2011/01/19 21:58:42 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\Uniblue
[2013/07/12 01:01:00 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\Virus Scan
[2007/06/04 12:27:48 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\WinBatch
[2011/02/22 00:43:57 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\Windows Live Writer
[2013/07/17 23:57:41 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\{A004037C-8B9A-4390-9074-1D3EEE0A3BDF}

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:07BF512B
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

OTL Extras logfile created on: 7/27/2013 1:37:31 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\BRUCE\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.49 Gb Total Physical Memory | 0.35 Gb Available Physical Memory | 23.30% Memory free
3.23 Gb Paging File | 1.30 Gb Available in Paging File | 40.17% Paging File free
Paging file location(s): c:\pagefile.sys 1825 2287 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 290.41 Gb Total Space | 169.64 Gb Free Space | 58.42% Space Free | Partition Type: NTFS
Drive D: | 7.68 Gb Total Space | 0.90 Gb Free Space | 11.72% Space Free | Partition Type: NTFS
Drive L: | 298.02 Gb Total Space | 181.14 Gb Free Space | 60.78% Space Free | Partition Type: FAT32

Computer Name: BRUCE-PC | User Name: BRUCE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = PDFlite.Document] -- C:\Program Files\PDFlite\pdflite.exe (Amnis Technology Ltd.)
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- Reg Error: Value error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1365476798-2678602475-2493244682-1001]
"EnableNotificationsRef" = 3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{004D55D0-A051-41CA-AFA7-E2AA181EB090}" = lport=9442 | protocol=17 | dir=in | name=intel® viiv™ media server discovery |
"{1D455B8E-2327-4B27-A94B-716CF75AF955}" = rport=445 | protocol=6 | dir=out | app=system |
"{3431464B-AC15-4E9B-B70E-4D8EBAC8D9A7}" = lport=445 | protocol=6 | dir=in | app=system |
"{5A2AF195-F42A-4149-8CB8-41BF4B70349E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{7B1C17CC-FB31-4150-9185-DC5E59A30F97}" = rport=137 | protocol=17 | dir=out | app=system |
"{808677CF-BC48-4F89-B45A-7BDEEC5F2E92}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9030472C-6AE0-4117-9900-6E5C92C59E9B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{929FA9DD-7307-4C5B-BD2B-98877C2D0EB2}" = rport=139 | protocol=6 | dir=out | app=system |
"{96DA79D5-A1C2-4464-90ED-0E49549BDCBC}" = lport=138 | protocol=17 | dir=in | app=system |
"{B0F8AECA-4261-46D4-89ED-0D772C73ED56}" = lport=1900 | protocol=17 | dir=in | name=intel® viiv™ media server upnp discovery |
"{CE449A07-807C-4480-A173-A3164F49A913}" = lport=137 | protocol=17 | dir=in | app=system |
"{E36213D9-9D1E-4B36-817F-AEF22BED4185}" = lport=139 | protocol=6 | dir=in | app=system |
"{F438FDB8-58FC-424F-8DAD-E11F1B656A40}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F8D5A5D1-297F-48FE-BE58-CE5B9969B811}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F764DC7-CE68-431F-AEE6-26BE0DA55F7A}" = protocol=1 | dir=in | [email protected],-28543 |
"{19D06752-29B2-48D7-9A7C-C278E34CD526}" = protocol=6 | dir=in | app=c:\program files\common files\motive\pcservicehost.exe |
"{1A692177-84A7-4660-8744-EB73F96D6594}" = protocol=1 | dir=out | [email protected],-28544 |
"{1F7715FC-41B3-4F1E-8C1A-0B07C9E5FCC0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{20540AB0-07BC-4F07-8AFE-D27961CCAC4C}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{231A457D-B7BE-43EE-9394-31C3194F0F00}" = protocol=58 | dir=out | [email protected],-28546 |
"{297EAB7F-4DAE-438B-B363-3A9382200BAB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2A81D1D8-E691-45FC-91AB-1721197BC027}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{336BF8DB-E700-459F-9F17-7D21F215763A}" = protocol=17 | dir=in | app=c:\program files\common files\motive\pcservicehost.exe |
"{52773B10-0B29-4760-8505-8F6B65C307F7}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{5AE177EF-D4B5-4EE7-BF30-A16009102739}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{652FED3A-8ED6-4995-A7C5-D54BF3BE6E3F}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{72CBE6B6-7B22-44EF-84A2-65B7ABF72FBA}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{74910C81-427F-47A6-B726-56583A6B9AEA}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{7C293666-AD9D-44DB-BAAD-A65B88F60553}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{7D1594C6-0FBC-49C3-88AB-65D6DC024D22}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{809D75E9-686A-47DD-9E6F-A14291B68CAD}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{948963F9-E10E-4411-841F-A1792C929CF3}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{96984CA8-08DA-4BDC-A055-757F88DE66F1}" = protocol=58 | dir=in | [email protected],-28545 |
"{A1368B6F-3B71-49D3-83DD-D0C2A10E6B2D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A6BB2138-ABAD-40AD-98CF-615A4034791E}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{B93D4898-60B1-4D37-86C7-241C8FBECA90}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{BB8E2CDC-DCDD-4205-B74B-2F09BAB9FC1E}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{C00E1733-5AED-493E-807F-0E5FDB2AA9BD}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{C334FBD5-BBCE-435A-B101-A14FAC9D52F7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C5CAEFE1-FFA9-41F3-8BA6-C0F1EB6B7E65}" = protocol=6 | dir=in | app=c:\program files\common files\motive\pcservicehost.exe |
"{C63A27AA-C908-4C52-8EE1-12EEC07A37F1}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{C679CD3F-CAFB-405E-B498-DA4CC0BFD2A7}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{DC9B7E55-CBFC-4D88-BB79-E559ED138BA4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DDB05638-F772-4846-9845-D986A5034602}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DFC35F56-A0CD-4092-8468-F26C37325CDA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E03A6CD0-455C-4B7B-ACFE-3DB0C1FA6A4D}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{F0D170A0-7508-4E19-8D77-AC31E99A80D4}" = protocol=17 | dir=in | app=c:\program files\common files\motive\pcservicehost.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{023D64D7-E7B4-47C7-BE6E-B7C2E8960D08}" = Citrix online plug-in (Web)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F7319A9-083D-40B3-8256-00A6F3C2AAA2}" = Citrix online plug-in (SSON)
"{117F771F-EA62-437B-AA3C-65F77B1E4C63}" = AT&T Quick Fix Client
"{133236FE-E2F7-4313-8BF8-A10ACAAA7CB9}" = Citrix online plug-in (USB)
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{1945A4B5-73B6-4DE9-99A3-05261B7FDED0}" = Shared C Run-time for x86
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{26DE7BAD-453E-4C96-979F-1C288ECAA159}" = Intel® Network Connections 16.7.166.0
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{290B83AA-093A-45BF-A917-D1C4A1E8D917}" = HP Active Support Library
"{29622F4A-245C-4126-8764-897E21E888D1}" = Google Earth Pro
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2FC7287D-39DD-4A84-9806-D27D3CCDC51B}" = Citrix online plug-in (Web)
"{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}" = Virtual Earth 3D (Beta)
"{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}" = RealDownloader
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{4CFE23CC-779D-4572-A76F-AB60A958BC79}" = Adobe Flash Player 11 ActiveX
"{548B3DC6-2300-47E1-BA7B-74AD25F8DEBF}" = Form Fill (Windows Live Toolbar)
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{57287FDF-27E6-45BC-9DD2-A33545C46C1A}" = Citrix online plug-in (HDX)
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65135558-F1AE-4B9B-8C0B-180730ACA261}" = Garmin Express
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.0.2
"{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E7BF6EC-C3E7-43A7-8A03-0D204E3EC01B}" = Intel® Viiv™ Software
"{6F2FDD50-E0F3-4117-B575-78E77F8D11EF}" = Citrix online plug-in (DV)
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77CA976C-403C-47E2-940B-733ECAB6F62B}" = muvee autoProducer 5.0
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{8144262B-25B4-44F6-8204-FCC8EF50179F}" = Citrix online plug-in (DV)
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{876AB032-B2A4-41FF-AF87-DBC78454C1B0}" = Garmin Update Service
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{913778D3-E1D8-4B55-9246-3308C54D3162}" = Citrix online plug-in (PNA)
"{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}" = iTunes
"{925F1DB6-E86E-4378-9091-D1F68B0583C9}" = iCloud
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{93765DFA-8A67-41FB-9FC0-B12341CA65F3}" = Elevated Installer
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B5C92C15-F625-41E6-9646-245FA011E3DB}" = SlimComputer
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{C233BCC3-29C4-49C0-B955-0A94509FC4FC}" = Garmin Express Tray
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}" = System Requirements Lab for Intel
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E1D00057-82F0-4EA1-91C2-270682EB9C98}" = SlimDrivers
"{e47a5c85-88a2-47d2-b380-fc2e763c2e6d}" = Garmin Express
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EA74A293-3FAC-4D1B-AE3A-3BD47FADDC20}" = Citrix online plug-in (HDX)
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3885DDF-E711-4F14-B4C9-5CA3F07A13E9}" = PCsync
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Advanced SystemCare 6_is1" = Advanced SystemCare 6
"ATT-ATT Management Agent" = ATT Management Agent
"ATT-HSI" = ATT-HSI
"ATT-SST" = AT&T Troubleshoot & Resolve Tool
"AVG Secure Search" = AVG Security Toolbar
"Belarc Advisor" = Belarc Advisor 8.3
"CitrixOnlinePluginFull" = Citrix online plug-in
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"Defraggler" = Defraggler
"Free Window Registry Repair" = Free Window Registry Repair
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Intel® Configuration Center" = Intel® Viiv™ Software
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSC" = McAfee SecurityCenter
"OsdMaestro" = HP On-Screen Caps/Num/Scroll Lock Indicator
"PDFlite" = PDFlite 0.9.0.0
"PROSetDX" = Intel® Network Connections 16.7.166.0
"RealPlayer 16.0" = RealPlayer
"Recuva" = Recuva
"Smart Defrag 2_is1" = Smart Defrag 2
"Speccy" = Speccy
"SystemRequirementsLab" = System Requirements Lab
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/27/2013 1:05:37 AM | Computer Name = BRUCE-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 7/27/2013 1:05:37 AM | Computer Name = BRUCE-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 7/27/2013 5:08:14 AM | Computer Name = BRUCE-PC | Source = Windows Search Service | ID = 3010
Description =

Error - 7/27/2013 5:09:19 AM | Computer Name = BRUCE-PC | Source = ESENT | ID = 481
Description = Windows (3664) Windows: An attempt to read from the file "L:\BRUCE-PC\Indexed
Files\Search\Data\Applications\Windows\Windows.edb" at offset 1343488 (0x0000000000148000)
for 8192 (0x00002000) bytes failed after 0 seconds with system error 1006 (0x000003ee):
"The volume for a file has been externally altered so that the opened file is no
longer valid. ". The read operation will fail with error -1022 (0xfffffc02).
If this error persists then the file may be damaged and may need to be restored
from a previous backup.

Error - 7/27/2013 5:09:19 AM | Computer Name = BRUCE-PC | Source = ESENT | ID = 482
Description = Windows (3664) Windows: An attempt to write to the file "L:\BRUCE-PC\Indexed
Files\Search\Data\Applications\Windows\MSS.log" at offset 50688 (0x000000000000c600)
for 512 (0x00000200) bytes failed after 0 seconds with system error 1006 (0x000003ee):
"The volume for a file has been externally altered so that the opened file is no
longer valid. ". The write operation will fail with error -1022 (0xfffffc02).
If this error persists then the file may be damaged and may need to be restored
from a previous backup.

Error - 7/27/2013 5:09:19 AM | Computer Name = BRUCE-PC | Source = ESENT | ID = 414
Description = Windows (3664) Windows: Unable to write to section 0 while flushing
logfile L:\BRUCE-PC\Indexed Files\Search\Data\Applications\Windows\MSS.log. Error
-1022 (0xfffffc02).

Error - 7/27/2013 5:09:19 AM | Computer Name = BRUCE-PC | Source = ESENT | ID = 492
Description = Windows (3664) Windows: The logfile sequence in "L:\BRUCE-PC\Indexed
Files\Search\Data\Applications\Windows\" has been halted due to a fatal error.
No further updates are possible for the databases that use this logfile sequence.
Please correct the problem and restart or restore from backup.

Error - 7/27/2013 5:09:20 AM | Computer Name = BRUCE-PC | Source = Application Error | ID = 1000
Description = Faulting application SearchIndexer.exe, version 7.0.6002.18005, time
stamp 0x49e02459, faulting module TQUERY.DLL, version 7.0.6002.18005, time stamp
0x49e0382e, exception code 0xc0000006, fault offset 0x0001828c, process id 0xe50,
application start time 0x01ce8a870411ea00.

Error - 7/27/2013 5:09:20 AM | Computer Name = BRUCE-PC | Source = Application Error | ID = 1005
Description = Windows cannot access the file for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored
on, or the storage drivers installed on this computer; or the disk is missing.
Windows closed the program Microsoft Windows Search Indexer because of this error.

Program:
Microsoft Windows Search Indexer File: The error value is listed in the Additional
Data section. User Action 1. Open the file again. This situation might be a temporary
problem that corrects itself when the program runs again. 2. If the file still cannot
be accessed and - It is on the network, your network administrator should verify
that there is not a problem with the network and that the server can be contacted.
-
It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the
disk is fully inserted into the computer. 3. Check and repair the file system by
running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click
OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem
persists, restore the file from a backup copy. 5. Determine whether other files
on the same disk can be opened. If not, the disk might be damaged. If it is a hard
disk, contact your administrator or computer hardware vendor for further assistance.

Additional
Data Error value: C0000098 Disk type: 0

Error - 7/27/2013 5:24:26 AM | Computer Name = BRUCE-PC | Source = Perflib | ID = 1010
Description =

[ IntelDH Events ]
Error - 7/4/2011 7:58:43 PM | Computer Name = BRUCE-PC | Source = CCU_Engine | ID = 15
Description = A CCU internal function detected an error: CCUEngine failed to create
the DataManager

Error - 7/4/2011 7:58:43 PM | Computer Name = BRUCE-PC | Source = UIMgr | ID = 17
Description = A CCU interface function returned an error: CCUUIManager could not
create an instance of the CCU Engine

Error - 11/10/2011 6:29:40 AM | Computer Name = BRUCE-PC | Source = CCU_Engine | ID = 15
Description = A CCU internal function detected an error: CCUEngine failed to create
the DataManager

Error - 11/10/2011 6:29:40 AM | Computer Name = BRUCE-PC | Source = UIMgr | ID = 17
Description = A CCU interface function returned an error: CCUUIManager could not
create an instance of the CCU Engine

Error - 5/9/2012 10:16:47 PM | Computer Name = BRUCE-PC | Source = CCU_Engine | ID = 15
Description = A CCU internal function detected an error: CCUEngine failed to create
the DataManager

Error - 5/9/2012 10:16:47 PM | Computer Name = BRUCE-PC | Source = UIMgr | ID = 17
Description = A CCU interface function returned an error: CCUUIManager could not
create an instance of the CCU Engine

Error - 5/10/2012 5:51:08 AM | Computer Name = BRUCE-PC | Source = CCU_Engine | ID = 15
Description = A CCU internal function detected an error: CCUEngine failed to create
the DataManager

[ Media Center Events ]
Error - 5/20/2012 10:30:01 PM | Computer Name = BRUCE-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/21/2012 12:08:47 AM | Computer Name = BRUCE-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/21/2012 1:54:30 AM | Computer Name = BRUCE-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/21/2012 8:40:05 AM | Computer Name = BRUCE-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/23/2012 5:32:07 AM | Computer Name = BRUCE-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/23/2012 7:18:04 AM | Computer Name = BRUCE-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 6/22/2013 10:32:43 AM | Computer Name = BRUCE-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 370
seconds with 120 seconds of active time. This session ended with a crash.

Error - 6/26/2013 2:28:35 AM | Computer Name = BRUCE-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 145
seconds with 120 seconds of active time. This session ended with a crash.

Error - 6/27/2013 12:10:23 AM | Computer Name = BRUCE-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 171
seconds with 120 seconds of active time. This session ended with a crash.

Error - 7/11/2013 3:58:01 AM | Computer Name = BRUCE-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 424
seconds with 360 seconds of active time. This session ended with a crash.

Error - 7/11/2013 6:55:51 AM | Computer Name = BRUCE-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 75
seconds with 60 seconds of active time. This session ended with a crash.

Error - 7/17/2013 8:41:31 PM | Computer Name = BRUCE-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 289
seconds with 240 seconds of active time. This session ended with a crash.

Error - 7/17/2013 9:07:12 PM | Computer Name = BRUCE-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1527
seconds with 1500 seconds of active time. This session ended with a crash.

Error - 7/22/2013 8:32:17 PM | Computer Name = BRUCE-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 210
seconds with 60 seconds of active time. This session ended with a crash.

Error - 7/22/2013 10:57:16 PM | Computer Name = BRUCE-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 7578
seconds with 7140 seconds of active time. This session ended with a crash.

Error - 7/25/2013 12:16:40 AM | Computer Name = BRUCE-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 66
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/27/2013 1:06:48 AM | Computer Name = BRUCE-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/27/2013 1:06:48 AM | Computer Name = BRUCE-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 7/27/2013 1:06:48 AM | Computer Name = BRUCE-PC | Source = Service Control Manager | ID = 7024
Description =

Error - 7/27/2013 1:06:48 AM | Computer Name = BRUCE-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 7/27/2013 5:09:45 AM | Computer Name = BRUCE-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 7/27/2013 5:13:59 AM | Computer Name = BRUCE-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 7/27/2013 5:13:59 AM | Computer Name = BRUCE-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/27/2013 5:13:59 AM | Computer Name = BRUCE-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/27/2013 5:13:59 AM | Computer Name = BRUCE-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 7/27/2013 5:18:32 AM | Computer Name = BRUCE-PC | Source = DCOM | ID = 10010
Description =


< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
I suspect there is a problem with the hard drive but let's see:


1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.


The disk check will run and will probably take an hour or more to finish.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Uninstall Advanced System Care


Download the adwCleaner

  • Run the Tool
    Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select the Delete option
  • When the scan completes, it will open a notepad windows.
  • Please, copy the content of this file in your next reply.




Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a minute then:

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.


Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post. Uninstall Speccy.


Ron
  • 0

#3
USAFA74F15

USAFA74F15

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Ron,

Thank you for the adviceAttached File  BRUCE-PC (No Serial#).txt   534.9KB   116 downloads. Did everything as outlined, with one error...failed to save the Notepad text on the Event Viewer Log for System and Application . So, I reran them after the last step (Speccy). Plz advise if that screwed it up and I need to start over (or hopefully) we are good to go. Logs follow:


Event Viewer Output Log

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 28/07/2013 3:18:54 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 28/07/2013 6:57:29 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 28/07/2013 6:52:52 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: PxHelp20

Log: 'System' Date/Time: 28/07/2013 6:52:52 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 28/07/2013 6:52:52 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Microsoft Antimalware Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 28/07/2013 6:52:52 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Microsoft Antimalware Service service to connect.

Log: 'System' Date/Time: 28/07/2013 6:29:26 PM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Advanced SystemCare Service 6 service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 28/07/2013 5:57:38 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 28/07/2013 12:54:15 AM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: PxHelp20

Log: 'System' Date/Time: 28/07/2013 12:54:15 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 28/07/2013 12:54:15 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Microsoft Antimalware Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 28/07/2013 12:54:15 AM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Microsoft Antimalware Service service to connect.

Log: 'System' Date/Time: 27/07/2013 10:58:46 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {6295DF2D-35EE-11D1-8707-00C04FD93327} did not register with DCOM within the required timeout.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 28/07/2013 5:50:31 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001A92B6890F. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 28/07/2013 3:48:43 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001A92B6890F. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 28/07/2013 12:46:37 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001A92B6890F. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 28/07/2013 11:02:41 AM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001A92B6890F. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 28/07/2013 10:02:00 AM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001A92B6890F. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 28/07/2013 9:01:15 AM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001A92B6890F. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 28/07/2013 6:32:06 AM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001A92B6890F. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 28/07/2013 5:02:54 AM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001A92B6890F. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 28/07/2013 4:02:15 AM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001A92B6890F. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.


EVENT VIEWER APPLICATION
Vino's Event Viewer v01c run on Windows Vista in English
Report run at 28/07/2013 3:21:31 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 28/07/2013 7:22:11 PM
Type: Error Category: 0
Event: 1010 Source: Microsoft-Windows-Perflib
The Collect Procedure for the "EmdCache" service in DLL "C:\Windows\system32\emdmgmt.dll" generated an exception or returned an invalid status. The performance data returned by the counter DLL will not be returned in the Perf Data Block. The first four bytes (DWORD) of the Data section contains the exception code or status code.

Log: 'Application' Date/Time: 28/07/2013 6:56:05 PM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\WINDOWS\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe". Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 28/07/2013 6:56:05 PM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\WINDOWS\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe". Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 27/07/2013 10:53:17 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application iexplore.exe, version 9.0.8112.16496, time stamp 0x51a55c6d, faulting module HcThe.dll, version 8.0.0.2102, time stamp 0x4f91d52f, exception code 0xc0000005, fault offset 0x000027aa, process id 0x1160, application start time 0x01ce8b199c4627c0.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 27/07/2013 10:58:39 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-1365476798-2678602475-2493244682-1001_Classes:
Process 1896 (\Device\HarddiskVolume1\WINDOWS\System32\spoolsv.exe) has opened key \REGISTRY\USER\S-1-5-21-1365476798-2678602475-2493244682-1001_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache


Log: 'Application' Date/Time: 27/07/2013 10:58:34 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 0 user registry handles leaked from \Registry\User\S-1-5-21-1365476798-2678602475-2493244682-1001:















AdwCleaner

# AdwCleaner v2.306 - Logfile created 07/28/2013 at 13:46:32
# Updated 19/07/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : BRUCE - BRUCE-PC
# Boot Mode : Normal
# Running from : C:\Users\BRUCE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1KBOPU1R\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Users\BRUCE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16496

[OK] Registry is clean.

-\\ Google Chrome v28.0.1500.72

File : C:\Users\BRUCE\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\EVERYDAY USE\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.1] : icon_url ={"backup":{"session":{"urls_to_restore_on_startup":["hxxp://www.google.com/"]}},"browser":{"check_de[...]

*************************

AdwCleaner[S1].txt - [9474 octets] - [27/07/2013 15:45:20]
AdwCleaner[S2].txt - [1212 octets] - [28/07/2013 13:46:32]

########## EOF - C:\AdwCleaner[S2].txt - [1272 octets] ##########






Process Explorer: System Idle Process


Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
svchost.exe < 0.01 252,936 K 81,284 K 1312 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
mcshield.exe < 0.01 214,640 K 47,788 K 2680 McAfee On-Access Scanner service McAfee, Inc. (Verified) McAfee
mbamservice.exe 135,196 K 34,500 K 2124 Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
svchost.exe < 0.01 67,636 K 57,796 K 1296 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
ExpressTray.exe < 0.01 55,676 K 1,772 K 5556 Express Tray Garmin Ltd or its subsidiaries (Verified) Garmin International
McSvHost.exe < 0.01 48,200 K 9,172 K 2136 McAfee Service Host McAfee, Inc. (Verified) McAfee
iexplore.exe < 0.01 47,792 K 79,668 K 4160 Internet Explorer Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe < 0.01 40,268 K 3,504 K 2560 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 36,836 K 3,888 K 1956 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
explorer.exe < 0.01 33,464 K 7,768 K 3576 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
Garmin.Cartography.MapUpdate.CoreService.exe < 0.01 27,548 K 2,088 K 1556 Garmin Core Update Service Garmin Ltd or its subsidiaries (Verified) Garmin International
TrustedInstaller.exe 15.15 26,116 K 21,520 K 1468 Windows Modules Installer Microsoft Corporation (Verified) Microsoft Windows
procexp.exe 3.79 26,120 K 34,888 K 5968 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
node.exe < 0.01 25,164 K 7,488 K 1236 Evented I/O for V8 JavaScript Joyent, Inc (No signature was present in the subject) Joyent, Inc
mcagent.exe < 0.01 24,648 K 768 K 4976 McAfee Security Center McAfee, Inc. (Verified) McAfee
iexplore.exe < 0.01 18,824 K 27,464 K 5036 Internet Explorer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 18,264 K 6,096 K 1736 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
SmartDefrag.exe < 0.01 18,144 K 2,156 K 3520 Smart Defrag v2 IObit (Verified) IObit Information Technology
audiodg.exe 16,620 K 13,808 K 1380 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
csrss.exe < 0.01 16,072 K 7,792 K 752 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 14,736 K 4,860 K 1260 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
HPHC_Service.exe 12,580 K 304 K 4088 HP Health Check Service Hewlett-Packard (Verified) Hewlett-Packard
RtHDVBg.exe 10,724 K 976 K 1680 HD Audio Background Process Realtek Semiconductor (Verified) Microsoft Windows Hardware Compatibility Publisher
taskeng.exe < 0.01 9,288 K 2,716 K 3988 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 8,836 K 4,220 K 1000 Host Process for Windows Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 8,228 K 3,408 K 1484 Host Process for Windows Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
pcServiceHost.exe < 0.01 8,132 K 7,936 K 2228 mcci+McciServiceHost Alcatel-Lucent (No signature was present in the subject) Alcatel-Lucent
spoolsv.exe < 0.01 7,364 K 2,312 K 1928 Spooler SubSystem App Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
WLIDSVC.EXE 6,440 K 280 K 2500 Microsoft® Windows Live ID Service Microsoft Corp. (Verified) Microsoft Corporation
SLsvc.exe 5,892 K 668 K 1424 Microsoft Software Licensing Service Microsoft Corporation (Verified) Microsoft Windows
wmpnetwk.exe < 0.01 5,456 K 680 K 4204 Windows Media Player Network Sharing Service Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 5,104 K 272 K 2340 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
lsass.exe 5,096 K 4,376 K 800 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
pcTrayApp.exe < 0.01 4,736 K 3,968 K 5380 mcci+McciTrayApp Alcatel-Lucent (No signature was present in the subject) Alcatel-Lucent
svchost.exe 4,700 K 7,520 K 3352 Host Process for Windows Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
mfevtps.exe 4,604 K 2,100 K 2160 McAfee Process Validation Service McAfee, Inc. (Verified) McAfee
svchost.exe 4,536 K 3,156 K 1060 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
FlashUtil32_11_8_800_94_ActiveX.exe < 0.01 3,872 K 7,100 K 4660 Adobe® Flash® Player Installer/Uninstaller 11.8 r800 Adobe Systems Incorporated (Verified) Adobe Systems Incorporated
wfcrun32.exe < 0.01 3,768 K 1,084 K 4584 Citrix Citrix Systems, Inc. (Verified) Citrix Systems
AppleMobileDeviceService.exe < 0.01 3,704 K 1,740 K 756 MobileDeviceService Apple Inc. (Verified) Apple Inc.
rundll32.exe 3,520 K 224 K 2348 Windows host process (Rundll32) Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
services.exe 3,412 K 3,368 K 784 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
mfefire.exe 3,352 K 548 K 2700 McAfee Core Firewall Service McAfee, Inc. (Verified) McAfee
svchost.exe 3,140 K 1,792 K 1404 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
IAANTmon.exe 2,976 K 1,060 K 580 RAID Monitor Intel Corporation (Verified) Intel Corporation
svchost.exe 2,972 K 236 K 2280 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 2,948 K 5,344 K 2472 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
mbamgui.exe < 0.01 2,924 K 408 K 2988 Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
winlogon.exe 2,820 K 1,280 K 844 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
pcCMService.exe 2,588 K 492 K 2196 mcci+McciCMService Alcatel-Lucent (No signature was present in the subject) Alcatel-Lucent
RtkAudioService.exe 2,568 K 420 K 1644 Realtek Audio Service Realtek Semiconductor (Verified) Microsoft Windows Hardware Compatibility Publisher
csrss.exe < 0.01 2,540 K 2,176 K 696 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,528 K 240 K 3616 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
GoogleCrashHandler.exe 2,420 K 104 K 3040 Google Crash Handler Google Inc. (Verified) Google Inc
lsm.exe 2,332 K 1,868 K 820 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
ToolbarUpdater.exe 2,296 K 156 K 2400 ToolbarU Application AVG Secure Search (Verified) AVG Technologies
mbamscheduler.exe 2,260 K 380 K 2112 Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
armsvc.exe 2,100 K 336 K 656 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
taskeng.exe 1,964 K 496 K 4068 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
realsched.exe < 0.01 1,912 K 516 K 5352 RealNetworks Scheduler RealNetworks, Inc. (Verified) RealNetworks
concentr.exe < 0.01 1,716 K 796 K 5316 Citrix online plug-in Connection Center Citrix Systems, Inc. (Verified) Citrix Systems
wmpnscfg.exe 1,700 K 268 K 5788 Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation (Verified) Microsoft Windows
WPFFontCache_v0400.exe 1,648 K 4,376 K 4912 wpffontcache_v0400.exe Microsoft Corporation (Verified) Microsoft Corporation
dwm.exe < 0.01 1,540 K 448 K 972 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
taskeng.exe 1,488 K 868 K 3708 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,432 K 164 K 2456 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
mDNSResponder.exe 1,356 K 668 K 1008 Bonjour Service Apple Inc. (Verified) Apple Inc.
ssonsvr.exe 1,328 K 172 K 3512 Citrix Pass-through Authentication Citrix Systems, Inc. (Verified) Citrix Systems
MAHostService.exe < 0.01 1,296 K 428 K 896 MAHostService Alcatel-Lucent (No signature was present in the subject) Alcatel-Lucent
wininit.exe 1,244 K 320 K 740 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
taskeng.exe 1,244 K 168 K 5244 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
LSSrvc.exe 1,096 K 284 K 2084 LightScribe Service Hewlett-Packard Company (No signature was present in the subject) Hewlett-Packard Company
hpwuschd2.exe 988 K 148 K 5256 hpwuSchd Application Hewlett-Packard (Verified) Hewlett-Packard Company
rndlresolversvc.exe 968 K 144 K 2300 (Verified) RealNetworks
DQLWinService.exe 944 K 264 K 1368 DQLWinSe Application (No signature was present in the subject)
IPROSetMonitor.exe 924 K 284 K 1436 Intel® PROSet Monitoring Service Intel Corporation (Verified) Intel Corporation
WLIDSVCM.EXE 896 K 136 K 2644 Microsoft® Windows Live ID Service Monitor Microsoft Corp. (Verified) Microsoft Corporation
XAudio.exe 780 K 120 K 2624 Modem Audio Service Conexant Systems, Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
smss.exe 296 K 172 K 564 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
System Idle Process 81.06 0 K 24 K 0
System < 0.01 0 K 1,312 K 4
Interrupts < 0.01 0 K 0 K n/a Hardware Interrupts and DPCs




Speccy Report Attached
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
From Speccy:

Antivirus
McAfee Anti-Virus and Anti-Spyware
Antivirus Enabled
Virus Signature Database Up to date
Microsoft Security Essentials
Antivirus Disabled
Virus Signature Database Up to date


Running two anti-viruses is a bad idea. They fight each other and slow things down. Uninstall one. If McAfee subscription is about to expire then I would uninstall it. (Pretty much a waste of money in my opinion. The free Avast is much better.) If you do uninstall McAfee you need to run the McAfee Removal Tool since the stupid program can't uninstall itself. Download the McAfee Removal tool
http://download.mcaf...atches/MCPR.exe

Can I talk you into uninstalling both and replacing them with the free Avast?

http://www.avast.com...ivirus-download
Download, Save, and right click and Run As Administrator.

Also Speccy is reporting your PC is running at 52 degrees C. It's not critical yet (too hot and the CPU will slow down to protect itself) but a desktop should be closer to 35 so I expect it's time to shut it down but leave it plugged up. Open it up and vacuum out the dust. Pay special attention to the CPU heatsink and to the vents on the front and back of the computer. With the back still off watch the cpu fan as you turn the power on. It should start up right away and be at speed in hardly any time. If it is slow starting up then it will need replacing.

8/1/2013 3:00 AM; RegSERVO



You have RegSERVO installed. Uninstall it and make sure that the task it created is also gone. Registry cleaners cause more trouble than they fix.


Looking at the hard drive in Speccy:

07 Seek Error Rate 087 (060) Data 0026C257CF
...
C3 Hardware ECC Recovered 065 (060) Data 000355B893


These show some problems with the hard drive. I see it's a Seagate which is good. They have a very good hard drive test program SeaTools for Windows which you should download, Save and Run by right clicking and Run As Admin. (You want to run the Extended test which may take all night to run.)
http://www.seagate.c...ols-win-master/
IF it tells you the drive is sick then you should look into getting a new one ASAP while you can still clone from the old drive.

Looking at your error logs:

Log: 'System' Date/Time: 28/07/2013 6:57:29 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register with DCOM within the required timeout.


This is part of McAfee. Don't know why it won't start. Usual fix if you are keeping McAfee is to uninstall, run the removal tool then reinstall a fresh download.


Log: 'System' Date/Time: 28/07/2013 6:52:52 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: PxHelp20


PxHelp20.sys is a driver that implements the Sonic Solutions CD burning engine, which is used by Roxio CD burning software (Roxio is owned by Sonic). So it would appear that Roxio needs to be uninstalled and reinstalled.

Log: 'System' Date/Time: 28/07/2013 6:52:52 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


This is a stupid Windows error. There hasn't been a Parallel Port on a PC in years so you would think Windows would stop trying to start it. Right click on (My) Computer and select Manage then Continue then Device Driver. View, Show Hidden Drivers. Now in the right pane look for the Parallel Port entry. It should have a yellow flag by it. Right click on it and select Disable. OK. That will keep it from trying to start.


Log: 'System' Date/Time: 28/07/2013 6:52:52 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Microsoft Antimalware Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.


Think this is part of MSE so if you uninstall MSE it should go away.

Log: 'Application' Date/Time: 28/07/2013 6:56:05 PM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\WINDOWS\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe". Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 28/07/2013 6:56:05 PM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\WINDOWS\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe". Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.


This is caused by RealPlayer. I would uninstall it and download a new version if you use it.

Log: 'Application' Date/Time: 27/07/2013 10:53:17 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application iexplore.exe, version 9.0.8112.16496, time stamp 0x51a55c6d, faulting module HcThe.dll, version 8.0.0.2102, time stamp 0x4f91d52f, exception code 0xc0000005, fault offset 0x000027aa, process id 0x1160, application start time 0x01ce8b199c4627c0.


Another broken piece of McAfee. HcThe.dll is part of McAfee Host Intrusion Prevention.

Once you have taken care of the above, clear the alarms again and reboot then run vew again as before.


Your RAM is marginal for Vista. I like to see at least 2 G and you have only 1.5. Amazon has 2 x 1 GB DDR2 for about $25
http://www.amazon.co...DR2 667 desktop

but Your PC will only take 2 GB max so I don't know if it's worth it. Hunt around and see if you can find a good deal on 2 x 512 MB so you can replace the two 256 MB and max out the RAM. Perhaps on E-Bay or at your local PC store. They may have some they have pulled.


Could you run Process Explorer again? This time be sure to click on the CPU column header (usually it takes two clicks) so that it sorts things with the biggest CPU users at the top (usually System Idle will be the top user.)

Let's also run

Download, Save and Run (win 7 or Vista => Right click and Run as Admin.) farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.
  • 0

#5
USAFA74F15

USAFA74F15

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi Ron,

Finally got around to working on this issue again; work has been a killer lately. Like everyone else, if I hear "U must do more with less" one more time at work I'm going to puke. Working for the government can be personally rewarding but it was the government that got us into this "situation" to begin with. Oh well, just another day in paradise...right?? LOL... At any rate......

OK, did a couple of things you suggested.
1) Eliminated McAfee and downloaded Avast. For some reason, I cannot locate Microsoft Security Essentials anywhere on my PC when I do a search. Will upgrade to AvastPro later in the week.
2) Cleaned inside my CPU; U were right...pretty dirty....temperature drop showed up on Speccy....haven't upgraded memory yet----payday this Friday will resolve that issue.
Still need to work thru the other minor issues you indicated, but the disk check did reveal some problems which were "apparently reolved" when all was said and done.

Attaching Speccy report, and pasting other notes as requested. Now.."Oh Wise One" I bow again to your generous wisdom/guidance. Many thanks to you again, my friend, for your time and patience. Now maybe I can catch som esleep before my shift begins in about 4 hours.

Regards, Bruce ("Birdman")Attached File  Speccy Report 080413 wo SN.txt   541.1KB   113 downloads

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 04/08/2013 10:05:39 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 05/08/2013 2:48:17 AM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: PxHelp20

Log: 'System' Date/Time: 05/08/2013 2:48:17 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 05/08/2013 2:48:17 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Microsoft Antimalware Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 05/08/2013 2:48:17 AM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Microsoft Antimalware Service service to connect.

Log: 'System' Date/Time: 05/08/2013 2:14:11 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 05/08/2013 2:14:11 AM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.

Log: 'System' Date/Time: 05/08/2013 2:02:16 AM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: PxHelp20

Log: 'System' Date/Time: 05/08/2013 2:02:16 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 05/08/2013 2:02:16 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Microsoft Antimalware Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 05/08/2013 2:02:16 AM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Microsoft Antimalware Service service to connect.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Vino's Event Viewer v01c run on Windows Vista in English
Report run at 04/08/2013 10:07:35 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 05/08/2013 2:59:55 AM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program iexplore.exe version 9.0.8112.16496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 16c0 Start Time: 01ce9187bb371adf Termination Time: 47

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 05/08/2013 12:05:48 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-1365476798-2678602475-2493244682-1001_Classes:
Process 1948 (\Device\HarddiskVolume1\WINDOWS\System32\spoolsv.exe) has opened key \REGISTRY\USER\S-1-5-21-1365476798-2678602475-2493244682-1001_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache


Log: 'Application' Date/Time: 05/08/2013 12:05:45 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-1365476798-2678602475-2493244682-1001:
Process 2956 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1365476798-2678602475-2493244682-1001
Process 2956 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1365476798-2678602475-2493244682-1001
Process 2956 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1365476798-2678602475-2493244682-1001
Process 2956 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1365476798-2678602475-2493244682-1001
Process 2956 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1365476798-2678602475-2493244682-1001\Software\Microsoft\SystemCertificates\My
Process 2956 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1365476798-2678602475-2493244682-1001\Software\Microsoft\SystemCertificates\CA
Process 2956 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1365476798-2678602475-2493244682-1001\Software\Microsoft\SystemCertificates\Root
Process 2956 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1365476798-2678602475-2493244682-1001\Software\Policies\Microsoft\SystemCertificates
Process 2956 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1365476798-2678602475-2493244682-1001\Software\Policies\Microsoft\SystemCertificates
Process 2956 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1365476798-2678602475-2493244682-1001\Software\Policies\Microsoft\SystemCertificates
Process 2956 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1365476798-2678602475-2493244682-1001\Software\Policies\Microsoft\SystemCertificates
Process 2956 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1365476798-2678602475-2493244682-1001\Software\Microsoft\SystemCertificates\Disallowed
Process 2956 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1365476798-2678602475-2493244682-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2956 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1365476798-2678602475-2493244682-1001\Software\Microsoft\SystemCertificates\trust
Process 2956 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1365476798-2678602475-2493244682-1001\Software\Microsoft\SystemCertificates\TrustedPeople


# AdwCleaner v2.306 - Logfile created 08/04/2013 at 22:12:21
# Updated 19/07/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : BRUCE - BRUCE-PC
# Boot Mode : Normal
# Running from : C:\Users\BRUCE\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\ProgramData\APN

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\S

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16496

[OK] Registry is clean.

-\\ Google Chrome v28.0.1500.95

File : C:\Users\BRUCE\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\EVERYDAY USE\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.1] : icon_url ={"backup":{"session":{"urls_to_restore_on_startup":["hxxp://www.google.com/"]}},"browser":{"check_de[...]

*************************

AdwCleaner[S1].txt - [9474 octets] - [27/07/2013 15:45:20]
AdwCleaner[S2].txt - [1341 octets] - [28/07/2013 13:46:32]
AdwCleaner[S3].txt - [1157 octets] - [04/08/2013 22:12:21]

########## EOF - C:\AdwCleaner[S3].txt - [1217 octets] ##########


Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 96.15 0 K 24 K 0
procexp.exe 2.31 25,596 K 35,996 K 3516 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
svchost.exe 0.77 485,352 K 482,852 K 1288 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
pcServiceHost.exe 0.77 8,324 K 9,056 K 2728 mcci+McciServiceHost Alcatel-Lucent (No signature was present in the subject) Alcatel-Lucent
System < 0.01 0 K 1,036 K 4
psia.exe < 0.01 14,520 K 18,456 K 2840 Secunia PSI Agent Secunia (Verified) Secunia
pcTrayApp.exe < 0.01 5,056 K 5,460 K 2756 mcci+McciTrayApp Alcatel-Lucent (No signature was present in the subject) Alcatel-Lucent
explorer.exe < 0.01 30,308 K 33,336 K 3700 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
taskmgr.exe < 0.01 2,652 K 6,164 K 5124 Windows Task Manager Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
lsass.exe < 0.01 3,560 K 3,272 K 804 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
node.exe < 0.01 23,476 K 16,288 K 2420 Evented I/O for V8 JavaScript Joyent, Inc (No signature was present in the subject) Joyent, Inc
ExpressTray.exe < 0.01 55,864 K 39,436 K 2216 Express Tray Garmin Ltd or its subsidiaries (Verified) Garmin International
spoolsv.exe < 0.01 6,456 K 6,100 K 1976 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
csrss.exe < 0.01 14,652 K 9,696 K 716 Client Server Runtime Process Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
SmartDefrag.exe < 0.01 18,668 K 5,652 K 2820 Smart Defrag v2 IObit (Verified) IObit Information Technology
AvastSvc.exe < 0.01 33,972 K 2,088 K 1828 avast! Service AVAST Software (Verified) AVAST Software
MAHostService.exe < 0.01 1,608 K 2,628 K 2252 MAHostService Alcatel-Lucent (No signature was present in the subject) Alcatel-Lucent
services.exe < 0.01 3,224 K 4,728 K 748 Services and Controller app Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe < 0.01 6,512 K 6,376 K 1492 Host Process for Windows Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
wmpnetwk.exe < 0.01 4,480 K 7,024 K 2688 Windows Media Player Network Sharing Service Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
csrss.exe < 0.01 1,792 K 3,024 K 636 Client Server Runtime Process Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
AvastUI.exe < 0.01 12,692 K 4,168 K 3660 avast! Antivirus AVAST Software (Verified) AVAST Software
SearchIndexer.exe < 0.01 40,488 K 11,312 K 3268 Microsoft Windows Search Indexer Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe < 0.01 16,568 K 10,076 K 1704 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
iexplore.exe < 0.01 9,072 K 19,072 K 5588 Internet Explorer Microsoft Corporation (Verified) Microsoft Corporation
HPHC_Service.exe < 0.01 12,836 K 9,800 K 1364 HP Health Check Service Hewlett-Packard (Verified) Hewlett-Packard
Garmin.Cartography.MapUpdate.CoreService.exe < 0.01 28,660 K 22,968 K 2460 Garmin Core Update Service Garmin Ltd or its subsidiaries (Verified) Garmin International
lsm.exe < 0.01 2,320 K 3,080 K 812 Local Session Manager Service Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
AppleMobileDeviceService.exe < 0.01 4,156 K 5,756 K 2188 MobileDeviceService Apple Inc. (Verified) Apple Inc.
psi_tray.exe < 0.01 1,464 K 1,572 K 3016 Secunia PSI Tray Secunia (Verified) Secunia
dwm.exe < 0.01 1,764 K 3,160 K 3608 Desktop Window Manager Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
iexplore.exe < 0.01 47,704 K 81,212 K 3104 Internet Explorer Microsoft Corporation (Verified) Microsoft Corporation
PMBVolumeWatcher.exe < 0.01 7,352 K 8,100 K 2944 Media Check Tool Sony Corporation (Verified) Sony Corporation
FlashUtil32_11_8_800_94_ActiveX.exe < 0.01 4,044 K 5,612 K 5408 Adobe® Flash® Player Installer/Uninstaller 11.8 r800 Adobe Systems Incorporated (Verified) Adobe Systems Incorporated
svchost.exe < 0.01 13,876 K 8,524 K 1228 Host Process for Windows Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe < 0.01 64,728 K 63,068 K 1276 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 3,976 K 4,644 K 1048 Host Process for Windows Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
wfcrun32.exe < 0.01 3,836 K 7,164 K 320 Citrix Citrix Systems, Inc. (Verified) Citrix Systems
Interrupts < 0.01 0 K 0 K n/a Hardware Interrupts and DPCs
XAudio.exe 1,044 K 1,060 K 3360 Modem Audio Service Conexant Systems, Inc. (No signature was present in the subject) Conexant Systems, Inc.
WPFFontCache_v0400.exe 2,056 K 7,872 K 5228 wpffontcache_v0400.exe Microsoft Corporation (Verified) Microsoft Corporation
wmpnscfg.exe 1,964 K 3,748 K 936 Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 5,660 K 8,872 K 4988 WMI Provider Host Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
WmiPrvSE.exe 3,272 K 5,116 K 1536 WMI Provider Host Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
WLIDSVCM.EXE 1,156 K 1,408 K 3308 Microsoft® Windows Live ID Service Monitor Microsoft Corp. (Verified) Microsoft Corporation
WLIDSVC.EXE 6,756 K 6,248 K 3228 Microsoft® Windows Live ID Service Microsoft Corp. (Verified) Microsoft Corporation
winlogon.exe 2,108 K 2,920 K 776 Windows Logon Application Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
wininit.exe 1,244 K 1,652 K 704 Windows Start-Up Application Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
TrustedInstaller.exe 9,740 K 12,976 K 5776 Windows Modules Installer Microsoft Corporation (Verified) Microsoft Windows
ToolbarUpdater.exe 2,572 K 1,808 K 2972 ToolbarU Application AVG Secure Search (Verified) AVG Technologies
taskeng.exe 9,508 K 7,128 K 4020 Task Scheduler Engine Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
taskeng.exe 1,764 K 3,056 K 1548 Task Scheduler Engine Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
taskeng.exe 2,220 K 3,456 K 3728 Task Scheduler Engine Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 35,352 K 25,276 K 1116 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 3,308 K 4,628 K 972 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 13,360 K 7,444 K 2000 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,128 K 2,736 K 1424 Host Process for Windows Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 4,040 K 7,260 K 3260 Host Process for Windows Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 2,404 K 2,976 K 2808 Host Process for Windows Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 4,564 K 3,468 K 2908 Host Process for Windows Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 1,324 K 1,896 K 3204 Host Process for Windows Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 1,948 K 76,768 K 5304 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
sua.exe 1,380 K 2,124 K 3580 Secunia Update Agent Secunia (Verified) Secunia
ssonsvr.exe 1,584 K 2,108 K 3068 Citrix Pass-through Authentication Citrix Systems, Inc. (Verified) Citrix Systems
smss.exe 288 K 440 K 504 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
SLsvc.exe 5,888 K 2,036 K 1444 Microsoft Software Licensing Service Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
RtkAudioService.exe 2,576 K 2,156 K 1640 Realtek Audio Service Realtek Semiconductor (Verified) Realtek Semiconductor Corp
RtHDVBg.exe 10,812 K 4,392 K 1680 HD Audio Background Process Realtek Semiconductor (Verified) Realtek Semiconductor Corp
PMBDeviceInfoProvider.exe 1,576 K 1,844 K 2796 Device Information Provider Sony Corporation (Verified) Sony Corporation
pcCMService.exe 2,876 K 3,144 K 2680 mcci+McciCMService Alcatel-Lucent (No signature was present in the subject) Alcatel-Lucent
msiexec.exe 3,440 K 7,644 K 4220 Windows® installer Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
mDNSResponder.exe 1,656 K 2,200 K 2268 Bonjour Service Apple Inc. (Verified) Apple Inc.
LSSrvc.exe 1,372 K 1,680 K 2604 LightScribe Service Hewlett-Packard Company (No signature was present in the subject) Hewlett-Packard Company
IPROSetMonitor.exe 1,188 K 1,296 K 2540 Intel® PROSet Monitoring Service Intel Corporation (Verified) Intel Corporation
IAANTmon.exe 3,284 K 3,316 K 2508 RAID Monitor Intel Corporation (Verified) Intel Corporation
hpwuschd2.exe 1,188 K 1,540 K 2588 hpwuSchd Application Hewlett-Packard (Verified) Hewlett-Packard Company
GoogleCrashHandler.exe 2,704 K 384 K 3044 Google Crash Handler Google Inc. (Verified) Google Inc
DQLWinService.exe 1,216 K 1,192 K 2392 DQLWinSe Application (No signature was present in the subject)
dllhost.exe 1,412 K 4,044 K 3820 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
concentr.exe 1,944 K 3,332 K 1040 Citrix online plug-in Connection Center Citrix Systems, Inc. (Verified) Citrix Systems
audiodg.exe 16,640 K 11,984 K 1400 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
armsvc.exe 2,364 K 1,620 K 2168 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems

Farbar Service Scanner Version: 04-08-2013
Ran by BRUCE (administrator) on 04-08-2013 at 23:33:57
Running from "C:\Users\BRUCE\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
See if http://support.micro....com/kb/2435760 helps remove MSE.

No need to go with Avast Pro. The free Avast is fine. If you want a better firewall just add the free Online Armor

http://www.online-ar...-armor-free.php

You can uninstall Speccy. We don't need it now.



Let's look at the errors as these slow your boot:

Log: 'System' Date/Time: 05/08/2013 2:48:17 AM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: PxHelp20


PxHelp20.sys is a driver that implements the Sonic Solutions CD burning engine, which is used by Roxio CD burning software (Roxio is owned by Sonic). So apparently Roxio is not happy. Uninstall and reinstall. Or you can just turn off the driver.

Right click on My Computer and select Manage then Device Manager. View, Show Hidden Devices. Find PxHelp20 (probably has a yellow mark next to it) and right click and Disable. While in Device Manager look for Parallel port driver too and do the same. That will take care of the next one:

Log: 'System' Date/Time: 05/08/2013 2:48:17 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Log: 'System' Date/Time: 05/08/2013 2:48:17 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Microsoft Antimalware Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

This should be part of MSE so removing MSE should fix it but if not you can Start, Run , Services.msc, OK and then find the Microsoft Antimalware Service and right click on it and select Properties. Change the Startup Type: to Disabled. Do the same for Windows Media Player Network Sharing Service and that should fix the next error.


Log: 'System' Date/Time: 05/08/2013 2:14:11 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.


Log: 'Application' Date/Time: 05/08/2013 12:05:45 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-1365476798-2678602475-2493244682-1001:
Process 2956 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1365476798-2678602475-2493244682-1001...


This is a common error from Windows Live. I have no use for the program and refuse to have it on my PC but if you must have it I would uninstall it and download the latest and install that. See if that stops these errors.

Log: 'Application' Date/Time: 05/08/2013 12:05:48 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-1365476798-2678602475-2493244682-1001_Classes:
Process 1948 (\Device\HarddiskVolume1\WINDOWS\System32\spoolsv.exe) has opened key \REGISTRY\USER\S-1-5-21-1365476798-2678602475-2493244682-1001_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache


See if you can submit c:\WINDOWS\System32\spoolsv.exe to virustotal.com and see what they say about it.
This is the print spooler program. It should be from Windows and you would think they would follow their own rules but I do see this alarm a lot.

Let's remove some dead virus drivers and some dead links:

Copy the text in the code box by highlighting and Ctrl + c

:OTL
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\wzpsizsq.sys -- (wzpsizsq)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\veswwxxj.sys -- (veswwxxj)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\unugthvf.sys -- (unugthvf)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\tdnfehvc.sys -- (tdnfehvc)
DRV - File not found [Adapter | Unavailable | Unknown] -- -- (PnSson)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\pjubrhyx.sys -- (pjubrhyx)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\owyrxwoz.sys -- (owyrxwoz)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\nmrsgymi.sys -- (nmrsgymi)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\mlokiizn.sys -- (mlokiizn)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\jdbelzad.sys -- (jdbelzad)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\frctpota.sys -- (frctpota)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20130306015620.dll (McAfee, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll (AVG Secure Search)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {6EDC3889-B841-4127-A2BF-C5FC48F972C7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [Advanced SystemCare 6] C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.micr...tualEarth3D.cab (Reg Error: Value error.)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} http://www.symantec....sa/LSSupCtl.cab (Reg Error: Value error.)
O16 - DPF: {22055A00-27C0-438B-BF53-44E973A4C48A} http://www.thesecret.../vivid_ocx.jpeg (Reg Error: Value error.)
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} http://intel-drv-cdn...reqlab_srlx.cab (Reg Error: Value error.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.0.cab (Reg Error: Value error.)
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} http://www.srtest.co...sreqlab_ind.cab (Reg Error: Value error.)
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} http://www.kodakgall..._2/axofupld.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.micro...gWebControl.cab (Reg Error: Value error.)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} http://www.symantec....sa/SymAData.cab (ActiveDataInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://plugin.driver...driveragent.cab (Reg Error: Value error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...xControl_32.CAB (Reg Error: Key error.)

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\08052013-some number.log so look there if you don't see it.

Then



Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
spoolsv.exe
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true /fp
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.
  • 0

#7
USAFA74F15

USAFA74F15

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Error: Unable to interpret <DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\wzpsizsq.sys -- (wzpsizsq)DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\veswwxxj.sys -- (veswwxxj)DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\unugthvf.sys -- (unugthvf)DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\tdnfehvc.sys -- (tdnfehvc)DRV - File not found [Adapter | Unavailable | Unknown] -- -- (PnSson)DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\pjubrhyx.sys -- (pjubrhyx)DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\owyrxwoz.sys -- (owyrxwoz)DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\nmrsgymi.sys -- (nmrsgymi)DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\mlokiizn.sys -- (mlokiizn)DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)DRV - File not found [Kernel | System > in the current context!
Error: Unable to interpret <| Stopped] -- C:\Windows\system32\drivers\jdbelzad.sys -- (jdbelzad)DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\frctpota.sys -- (frctpota)O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20130306015620.dll (McAfee, Inc.)O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll (AVG Secure Search)O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O3 - HKLM\..\Toolbar: (AVG Security Toolba> in the current context!
Error: Unable to interpret <r) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll (AVG Secure Search)O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No CLSID value found.O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {6EDC3889-B841-4127-A2BF-C5FC48F972C7} - No CLSID value found.O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()O4 - HKCU..\Run: [Advanced SystemCare 6] C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.micr...tualEarth3D.cab (Reg Error: Value error.)O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} http://www.symantec....sa/L> in the current context!
Error: Unable to interpret <SSupCtl.cab (Reg Error: Value error.)O16 - DPF: {22055A00-27C0-438B-BF53-44E973A4C48A} http://www.thesecret.../vivid_ocx.jpeg (Reg Error: Value error.)O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} http://intel-drv-cdn...reqlab_srlx.cab (Reg Error: Value error.)O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.0.cab (Reg Error: Value error.)O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} http://www.srtest.co...sreqlab_ind.cab (Reg Error: Value error.)O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} http://www.kodakgall..._2/axofupld.cab (Reg Error: Value error.)O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Value error.)O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.micro...gWebControl.cab (Reg Error: Value error.)O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} http://www.symantec....sa/SymAData.cab (ActiveDataInfo Class)O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/> in the current context!
Error: Unable to interpret <1.6/gp.cab (Reg Error: Value error.)O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://plugin.driver...driveragent.cab (Reg Error: Value error.)O16 - DPF: Garmin Communicator Plug-In https://static.garmi...xControl_32.CAB (Reg Error: Key error.)DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\wzpsizsq.sys -- (wzpsizsq)DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\veswwxxj.sys -- (veswwxxj)DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\unugthvf.sys -- (unugthvf)DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\tdnfehvc.sys -- (tdnfehvc)DRV - File not found [Adapter | Unavailable | Unknown] -- -- (PnSson)DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\pjubrhyx.sys -- (pjubrhyx)DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\owyrxwoz.sys -- (owyrxwoz)DRV - File not found [Kernel | System | Stopped] -- C:\Windows\syste> in the current context!
Error: Unable to interpret <m32\drivers\nmrsgymi.sys -- (nmrsgymi)DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\mlokiizn.sys -- (mlokiizn)DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\jdbelzad.sys -- (jdbelzad)DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\frctpota.sys -- (frctpota)O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20130306015620.dll (McAfee, Inc.)O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll (AVG Secure Search)O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files\IObit\Advanced System> in the current context!
Error: Unable to interpret <Care 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll (AVG Secure Search)O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No CLSID value found.O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {6EDC3889-B841-4127-A2BF-C5FC48F972C7} - No CLSID value found.O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()O4 - HKCU..\Run: [Advanced SystemCare 6] C:\P> in the current context!
Error: Unable to interpret <rogram Files\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.micr...tualEarth3D.cab (Reg Error: Value error.)O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} http://www.symantec....sa/LSSupCtl.cab (Reg Error: Value error.)O16 - DPF: {22055A00-27C0-438B-BF53-44E973A4C48A} http://www.thesecret.../vivid_ocx.jpeg (Reg Error: Value error.)O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} http://intel-drv-cdn...reqlab_srlx.cab (Reg Error: Value error.)O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.0.cab (Reg Error: Value error.)O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} http://www.srtest.co...sreqlab_ind.cab (Reg Error: Value error.)O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} http://www.kodakgall..._2/axofupld.cab (Reg Error: Value error.)O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Value error.)O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} ht> in the current context!
Error: Unable to interpret <tp://support.micro...gWebControl.cab (Reg Error: Value error.)O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} http://www.symantec....sa/SymAData.cab (ActiveDataInfo Class)O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://plugin.driver...driveragent.cab (Reg Error: Value error.)O16 - DPF: Garmin Communicator Plug-In https://static.garmi...xControl_32.CAB (Reg Error: Key error.)> in the current context!

OTL by OldTimer - Version 3.2.69.0 log created on 08052013_045512


OTL Extras logfile created on: 05/08/2013 5:04:00 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\BRUCE\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

1.49 Gb Total Physical Memory | 0.69 Gb Available Physical Memory | 46.11% Memory free
3.23 Gb Paging File | 1.89 Gb Available in Paging File | 58.43% Paging File free
Paging file location(s): c:\pagefile.sys 1825 2287 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 290.41 Gb Total Space | 157.09 Gb Free Space | 54.09% Space Free | Partition Type: NTFS
Drive D: | 7.68 Gb Total Space | 0.86 Gb Free Space | 11.25% Space Free | Partition Type: NTFS
Drive F: | 4.20 Gb Total Space | 4.20 Gb Free Space | 100.00% Space Free | Partition Type: UDF
Drive L: | 298.02 Gb Total Space | 151.58 Gb Free Space | 50.86% Space Free | Partition Type: FAT32

Computer Name: BRUCE-PC | User Name: BRUCE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = PDFlite.Document] -- C:\Program Files\PDFlite\pdflite.exe (Amnis Technology Ltd.)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- Reg Error: Value error. File not found
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- Reg Error: Value error.
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1365476798-2678602475-2493244682-1001]
"EnableNotificationsRef" = 3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{004D55D0-A051-41CA-AFA7-E2AA181EB090}" = lport=9442 | protocol=17 | dir=in | name=intel® viiv™ media server discovery |
"{1D455B8E-2327-4B27-A94B-716CF75AF955}" = rport=445 | protocol=6 | dir=out | app=system |
"{3431464B-AC15-4E9B-B70E-4D8EBAC8D9A7}" = lport=445 | protocol=6 | dir=in | app=system |
"{5A2AF195-F42A-4149-8CB8-41BF4B70349E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{7B1C17CC-FB31-4150-9185-DC5E59A30F97}" = rport=137 | protocol=17 | dir=out | app=system |
"{808677CF-BC48-4F89-B45A-7BDEEC5F2E92}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9030472C-6AE0-4117-9900-6E5C92C59E9B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{929FA9DD-7307-4C5B-BD2B-98877C2D0EB2}" = rport=139 | protocol=6 | dir=out | app=system |
"{96DA79D5-A1C2-4464-90ED-0E49549BDCBC}" = lport=138 | protocol=17 | dir=in | app=system |
"{B0F8AECA-4261-46D4-89ED-0D772C73ED56}" = lport=1900 | protocol=17 | dir=in | name=intel® viiv™ media server upnp discovery |
"{CE449A07-807C-4480-A173-A3164F49A913}" = lport=137 | protocol=17 | dir=in | app=system |
"{E36213D9-9D1E-4B36-817F-AEF22BED4185}" = lport=139 | protocol=6 | dir=in | app=system |
"{F438FDB8-58FC-424F-8DAD-E11F1B656A40}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F8D5A5D1-297F-48FE-BE58-CE5B9969B811}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08A1C348-604E-4E4C-882B-F00708344CAE}" = protocol=17 | dir=in | app=c:\program files\common files\motive\pcservicehost.exe |
"{0F764DC7-CE68-431F-AEE6-26BE0DA55F7A}" = protocol=1 | dir=in | [email protected],-28543 |
"{1A692177-84A7-4660-8744-EB73F96D6594}" = protocol=1 | dir=out | [email protected],-28544 |
"{1F7715FC-41B3-4F1E-8C1A-0B07C9E5FCC0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{20540AB0-07BC-4F07-8AFE-D27961CCAC4C}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{231A457D-B7BE-43EE-9394-31C3194F0F00}" = protocol=58 | dir=out | [email protected],-28546 |
"{297EAB7F-4DAE-438B-B363-3A9382200BAB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2A81D1D8-E691-45FC-91AB-1721197BC027}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{52773B10-0B29-4760-8505-8F6B65C307F7}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{5AE177EF-D4B5-4EE7-BF30-A16009102739}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{5C982842-A765-4730-B10B-936F7275F43D}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{652FED3A-8ED6-4995-A7C5-D54BF3BE6E3F}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{72CBE6B6-7B22-44EF-84A2-65B7ABF72FBA}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{7B732582-7C26-4063-9088-328D54738BDB}" = protocol=17 | dir=in | app=c:\program files\common files\motive\pcservicehost.exe |
"{7D1594C6-0FBC-49C3-88AB-65D6DC024D22}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{7E7A2C81-3C19-4308-9428-C9073783539D}" = protocol=6 | dir=in | app=c:\program files\common files\motive\pcservicehost.exe |
"{809D75E9-686A-47DD-9E6F-A14291B68CAD}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{8DD5F739-F4B6-4B23-AC2F-B4B50426DBBF}" = protocol=6 | dir=in | app=c:\program files\common files\motive\pcservicehost.exe |
"{948963F9-E10E-4411-841F-A1792C929CF3}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{96984CA8-08DA-4BDC-A055-757F88DE66F1}" = protocol=58 | dir=in | [email protected],-28545 |
"{A1368B6F-3B71-49D3-83DD-D0C2A10E6B2D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A6BB2138-ABAD-40AD-98CF-615A4034791E}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{AC0CF4AD-B67E-439F-AC18-C48D7CBE65F3}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{B93D4898-60B1-4D37-86C7-241C8FBECA90}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{BB8E2CDC-DCDD-4205-B74B-2F09BAB9FC1E}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{C00E1733-5AED-493E-807F-0E5FDB2AA9BD}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{C334FBD5-BBCE-435A-B101-A14FAC9D52F7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C63A27AA-C908-4C52-8EE1-12EEC07A37F1}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{C679CD3F-CAFB-405E-B498-DA4CC0BFD2A7}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{DC9B7E55-CBFC-4D88-BB79-E559ED138BA4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DDB05638-F772-4846-9845-D986A5034602}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DFC35F56-A0CD-4092-8468-F26C37325CDA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E03A6CD0-455C-4B7B-ACFE-3DB0C1FA6A4D}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{023D64D7-E7B4-47C7-BE6E-B7C2E8960D08}" = Citrix online plug-in (Web)
"{0657DE52-8F5C-4073-B70C-ED4F3F7FA076}" = PlayMemories Home
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A5B39D2-7ED6-4779-BCC9-37F381139DB3}" = Adobe AIR
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F7319A9-083D-40B3-8256-00A6F3C2AAA2}" = Citrix online plug-in (SSON)
"{117F771F-EA62-437B-AA3C-65F77B1E4C63}" = AT&T Quick Fix Client
"{133236FE-E2F7-4313-8BF8-A10ACAAA7CB9}" = Citrix online plug-in (USB)
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{1945A4B5-73B6-4DE9-99A3-05261B7FDED0}" = Shared C Run-time for x86
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{26DE7BAD-453E-4C96-979F-1C288ECAA159}" = Intel® Network Connections 16.7.166.0
"{290B83AA-093A-45BF-A917-D1C4A1E8D917}" = HP Active Support Library
"{29622F4A-245C-4126-8764-897E21E888D1}" = Google Earth Pro
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2FC7287D-39DD-4A84-9806-D27D3CCDC51B}" = Citrix online plug-in (Web)
"{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}" = Virtual Earth 3D (Beta)
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{4CFE23CC-779D-4572-A76F-AB60A958BC79}" = Adobe Flash Player 11 ActiveX
"{548B3DC6-2300-47E1-BA7B-74AD25F8DEBF}" = Form Fill (Windows Live Toolbar)
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{57287FDF-27E6-45BC-9DD2-A33545C46C1A}" = Citrix online plug-in (HDX)
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65135558-F1AE-4B9B-8C0B-180730ACA261}" = Garmin Express
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.0.2
"{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E7BF6EC-C3E7-43A7-8A03-0D204E3EC01B}" = Intel® Viiv™ Software
"{6F2FDD50-E0F3-4117-B575-78E77F8D11EF}" = Citrix online plug-in (DV)
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77CA976C-403C-47E2-940B-733ECAB6F62B}" = muvee autoProducer 5.0
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{8144262B-25B4-44F6-8204-FCC8EF50179F}" = Citrix online plug-in (DV)
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{876AB032-B2A4-41FF-AF87-DBC78454C1B0}" = Garmin Update Service
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{913778D3-E1D8-4B55-9246-3308C54D3162}" = Citrix online plug-in (PNA)
"{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}" = iTunes
"{925F1DB6-E86E-4378-9091-D1F68B0583C9}" = iCloud
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{93765DFA-8A67-41FB-9FC0-B12341CA65F3}" = Elevated Installer
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B5C92C15-F625-41E6-9646-245FA011E3DB}" = SlimComputer
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{C233BCC3-29C4-49C0-B955-0A94509FC4FC}" = Garmin Express Tray
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}" = System Requirements Lab for Intel
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E1D00057-82F0-4EA1-91C2-270682EB9C98}" = SlimDrivers
"{e47a5c85-88a2-47d2-b380-fc2e763c2e6d}" = Garmin Express
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EA74A293-3FAC-4D1B-AE3A-3BD47FADDC20}" = Citrix online plug-in (HDX)
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3885DDF-E711-4F14-B4C9-5CA3F07A13E9}" = PCsync
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"ATT-ATT Management Agent" = ATT Management Agent
"ATT-HSI" = ATT-HSI
"ATT-SST" = AT&T Troubleshoot & Resolve Tool
"avast" = avast! Free Antivirus
"Belarc Advisor" = Belarc Advisor 8.3
"CitrixOnlinePluginFull" = Citrix online plug-in
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"Defraggler" = Defraggler
"FileHippo.com" = FileHippo.com Update Checker
"Free Window Registry Repair" = Free Window Registry Repair
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Intel® Configuration Center" = Intel® Viiv™ Software
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"OsdMaestro" = HP On-Screen Caps/Num/Scroll Lock Indicator
"PDFlite" = PDFlite 0.9.0.0
"PROSetDX" = Intel® Network Connections 16.7.166.0
"RealPlayer 16.0" = RealPlayer
"Recuva" = Recuva
"Secunia PSI" = Secunia PSI (3.0.0.7011)
"Smart Defrag 2_is1" = Smart Defrag 2
"SystemRequirementsLab" = System Requirements Lab
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 04/08/2013 10:59:55 PM | Computer Name = BRUCE-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16496 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 16c0 Start Time: 01ce9187bb371adf Termination Time: 47

Error - 04/08/2013 11:26:55 PM | Computer Name = BRUCE-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16496 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1628 Start Time: 01ce918b0ea351cf Termination Time: 187

Error - 04/08/2013 11:39:14 PM | Computer Name = BRUCE-PC | Source = Perflib | ID = 1010
Description =

Error - 05/08/2013 5:19:58 AM | Computer Name = BRUCE-PC | Source = MsiInstaller | ID = 11316
Description =

Error - 05/08/2013 5:33:37 AM | Computer Name = BRUCE-PC | Source = Application Error | ID = 1000
Description = Faulting application MsMpEng.exe, version 4.1.522.0, time stamp 0x505124fc,
faulting module mpclient.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception
code 0xc0000135, fault offset 0x00009f5d, process id 0x4198, application start time
0x01ce91bedbd79b0f.

Error - 05/08/2013 5:39:37 AM | Computer Name = BRUCE-PC | Source = Application Error | ID = 1000
Description = Faulting application MsMpEng.exe, version 4.1.522.0, time stamp 0x505124fc,
faulting module mpclient.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception
code 0xc0000135, fault offset 0x00009f5d, process id 0x5fec, application start time
0x01ce91bfb30f202f.

[ IntelDH Events ]
Error - 04/07/2011 7:58:43 PM | Computer Name = BRUCE-PC | Source = CCU_Engine | ID = 15
Description = A CCU internal function detected an error: CCUEngine failed to create
the DataManager

Error - 04/07/2011 7:58:43 PM | Computer Name = BRUCE-PC | Source = UIMgr | ID = 17
Description = A CCU interface function returned an error: CCUUIManager could not
create an instance of the CCU Engine

Error - 10/11/2011 6:29:40 AM | Computer Name = BRUCE-PC | Source = CCU_Engine | ID = 15
Description = A CCU internal function detected an error: CCUEngine failed to create
the DataManager

Error - 10/11/2011 6:29:40 AM | Computer Name = BRUCE-PC | Source = UIMgr | ID = 17
Description = A CCU interface function returned an error: CCUUIManager could not
create an instance of the CCU Engine

Error - 09/05/2012 10:16:47 PM | Computer Name = BRUCE-PC | Source = CCU_Engine | ID = 15
Description = A CCU internal function detected an error: CCUEngine failed to create
the DataManager

Error - 09/05/2012 10:16:47 PM | Computer Name = BRUCE-PC | Source = UIMgr | ID = 17
Description = A CCU interface function returned an error: CCUUIManager could not
create an instance of the CCU Engine

Error - 10/05/2012 5:51:08 AM | Computer Name = BRUCE-PC | Source = CCU_Engine | ID = 15
Description = A CCU internal function detected an error: CCUEngine failed to create
the DataManager

[ Media Center Events ]
Error - 20/05/2012 10:30:01 PM | Computer Name = BRUCE-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 21/05/2012 12:08:47 AM | Computer Name = BRUCE-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 21/05/2012 1:54:30 AM | Computer Name = BRUCE-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 21/05/2012 8:40:05 AM | Computer Name = BRUCE-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 23/05/2012 5:32:07 AM | Computer Name = BRUCE-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 23/05/2012 7:18:04 AM | Computer Name = BRUCE-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 27/06/2013 12:10:23 AM | Computer Name = BRUCE-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 171
seconds with 120 seconds of active time. This session ended with a crash.

Error - 11/07/2013 3:58:01 AM | Computer Name = BRUCE-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 424
seconds with 360 seconds of active time. This session ended with a crash.

Error - 11/07/2013 6:55:51 AM | Computer Name = BRUCE-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 75
seconds with 60 seconds of active time. This session ended with a crash.

Error - 17/07/2013 8:41:31 PM | Computer Name = BRUCE-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 289
seconds with 240 seconds of active time. This session ended with a crash.

Error - 17/07/2013 9:07:12 PM | Computer Name = BRUCE-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1527
seconds with 1500 seconds of active time. This session ended with a crash.

Error - 22/07/2013 8:32:17 PM | Computer Name = BRUCE-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 210
seconds with 60 seconds of active time. This session ended with a crash.

Error - 22/07/2013 10:57:16 PM | Computer Name = BRUCE-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 7578
seconds with 7140 seconds of active time. This session ended with a crash.

Error - 25/07/2013 12:16:40 AM | Computer Name = BRUCE-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 66
seconds with 60 seconds of active time. This session ended with a crash.

Error - 28/07/2013 11:05:51 PM | Computer Name = BRUCE-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 40
seconds with 0 seconds of active time. This session ended with a crash.

Error - 04/08/2013 3:07:43 PM | Computer Name = BRUCE-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1097
seconds with 600 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 04/08/2013 11:19:59 PM | Computer Name = BRUCE-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 04/08/2013 11:19:59 PM | Computer Name = BRUCE-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 04/08/2013 11:20:00 PM | Computer Name = BRUCE-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 04/08/2013 11:26:06 PM | Computer Name = BRUCE-PC | Source = DCOM | ID = 10010
Description =

Error - 04/08/2013 11:26:33 PM | Computer Name = BRUCE-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 05/08/2013 1:40:16 AM | Computer Name = BRUCE-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 05/08/2013 5:33:43 AM | Computer Name = BRUCE-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 05/08/2013 5:33:43 AM | Computer Name = BRUCE-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 05/08/2013 5:39:41 AM | Computer Name = BRUCE-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 05/08/2013 5:39:41 AM | Computer Name = BRUCE-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Something did not work. Looks like something is eating the Enters and running everything together. I'm going to try attaching the fix so I don't have to worry about the forum software or your browser.

Download and save and open the attached RunFix.txt file.

Copy all of the text from notepad by ctrl + a then ctrl + c. Now start OTL by right clicking and Run As Admin. Move to the Custom Scan/Fix box and click in then ctrl + v. The text should appear. Make sure you have it all, especially the :OTL at the beginning. Now press the RUN FIX button and let it run. Make sure you press Run Fix. Do not press Run Scan or Quickscan.
  • 0

#9
USAFA74F15

USAFA74F15

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Let's try this.

Bruce


OTL logfile created on: 09/08/2013 12:29:02 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\BRUCE\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

1.49 Gb Total Physical Memory | 0.58 Gb Available Physical Memory | 39.09% Memory free
3.23 Gb Paging File | 1.99 Gb Available in Paging File | 61.57% Paging File free
Paging file location(s): c:\pagefile.sys 1825 2287 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 290.41 Gb Total Space | 172.61 Gb Free Space | 59.44% Space Free | Partition Type: NTFS
Drive D: | 7.68 Gb Total Space | 0.87 Gb Free Space | 11.27% Space Free | Partition Type: NTFS
Drive L: | 298.02 Gb Total Space | 151.57 Gb Free Space | 50.86% Space Free | Partition Type: FAT32

Computer Name: BRUCE-PC | User Name: BRUCE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/27 13:33:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\BRUCE\Downloads\OTL.exe
PRC - [2013/07/24 19:49:49 | 000,846,288 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/07/18 00:36:56 | 000,217,992 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
PRC - [2013/07/03 15:00:44 | 005,271,040 | ---- | M] (Joyent, Inc) -- C:\Program Files\ATT\8.3.1.7\ma\bin\node.exe
PRC - [2013/07/03 15:00:44 | 000,321,024 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\ATT\8.3.1.7\ma\bin\MAHostService.exe
PRC - [2013/07/03 03:32:44 | 001,228,504 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2013/07/03 03:32:44 | 000,660,184 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2013/07/03 03:32:42 | 000,563,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2013/06/30 10:31:02 | 001,888,576 | ---- | M] (IObit) -- C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2013/06/26 09:22:49 | 001,598,128 | ---- | M] (AVG Secure Search) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
PRC - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/09 03:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 03:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/05/09 03:58:27 | 000,137,960 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2013/05/07 10:57:52 | 001,984,000 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\ATT-SST\pcTrayApp.exe
PRC - [2013/05/07 10:54:54 | 000,369,152 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\pcCMService.exe
PRC - [2013/05/07 10:54:02 | 000,342,528 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\pcServiceHost.exe
PRC - [2013/04/24 05:30:28 | 000,483,864 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
PRC - [2013/04/24 05:26:56 | 000,740,888 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
PRC - [2013/03/27 16:18:02 | 001,098,072 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files\Garmin\Express Tray\ExpressTray.exe
PRC - [2013/03/08 16:30:12 | 000,957,512 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
PRC - [2013/02/19 21:10:16 | 000,203,848 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe
PRC - [2012/03/28 02:28:44 | 000,735,168 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2012/03/28 02:27:06 | 000,309,184 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2011/09/26 18:15:36 | 000,117,920 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\IPROSetMonitor.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/06/02 18:50:34 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2006/09/03 12:32:28 | 000,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/03 23:19:57 | 001,226,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\3e35e75d6bb050d75c95df764b607afe\System.WorkflowServices.ni.dll
MOD - [2013/08/03 23:18:09 | 001,087,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\e53c51f2db178f4635682598a38ad9f4\System.ServiceModel.Web.ni.dll
MOD - [2013/07/29 07:37:13 | 000,369,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\c24b36ceb832eabefe020b7453994a87\System.ServiceModel.Routing.ni.dll
MOD - [2013/07/29 07:37:11 | 001,141,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\4e250337cd18240b68997db97a661701\System.ServiceModel.Discovery.ni.dll
MOD - [2013/07/29 07:37:09 | 000,082,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\aab5ffcd3df45c984400184a9a041a8f\System.ServiceModel.Channels.ni.dll
MOD - [2013/07/29 07:36:43 | 001,394,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\fd6ee30e73a33e86f4da7180a38feec7\System.ServiceModel.Activities.ni.dll
MOD - [2013/07/29 07:36:38 | 001,078,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\1489265c93f726f72f59fa268b99af37\System.IdentityModel.ni.dll
MOD - [2013/07/29 07:36:35 | 018,101,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\1fd03dbce5fb842598861bcc46d549a2\System.ServiceModel.ni.dll
MOD - [2013/07/29 07:33:10 | 000,649,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\5ec5f80f35fbc6665e2eddb7711a8410\System.Transactions.ni.dll
MOD - [2013/07/29 07:33:07 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\da2cc25eb270a9d8607ab7486f3ce890\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/07/29 07:33:05 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\8a26ba5b45d30874fbebb0a475b22a75\SMDiagnostics.ni.dll
MOD - [2013/07/29 07:33:04 | 002,647,552 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\6b3adc90b6f811b557d290e1436e7ff8\System.Runtime.Serialization.ni.dll
MOD - [2013/07/29 07:33:00 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\ac41c2666bb4e3dee06bc72eb45c765d\System.Xml.Linq.ni.dll
MOD - [2013/07/29 07:32:10 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\e8aafadcd1fc0f8f406434176fb97477\System.Xaml.ni.dll
MOD - [2013/07/29 02:41:49 | 018,003,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\4c152db66c5438fbf9e3975858dde0bc\PresentationFramework.ni.dll
MOD - [2013/07/29 02:41:19 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\8d9db55b1eef7728c04fb1ec500089c6\PresentationCore.ni.dll
MOD - [2013/07/29 02:41:06 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\6ea5ee4386d67f4b432a27c40fbff93c\System.Windows.Forms.ni.dll
MOD - [2013/07/29 02:40:55 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9631f1dac820cb6987560f074492150d\PresentationFramework.Aero.ni.dll
MOD - [2013/07/29 02:40:49 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4787bb699ed4291859fb86f15d793add\System.Drawing.ni.dll
MOD - [2013/07/29 02:39:00 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\d3c944049319ebe51e939c9342f0bcc2\WindowsBase.ni.dll
MOD - [2013/07/29 02:38:44 | 005,628,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\91c185bd043af039dcdc93e3fcf87f3d\System.Xml.ni.dll
MOD - [2013/07/29 02:38:36 | 001,013,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\256b7bb1216345c5a66ced50c1cf239d\System.Configuration.ni.dll
MOD - [2013/07/29 02:38:31 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\a1c174e579c9ad4e5b6eeed8a58a721b\System.Core.ni.dll
MOD - [2013/07/29 02:38:14 | 009,099,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\8a6d1c8abeb8eb82f06c7d075130cc67\System.ni.dll
MOD - [2013/07/29 02:37:59 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll
MOD - [2013/07/24 19:49:46 | 000,396,240 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\28.0.1500.95\ppgooglenaclpluginchrome.dll
MOD - [2013/07/24 19:49:45 | 013,599,184 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll
MOD - [2013/07/24 19:49:44 | 004,052,944 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll
MOD - [2013/07/24 19:48:51 | 001,597,392 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\28.0.1500.95\ffmpegsumo.dll
MOD - [2013/06/08 18:14:16 | 000,048,960 | ---- | M] () -- C:\Program Files\IObit\Smart Defrag 2\NtfsData.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (stllssvr)
SRV - File not found [Unavailable | Unknown] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - File not found [Unavailable | Unknown] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2013/07/20 01:19:45 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/03 15:00:44 | 000,321,024 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\ATT\8.3.1.7\ma\bin\MAHostService.exe -- (ATT MAHostService)
SRV - [2013/07/03 03:32:44 | 001,228,504 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2013/07/03 03:32:44 | 000,660,184 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2013/06/26 09:22:49 | 001,598,128 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe -- (vToolbarUpdater15.3.0)
SRV - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/05/09 03:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/05/09 03:58:27 | 000,137,960 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2013/05/07 10:54:54 | 000,369,152 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\pcCMService.exe -- (pcCMService)
SRV - [2013/05/07 10:54:02 | 000,342,528 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\pcServiceHost.exe -- (pcServiceHost)
SRV - [2013/04/24 05:30:28 | 000,483,864 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2013/03/27 16:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Stopped] -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2013/02/19 21:10:16 | 000,203,848 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe -- (RtkAudioService)
SRV - [2013/02/19 14:12:14 | 000,172,416 | ---- | M] (McAfee, Inc.) [Unavailable | Unknown] -- C:\WINDOWS\System32\mfevtps.exe -- (mfevtp)
SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/09/26 18:15:36 | 000,117,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\System32\IPROSetMonitor.exe -- (Intel®
SRV - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2008/06/02 18:50:34 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/09/11 18:02:44 | 000,544,256 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service)
SRV - [2006/09/11 18:01:04 | 000,167,936 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL)
SRV - [2006/09/11 17:56:32 | 000,075,264 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe -- (ISSM)
SRV - [2006/09/11 17:56:20 | 000,188,416 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService)
SRV - [2006/09/03 12:32:28 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2006/09/01 01:47:56 | 000,026,624 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server)
SRV - [2006/05/10 11:13:52 | 000,029,696 | R--- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe -- (IntelDHSvcConf)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - [2013/07/29 01:09:58 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/07/29 01:09:58 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/07/29 01:09:58 | 000,175,176 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/07/27 16:00:59 | 000,013,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2013/07/03 03:32:42 | 000,016,024 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\drivers\psi_mf_x86.sys -- (PSI)
DRV - [2013/06/26 09:22:50 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/05/22 18:49:32 | 000,015,672 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2013/05/09 03:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/05/09 03:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/05/09 03:59:09 | 000,204,784 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2013/05/09 03:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/05/09 03:59:09 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2013/05/09 03:59:09 | 000,021,576 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2013/05/09 03:59:08 | 000,104,752 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2013/05/09 03:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/03/13 13:01:58 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis.sys -- (aswNdis)
DRV - [2013/02/19 14:12:24 | 000,210,608 | ---- | M] (McAfee, Inc.) [Kernel | Unavailable | Unknown] -- C:\WINDOWS\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2013/02/19 14:09:52 | 000,565,888 | ---- | M] (McAfee, Inc.) [Kernel | Unavailable | Unknown] -- C:\WINDOWS\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2013/02/19 14:07:50 | 000,133,416 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012/03/19 09:18:46 | 000,064,800 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2010/02/02 15:09:42 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/02/02 15:09:42 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/12/30 10:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/04/10 23:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\winusb.sys -- (winusb)
DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/02 02:41:53 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2005/12/12 11:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\PS2.sys -- (Ps2)
DRV - [1999/12/31 19:00:00 | 000,193,640 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.live.com/?mkt=en-us
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{09D7EC1D-6FDC-4B5F-A20F-68F6F7A297A5}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt
IE - HKLM\..\SearchScopes\{354CB769-8CC6-4415-AFE8-D464FAA80346}: "URL" = http://search.live.c...#38;FORM=HVDUS7
IE - HKLM\..\SearchScopes\{45D28774-DBC0-449D-8168-FE1C2E29AD9A}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {6edc3889-b841-4127-a2bf-c5fc48f972c7} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {CDD78D09-C4B0-44D4-84EF-A93F498B398D}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{CDD78D09-C4B0-44D4-84EF-A93F498B398D}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{F8630420-07C2-4D58-9C40-1E113049B3DE}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@consona.com/ScriptRunner: C:\Program Files\Common Files\supportsoft\bin\nptgctlsr.dll (SupportSoft, Inc.)
FF - HKLM\Software\MozillaPlugins\@consona.com/SmartIssue: C:\Program Files\Common Files\supportsoft\bin\nptgctlsi.dll (SupportSoft, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=3.0: C:\Program Files\Virtual Earth 3D\ [2008/11/05 20:22:38 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\ATT\8.3.1.7\ma\bin\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@Motive.com/npMotiveRequest,version=1.0: C:\Program Files\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin: C:\Program Files\PDFlite\npPdfViewer.dll (Simon Bünzli)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin: C:\Program Files\PDFlite\npPdfViewer.dll (Simon Bünzli)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext


========== Chrome ==========

CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yah...d={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: Motive Plug-in (Enabled) = C:\Program Files\ATT\8.3.1.7\ma\bin\npMotive.dll
CHR - plugin: Motive Management Plug-in (Enabled) = C:\Program Files\Common Files\Motive\npMotiveRequest.dll
CHR - plugin: Consona SmartIssue Plugin (Enabled) = C:\Program Files\Common Files\supportsoft\bin\nptgctlsi.dll
CHR - plugin: Consona Script Runner Plugin for Firefox (Enabled) = C:\Program Files\Common Files\supportsoft\bin\nptgctlsr.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - plugin: SumatraPDF Browser Plugin (Enabled) = C:\Program Files\PDFlite\npPdfViewer.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpplugin.dll
CHR - Extension: Motive Extension = C:\Users\BRUCE\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec\1.1_0\
CHR - Extension: avast! Ad Blocker = C:\Users\BRUCE\AppData\Local\Google\Chrome\User Data\Default\Extensions\fplhdcjmbpfkejbhngmlngaecbjmoimd\8.0_0\

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Ad Blocker) - {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files\AVAST Software\avast! Ad Blocker IE\Adblocker32.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\pcTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [DW7] "C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe" File not found
O4 - HKCU..\Run: [GarminExpressTrayApp] C:\Program Files\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: google.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: poha.com ([exchange] https in Trusted sites)
O15 - HKCU\..Trusted Domains: taxnotebook.com ([www] https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1735FE75-10B7-4896-91FA-5E0551B9DDE9}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\BRUCE\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\BRUCE\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/03/21 18:15:50 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/11/15 11:08:04 | 000,000,036 | -H-- | M] () - L:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{2a5e7693-a966-11df-a181-001a92b6890f}\Shell - "" = AutoRun
O33 - MountPoints2\{2a5e7693-a966-11df-a181-001a92b6890f}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{e1f1afc7-c375-11de-8a1a-001a92b6890f}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://www.garmin.com/agent
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nikon Monitor.lnk - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe - (Nikon Corporation)
MsConfig - StartUpFolder: C:^Users^BRUCE^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
MsConfig - StartUpReg: APSDaemon - hkey= - key= - c:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: ehTray.exe - hkey= - key= - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: hpsysdrv - hkey= - key= - c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: IAAnotif - hkey= - key= - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - c:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: KBD - hkey= - key= - C:\hp\KBD\KbdStub.exe ()
MsConfig - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: Persistence - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - File not found
MsConfig - StartUpReg: SBC_McciTrayApp - hkey= - key= - C:\Program Files\SBC\update\SST.exe (Motive Communications, Inc.)
MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - File not found
MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: MsMpSvc - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - File not found
SafeBootNet: MsMpSvc - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivXNetworks, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/08/08 23:49:23 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/08/08 23:49:16 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/08/08 23:49:16 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/08/08 23:49:16 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/08/08 22:24:43 | 000,204,784 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys
[2013/08/08 22:24:43 | 000,104,752 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFW.sys
[2013/08/08 22:24:42 | 000,021,576 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
[2013/08/08 22:24:34 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswNdis.sys
[2013/08/08 22:22:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2013/08/05 04:55:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/08/05 00:24:53 | 000,000,000 | ---D | C] -- C:\Users\BRUCE\Desktop\PC Tools
[2013/08/05 00:23:05 | 000,000,000 | ---D | C] -- C:\Users\BRUCE\Desktop\ObamaCare Stuff
[2013/08/05 00:22:40 | 000,000,000 | ---D | C] -- C:\Users\BRUCE\Desktop\Risk Mgt Articles
[2013/08/05 00:11:29 | 000,000,000 | ---D | C] -- C:\Users\BRUCE\Desktop\GeeksToGo 080413
[2013/07/29 08:54:49 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2013/07/29 08:54:48 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2013/07/29 08:53:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home
[2013/07/29 01:35:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
[2013/07/29 01:35:15 | 000,000,000 | ---D | C] -- C:\Program Files\Seagate
[2013/07/29 01:20:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2013/07/29 01:18:08 | 000,201,872 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2013/07/29 01:16:56 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2013/07/29 01:16:56 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2013/07/29 01:16:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2013/07/29 01:16:39 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2013/07/29 01:12:38 | 000,000,000 | ---D | C] -- C:\Users\BRUCE\AppData\Local\The Weather Channel
[2013/07/29 01:09:53 | 000,029,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/07/29 01:09:52 | 000,369,584 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/07/29 01:09:51 | 000,049,760 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2013/07/29 01:09:50 | 000,056,080 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/07/29 01:09:48 | 000,770,344 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/07/29 01:09:42 | 000,229,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013/07/29 01:09:42 | 000,066,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/07/29 01:08:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013/07/29 01:08:21 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/07/28 22:07:41 | 000,172,416 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
[2013/07/28 16:04:39 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2013/07/28 15:53:38 | 000,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
[2013/07/24 08:21:30 | 000,000,000 | ---D | C] -- C:\Windows\tasks\TaskDisabled
[2013/07/20 18:23:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AT&T
[2013/07/20 18:22:23 | 000,000,000 | ---D | C] -- C:\Program Files\ATT-SST
[2013/07/20 17:00:37 | 000,000,000 | ---D | C] -- C:\Users\BRUCE\AppData\Local\{6A7F261E-3225-4D98-B609-1C8DA4B8E763}
[2013/07/20 16:49:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/07/20 16:35:48 | 000,000,000 | ---D | C] -- C:\Users\BRUCE\AppData\Roaming\Oracle
[2013/07/20 04:53:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix
[2013/07/20 04:30:48 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2013/07/20 00:59:52 | 000,000,000 | ---D | C] -- C:\Users\BRUCE\AppData\Local\Secunia PSI
[2013/07/19 22:31:55 | 000,029,528 | ---- | C] (IObit) -- C:\Windows\System32\SmartDefragBootTime.exe
[2013/07/19 18:24:01 | 000,000,000 | ---D | C] -- C:\Users\BRUCE\AppData\Local\{EF428126-1D9B-4E51-BA3D-B26892C36840}
[2013/07/18 01:05:30 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/07/18 01:05:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/07/18 01:05:28 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/07/18 01:05:28 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/07/18 01:05:28 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/07/18 01:05:25 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/07/18 01:05:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/07/18 01:05:23 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/07/18 00:54:01 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/07/18 00:53:01 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013/07/18 00:53:00 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013/07/18 00:53:00 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013/07/18 00:52:59 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013/07/18 00:52:59 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013/07/18 00:52:58 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013/07/18 00:52:58 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013/07/18 00:52:58 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013/07/18 00:46:01 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2013/07/18 00:45:57 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2013/07/17 21:55:06 | 000,000,000 | ---D | C] -- C:\Users\BRUCE\AppData\Roaming\SpeedyPC Software
[2013/07/17 21:54:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2013/07/12 20:53:52 | 000,000,000 | ---D | C] -- C:\ProgramData\RoboForm
[2013/07/12 20:42:50 | 000,000,000 | ---D | C] -- C:\Users\BRUCE\Documents\My Avast EasyPass Data
[2013/07/12 20:37:30 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/07/12 20:36:06 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/07/12 16:02:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Citrix
[2013/07/12 16:00:03 | 000,000,000 | ---D | C] -- C:\Users\BRUCE\AppData\Roaming\ICAClient
[2013/07/12 16:00:03 | 000,000,000 | ---D | C] -- C:\Users\BRUCE\AppData\Local\Citrix
[2013/07/12 15:59:55 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2013/07/12 15:44:36 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2013/07/12 00:50:11 | 000,000,000 | ---D | C] -- C:\Users\BRUCE\AppData\Roaming\Virus Scan
[2013/07/11 18:42:54 | 000,000,000 | ---D | C] -- C:\Users\BRUCE\AppData\Local\ElevatedDiagnostics
[2013/07/10 21:47:20 | 000,000,000 | ---D | C] -- C:\Users\BRUCE\Documents\Sony PMB
[2013/07/10 21:46:00 | 000,000,000 | ---D | C] -- C:\Users\BRUCE\AppData\Roaming\Sony Corporation
[2013/07/10 21:39:09 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2013/07/10 20:03:19 | 000,000,000 | ---D | C] -- C:\Users\BRUCE\Documents\TX Unclaimed property
[2013/07/10 07:11:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2010/03/08 02:29:07 | 027,024,112 | ---- | C] (Microsoft Corporation) -- C:\Users\BRUCE\PowerPointViewer.exe

========== Files - Modified Within 30 Days ==========

[2013/08/09 00:20:26 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/08/08 23:58:41 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/08 23:55:51 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/08 23:49:01 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/08/08 23:48:58 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/08/08 23:48:58 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/08/08 23:48:57 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2013/08/08 23:48:57 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013/08/08 23:48:57 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/08/08 23:42:48 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013/08/08 23:42:35 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/08 23:41:56 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/08 23:41:55 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/08 23:41:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/08 23:41:40 | 1600,614,400 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/08 22:22:59 | 000,001,791 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013/08/06 23:47:06 | 000,640,636 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/08/06 23:47:06 | 000,118,888 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/08/05 00:32:02 | 000,030,208 | ---- | M] () -- C:\Users\BRUCE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/08/04 22:14:32 | 000,000,345 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/08/04 03:00:00 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\RegSERVO.job
[2013/07/29 08:53:25 | 000,001,801 | ---- | M] () -- C:\Users\Public\Desktop\PlayMemories Home.lnk
[2013/07/29 08:53:25 | 000,001,705 | ---- | M] () -- C:\Users\Public\Desktop\PlayMemories Home Help.lnk
[2013/07/29 03:32:47 | 000,000,616 | ---- | M] () -- C:\Users\BRUCE\Application Data\Microsoft\Internet Explorer\Quick Launch\SeaToolsforWindowsSetup-1208 - Shortcut.lnk
[2013/07/29 03:29:05 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2013/07/29 03:29:05 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2013/07/29 01:22:01 | 000,000,847 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/07/29 01:18:09 | 000,201,872 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2013/07/29 01:16:56 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2013/07/29 01:16:56 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2013/07/29 01:16:39 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2013/07/29 01:09:58 | 000,770,344 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/07/29 01:09:58 | 000,369,584 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/07/29 01:09:58 | 000,175,176 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/07/29 01:09:58 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/07/29 01:09:58 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/07/29 01:09:58 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/07/28 16:04:44 | 000,000,861 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2013/07/27 16:00:59 | 000,013,464 | ---- | M] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2013/07/27 00:04:56 | 166,937,013 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/07/24 22:29:05 | 000,000,905 | ---- | M] () -- C:\Users\BRUCE\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/07/24 21:49:44 | 000,000,000 | ---- | M] () -- C:\asc_rdflag
[2013/07/24 21:38:32 | 000,001,910 | ---- | M] () -- C:\Users\Public\Desktop\AT&T Troubleshoot & Resolve Tool.lnk
[2013/07/23 00:40:51 | 000,302,536 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/07/20 16:49:28 | 000,002,035 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/07/20 04:53:41 | 000,002,026 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Online plug-in.lnk
[2013/07/20 03:35:23 | 000,005,892 | ---- | M] () -- C:\Users\BRUCE\AppData\Local\d3d9caps.dat
[2013/07/20 01:19:44 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/07/20 01:19:44 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/07/19 22:31:33 | 000,000,949 | ---- | M] () -- C:\Users\BRUCE\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Defrag 2.lnk
[2013/07/13 03:12:27 | 000,000,000 | ---- | M] () -- C:\search.sqlite

========== Files Created - No Company Name ==========

[2013/08/08 22:22:59 | 000,001,791 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013/07/29 08:53:25 | 000,001,825 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home.lnk
[2013/07/29 08:53:25 | 000,001,801 | ---- | C] () -- C:\Users\Public\Desktop\PlayMemories Home.lnk
[2013/07/29 08:53:25 | 000,001,705 | ---- | C] () -- C:\Users\Public\Desktop\PlayMemories Home Help.lnk
[2013/07/29 03:32:47 | 000,000,616 | ---- | C] () -- C:\Users\BRUCE\Application Data\Microsoft\Internet Explorer\Quick Launch\SeaToolsforWindowsSetup-1208 - Shortcut.lnk
[2013/07/29 03:29:05 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2013/07/29 03:29:05 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2013/07/29 01:22:01 | 000,000,847 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/07/29 01:09:58 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/07/29 01:09:58 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/07/29 01:09:58 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/07/29 01:09:47 | 000,175,176 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/07/29 01:09:47 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/07/28 16:04:44 | 000,000,861 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2013/07/28 16:04:44 | 000,000,824 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2013/07/27 15:45:56 | 000,000,345 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/07/27 00:04:56 | 166,937,013 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/07/24 21:49:44 | 000,000,000 | ---- | C] () -- C:\asc_rdflag
[2013/07/20 18:23:58 | 000,001,910 | ---- | C] () -- C:\Users\Public\Desktop\AT&T Troubleshoot & Resolve Tool.lnk
[2013/07/20 04:53:41 | 000,002,026 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Online plug-in.lnk
[2013/07/20 04:01:35 | 1600,614,400 | -HS- | C] () -- C:\hiberfil.sys
[2013/07/19 22:31:34 | 000,015,672 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2013/07/13 03:12:27 | 000,000,000 | ---- | C] () -- C:\search.sqlite
[2013/06/28 01:44:27 | 000,449,481 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2013/03/25 00:42:12 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2013/02/10 15:38:36 | 000,013,464 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2012/07/19 00:36:26 | 004,503,728 | ---- | C] () -- C:\ProgramData\pmt_0piot.pad
[2012/01/30 14:48:42 | 000,005,892 | ---- | C] () -- C:\Users\BRUCE\AppData\Local\d3d9caps.dat
[2011/02/14 01:36:16 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/10/26 01:46:53 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Ambience
[2010/10/26 01:46:52 | 000,000,268 | -H-- | C] () -- C:\Users\BRUCE\AppData\Roaming\AccountTypes
[2010/10/26 00:02:09 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2010/03/14 13:43:55 | 000,000,088 | ---- | C] () -- C:\Users\BRUCE\AppData\Roaming\usb.inf
[2007/07/25 16:06:10 | 000,031,802 | ---- | C] () -- C:\Users\BRUCE\AppData\Roaming\UserTile.png
[2007/06/28 10:19:37 | 000,030,208 | ---- | C] () -- C:\Users\BRUCE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/05 09:54:26 | 000,000,314 | ---- | C] () -- C:\Users\BRUCE\AppData\Roaming\wklnhst.dat
[2007/05/30 23:26:59 | 000,000,318 | ---- | C] () -- C:\Users\BRUCE\Public.lnk

========== ZeroAccess Check ==========

[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: SCSI
Media Type: Fixed hard disk media
Model: ST3320820AS
Partitions: 2
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - External hard disk media
Interface type: USB
Media Type: External hard disk media
Model: WD 3200JB External USB Device
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 290.00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 8.00GB
Starting Offset: 311820364800
Hidden sectors: 0


DeviceID: Disk #1, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 298.00GB
Starting Offset: 32256
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2011/04/06 07:38:54 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\Adobe
[2007/06/05 12:42:41 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\AdobeUM
[2012/11/14 08:10:03 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\Apple Computer
[2008/07/09 16:38:18 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/07/20 04:42:06 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\Download Manager
[2013/06/20 00:41:14 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\GARMIN
[2013/07/17 23:57:39 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\GlarySoft
[2007/09/07 01:59:38 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\Google
[2007/06/05 16:35:04 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\Hewlett-Packard
[2013/08/04 18:45:27 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\HpUpdate
[2013/07/20 04:45:47 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\ICAClient
[2007/05/30 23:26:51 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\Identities
[2007/06/04 12:27:51 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\InstallShield
[2013/07/17 23:57:40 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\IObit
[2008/05/24 17:54:19 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\Laplink
[2009/10/28 00:45:07 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\Leadertech
[2007/05/30 23:21:56 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\Macromedia
[2012/07/10 02:07:59 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\Malwarebytes
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\Media Center Programs
[2011/04/06 07:38:54 | 000,000,000 | --SD | M] -- C:\Users\BRUCE\AppData\Roaming\Microsoft
[2010/03/14 08:36:55 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\Motive
[2008/02/18 20:05:31 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\Mozilla
[2011/11/10 05:30:07 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\muvee Technologies
[2012/10/03 05:19:10 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\Nico Mak Computing
[2011/11/10 09:04:37 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\Nikon
[2013/07/20 16:35:48 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\Oracle
[2013/01/04 12:49:15 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\PC Utility Kit
[2013/04/05 23:17:18 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\PDFlite
[2013/07/29 01:27:20 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\Real
[2007/07/04 14:31:08 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\Roxio
[2013/07/10 21:46:00 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\Sony Corporation
[2013/07/17 21:55:06 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\SpeedyPC Software
[2007/06/05 09:54:30 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\Template
[2011/03/10 02:54:54 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\Tific
[2010/08/17 11:02:01 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\U3
[2013/07/29 00:20:39 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\Uniblue
[2013/07/12 01:01:00 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\Virus Scan
[2007/06/04 12:27:48 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\WinBatch
[2011/02/22 00:43:57 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\Windows Live Writer
[2013/07/17 23:57:41 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\{A004037C-8B9A-4390-9074-1D3EEE0A3BDF}

< MD5 for: ATAPI.SYS >
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Users\BRUCE\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20130210T204824914800\internal_ide_channel\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Users\BRUCE\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20130210T204824914800\pci\ven_8086&dev_27df\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Users\BRUCE\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20130210T225339910733\internal_ide_channel\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Users\BRUCE\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20130210T225339910733\pci\ven_8086&dev_27df\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Users\BRUCE\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20130212T042343783600\internal_ide_channel\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Users\BRUCE\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20130212T042343783600\pci\ven_8086&dev_27df\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Users\BRUCE\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20130212T050054434200\internal_ide_channel\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Users\BRUCE\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20130228T012147415733\internal_ide_channel\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Users\BRUCE\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20130628T030942560724\internal_ide_channel\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Users\BRUCE\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20130628T045144244324\internal_ide_channel\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\System32\drivers\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/02/13 11:32:23 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/13 11:32:23 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/13 11:32:23 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CSRSS.EXE >
[2006/11/02 04:45:00 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=117B7C8A8B026A5DCE5E3180ED05E823 -- C:\WINDOWS\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.0.6000.16386_none_56ad21dbe72a9d78\csrss.exe
[2008/01/19 02:33:05 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=ABCA209EBA02CB59233614DB83B4F50D -- C:\WINDOWS\System32\csrss.exe
[2008/01/19 02:33:05 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=ABCA209EBA02CB59233614DB83B4F50D -- C:\WINDOWS\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.0.6001.18000_none_58e3e3d7e415ae4c\csrss.exe

< MD5 for: EXPLORER.EXE >
[2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007/11/13 22:07:51 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007/11/13 22:07:51 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\WINDOWS\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 04:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 02:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2006/11/02 04:46:10 | 000,227,328 | ---- | M] (Microsoft Corporation) MD5=54E9576169A248AD62A1EB9773225826 -- C:\WINDOWS\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6000.16386_none_b61c950a3060adba\mswsock.dll
[2009/04/11 01:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\WINDOWS\System32\mswsock.dll
[2009/04/11 01:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\WINDOWS\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_ba3ed0122a6d89da\mswsock.dll
[2008/01/19 02:35:15 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\WINDOWS\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\mswsock.dll

< MD5 for: NAPINSP.DLL >
[2006/11/02 04:46:11 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=5E72DCFF9FB2374642043899A1C2E446 -- C:\WINDOWS\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.0.6000.16386_none_a9e67ecc9245d5ec\NapiNSP.dll
[2008/01/19 02:35:35 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\WINDOWS\System32\NapiNSP.dll
[2008/01/19 02:35:35 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\WINDOWS\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_ac1d40c88f30e6c0\NapiNSP.dll

< MD5 for: NLAAPI.DLL >
[2006/11/02 04:46:11 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=0F0DA05C44E911301028D9CEC6294EBB -- C:\WINDOWS\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.0.6000.16386_none_654f33cb0dff3491\nlaapi.dll
[2008/01/19 02:35:38 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\WINDOWS\System32\nlaapi.dll
[2008/01/19 02:35:38 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\WINDOWS\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.0.6001.18000_none_6785f5c70aea4565\nlaapi.dll

< MD5 for: PNRPNSP.DLL >
[2008/01/19 02:36:07 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\WINDOWS\System32\pnrpnsp.dll
[2008/01/19 02:36:07 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\WINDOWS\winsxs\x86_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.0.6001.18000_none_717f15b322749509\pnrpnsp.dll
[2006/11/02 07:35:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=C0DC476E89558242848572F9ADE1D685 -- C:\WINDOWS\winsxs\x86_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.0.6000.16386_none_6f4853b725898435\pnrpnsp.dll

< MD5 for: SERVICES.EXE >
[2008/01/19 02:33:28 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2006/11/02 04:45:40 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=329CF3C97CE4C19375C8ABCABAE258B0 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
[2009/04/11 01:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\WINDOWS\System32\services.exe
[2009/04/11 01:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SPOOLSV.EXE >
[2010/08/17 08:32:33 | 000,126,464 | ---- | M] (Microsoft Corporation) MD5=3665F79026A3F91FBCA63F2C65A09B19 -- C:\WINDOWS\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18511_none_d641dcfdc18fec21\spoolsv.exe
[2009/04/11 01:28:05 | 000,127,488 | ---- | M] (Microsoft Corporation) MD5=524BFBEA40E6E404737CCBC754647A2E -- C:\WINDOWS\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.18005_none_d8371c2dbeaa9062\spoolsv.exe
[2008/01/19 02:33:32 | 000,125,952 | ---- | M] (Microsoft Corporation) MD5=846CDF9A3CF4DA9B306ADFB7D55EE4C2 -- C:\WINDOWS\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18000_none_d64ba321c188c516\spoolsv.exe
[2010/08/17 09:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=8554097E5136C3BF9F69FE578A1B35F4 -- C:\WINDOWS\System32\spoolsv.exe
[2010/08/17 09:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=8554097E5136C3BF9F69FE578A1B35F4 -- C:\WINDOWS\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.18294_none_d7d4d063bef46cd2\spoolsv.exe
[2010/08/17 09:20:09 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=AAE98B295E88D439A6E0F6E8929424FB -- C:\WINDOWS\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.22468_none_d882e000d7f61b4c\spoolsv.exe
[2006/11/02 04:45:46 | 000,124,928 | ---- | M] (Microsoft Corporation) MD5=DA612EF2556776DF2630B68BF2D48935 -- C:\WINDOWS\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6000.16386_none_d414e125c49db442\spoolsv.exe
[2010/08/17 08:27:48 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=E807FC542C295BA256CE3567829E02A6 -- C:\WINDOWS\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.22743_none_d6ad0c7edac40f93\spoolsv.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 04:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\WINDOWS\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 02:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\WINDOWS\System32\svchost.exe
[2008/01/19 02:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\WINDOWS\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 02:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\WINDOWS\System32\userinit.exe
[2008/01/19 02:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\WINDOWS\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 04:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\WINDOWS\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\System32\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 04:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 02:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WINRNR.DLL >
[2009/04/11 01:28:25 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C411C80F90D6732380352B98B37BBD53 -- C:\WINDOWS\System32\winrnr.dll
[2009/04/11 01:28:25 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C411C80F90D6732380352B98B37BBD53 -- C:\WINDOWS\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6002.18005_none_5b39cbfb4d3802b6\winrnr.dll
[2006/11/02 04:46:14 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=FF78B8E67EDCE9FEED651D7858D77A04 -- C:\WINDOWS\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6000.16386_none_571790f3532b2696\winrnr.dll

< MD5 for: WSHELPER.DLL >
[2006/11/02 04:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\WINDOWS\System32\wshelper.dll
[2006/11/02 04:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\WINDOWS\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\wshelper.dll

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/07/24 19:49:49 | 000,846,288 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2013/07/24 19:49:49 | 000,846,288 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2013/07/24 19:49:49 | 000,846,288 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013/07/24 19:49:49 | 000,846,288 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/03/29 23:58:41 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/03/29 23:58:41 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/03/29 23:58:41 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/05/28 21:24:32 | 000,757,400 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2013/05/28 21:24:32 | 000,757,400 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/07/24 19:49:49 | 000,846,288 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2013/07/24 19:49:49 | 000,846,288 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2013/07/24 19:49:49 | 000,846,288 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013/07/24 19:49:49 | 000,846,288 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/03/29 23:58:41 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/03/29 23:58:41 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/03/29 23:58:41 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/05/28 21:24:32 | 000,757,400 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2013/05/28 21:24:32 | 000,757,400 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:07BF512B
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

OTL Extras logfile created on: 09/08/2013 12:29:02 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\BRUCE\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

1.49 Gb Total Physical Memory | 0.58 Gb Available Physical Memory | 39.09% Memory free
3.23 Gb Paging File | 1.99 Gb Available in Paging File | 61.57% Paging File free
Paging file location(s): c:\pagefile.sys 1825 2287 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 290.41 Gb Total Space | 172.61 Gb Free Space | 59.44% Space Free | Partition Type: NTFS
Drive D: | 7.68 Gb Total Space | 0.87 Gb Free Space | 11.27% Space Free | Partition Type: NTFS
Drive L: | 298.02 Gb Total Space | 151.57 Gb Free Space | 50.86% Space Free | Partition Type: FAT32

Computer Name: BRUCE-PC | User Name: BRUCE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = PDFlite.Document] -- C:\Program Files\PDFlite\pdflite.exe (Amnis Technology Ltd.)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- Reg Error: Value error. File not found
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- Reg Error: Value error.
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1365476798-2678602475-2493244682-1001]
"EnableNotificationsRef" = 3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{004D55D0-A051-41CA-AFA7-E2AA181EB090}" = lport=9442 | protocol=17 | dir=in | name=intel® viiv™ media server discovery |
"{1D455B8E-2327-4B27-A94B-716CF75AF955}" = rport=445 | protocol=6 | dir=out | app=system |
"{3431464B-AC15-4E9B-B70E-4D8EBAC8D9A7}" = lport=445 | protocol=6 | dir=in | app=system |
"{5A2AF195-F42A-4149-8CB8-41BF4B70349E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{7B1C17CC-FB31-4150-9185-DC5E59A30F97}" = rport=137 | protocol=17 | dir=out | app=system |
"{808677CF-BC48-4F89-B45A-7BDEEC5F2E92}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9030472C-6AE0-4117-9900-6E5C92C59E9B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{929FA9DD-7307-4C5B-BD2B-98877C2D0EB2}" = rport=139 | protocol=6 | dir=out | app=system |
"{96DA79D5-A1C2-4464-90ED-0E49549BDCBC}" = lport=138 | protocol=17 | dir=in | app=system |
"{B0F8AECA-4261-46D4-89ED-0D772C73ED56}" = lport=1900 | protocol=17 | dir=in | name=intel® viiv™ media server upnp discovery |
"{CE449A07-807C-4480-A173-A3164F49A913}" = lport=137 | protocol=17 | dir=in | app=system |
"{E36213D9-9D1E-4B36-817F-AEF22BED4185}" = lport=139 | protocol=6 | dir=in | app=system |
"{F438FDB8-58FC-424F-8DAD-E11F1B656A40}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F8D5A5D1-297F-48FE-BE58-CE5B9969B811}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A1AD62B-551F-4575-B522-CE42BD122F3D}" = protocol=6 | dir=in | app=c:\program files\common files\motive\pcservicehost.exe |
"{0F764DC7-CE68-431F-AEE6-26BE0DA55F7A}" = protocol=1 | dir=in | [email protected],-28543 |
"{1A692177-84A7-4660-8744-EB73F96D6594}" = protocol=1 | dir=out | [email protected],-28544 |
"{1F7715FC-41B3-4F1E-8C1A-0B07C9E5FCC0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{20540AB0-07BC-4F07-8AFE-D27961CCAC4C}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{231A457D-B7BE-43EE-9394-31C3194F0F00}" = protocol=58 | dir=out | [email protected],-28546 |
"{297EAB7F-4DAE-438B-B363-3A9382200BAB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2A81D1D8-E691-45FC-91AB-1721197BC027}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{52773B10-0B29-4760-8505-8F6B65C307F7}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{5AE177EF-D4B5-4EE7-BF30-A16009102739}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{5C982842-A765-4730-B10B-936F7275F43D}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{652FED3A-8ED6-4995-A7C5-D54BF3BE6E3F}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{72CBE6B6-7B22-44EF-84A2-65B7ABF72FBA}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{7B732582-7C26-4063-9088-328D54738BDB}" = protocol=17 | dir=in | app=c:\program files\common files\motive\pcservicehost.exe |
"{7D1594C6-0FBC-49C3-88AB-65D6DC024D22}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{809D75E9-686A-47DD-9E6F-A14291B68CAD}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{8DD5F739-F4B6-4B23-AC2F-B4B50426DBBF}" = protocol=6 | dir=in | app=c:\program files\common files\motive\pcservicehost.exe |
"{948963F9-E10E-4411-841F-A1792C929CF3}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{96984CA8-08DA-4BDC-A055-757F88DE66F1}" = protocol=58 | dir=in | [email protected],-28545 |
"{A1368B6F-3B71-49D3-83DD-D0C2A10E6B2D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A6BB2138-ABAD-40AD-98CF-615A4034791E}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{AC0CF4AD-B67E-439F-AC18-C48D7CBE65F3}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{AD3C263C-31F9-489A-A49B-FEA1079A4FDD}" = protocol=17 | dir=in | app=c:\program files\common files\motive\pcservicehost.exe |
"{B93D4898-60B1-4D37-86C7-241C8FBECA90}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{BB8E2CDC-DCDD-4205-B74B-2F09BAB9FC1E}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{C00E1733-5AED-493E-807F-0E5FDB2AA9BD}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{C334FBD5-BBCE-435A-B101-A14FAC9D52F7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C63A27AA-C908-4C52-8EE1-12EEC07A37F1}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{C679CD3F-CAFB-405E-B498-DA4CC0BFD2A7}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{DC9B7E55-CBFC-4D88-BB79-E559ED138BA4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DDB05638-F772-4846-9845-D986A5034602}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DFC35F56-A0CD-4092-8468-F26C37325CDA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E03A6CD0-455C-4B7B-ACFE-3DB0C1FA6A4D}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{021C6667-63D3-4416-B537-865E77F4DF4F}" = avast! Ad Blocker
"{023D64D7-E7B4-47C7-BE6E-B7C2E8960D08}" = Citrix online plug-in (Web)
"{0657DE52-8F5C-4073-B70C-ED4F3F7FA076}" = PlayMemories Home
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A5B39D2-7ED6-4779-BCC9-37F381139DB3}" = Adobe AIR
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F7319A9-083D-40B3-8256-00A6F3C2AAA2}" = Citrix online plug-in (SSON)
"{117F771F-EA62-437B-AA3C-65F77B1E4C63}" = AT&T Quick Fix Client
"{133236FE-E2F7-4313-8BF8-A10ACAAA7CB9}" = Citrix online plug-in (USB)
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{1945A4B5-73B6-4DE9-99A3-05261B7FDED0}" = Shared C Run-time for x86
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{26DE7BAD-453E-4C96-979F-1C288ECAA159}" = Intel® Network Connections 16.7.166.0
"{290B83AA-093A-45BF-A917-D1C4A1E8D917}" = HP Active Support Library
"{29622F4A-245C-4126-8764-897E21E888D1}" = Google Earth Pro
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2FC7287D-39DD-4A84-9806-D27D3CCDC51B}" = Citrix online plug-in (Web)
"{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}" = Virtual Earth 3D (Beta)
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{4CFE23CC-779D-4572-A76F-AB60A958BC79}" = Adobe Flash Player 11 ActiveX
"{548B3DC6-2300-47E1-BA7B-74AD25F8DEBF}" = Form Fill (Windows Live Toolbar)
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{57287FDF-27E6-45BC-9DD2-A33545C46C1A}" = Citrix online plug-in (HDX)
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65135558-F1AE-4B9B-8C0B-180730ACA261}" = Garmin Express
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.0.2
"{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E7BF6EC-C3E7-43A7-8A03-0D204E3EC01B}" = Intel® Viiv™ Software
"{6F2FDD50-E0F3-4117-B575-78E77F8D11EF}" = Citrix online plug-in (DV)
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77CA976C-403C-47E2-940B-733ECAB6F62B}" = muvee autoProducer 5.0
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{8144262B-25B4-44F6-8204-FCC8EF50179F}" = Citrix online plug-in (DV)
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{876AB032-B2A4-41FF-AF87-DBC78454C1B0}" = Garmin Update Service
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{913778D3-E1D8-4B55-9246-3308C54D3162}" = Citrix online plug-in (PNA)
"{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}" = iTunes
"{925F1DB6-E86E-4378-9091-D1F68B0583C9}" = iCloud
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{93765DFA-8A67-41FB-9FC0-B12341CA65F3}" = Elevated Installer
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B5C92C15-F625-41E6-9646-245FA011E3DB}" = SlimComputer
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{C233BCC3-29C4-49C0-B955-0A94509FC4FC}" = Garmin Express Tray
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}" = System Requirements Lab for Intel
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E1D00057-82F0-4EA1-91C2-270682EB9C98}" = SlimDrivers
"{e47a5c85-88a2-47d2-b380-fc2e763c2e6d}" = Garmin Express
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EA74A293-3FAC-4D1B-AE3A-3BD47FADDC20}" = Citrix online plug-in (HDX)
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3885DDF-E711-4F14-B4C9-5CA3F07A13E9}" = PCsync
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"ATT-ATT Management Agent" = ATT Management Agent
"ATT-HSI" = ATT-HSI
"ATT-SST" = AT&T Troubleshoot & Resolve Tool
"avast" = avast! Internet Security
"Belarc Advisor" = Belarc Advisor 8.3
"CitrixOnlinePluginFull" = Citrix online plug-in
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"Defraggler" = Defraggler
"FileHippo.com" = FileHippo.com Update Checker
"Free Window Registry Repair" = Free Window Registry Repair
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Intel® Configuration Center" = Intel® Viiv™ Software
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"OsdMaestro" = HP On-Screen Caps/Num/Scroll Lock Indicator
"PDFlite" = PDFlite 0.9.0.0
"PROSetDX" = Intel® Network Connections 16.7.166.0
"RealPlayer 16.0" = RealPlayer
"Recuva" = Recuva
"Secunia PSI" = Secunia PSI (3.0.0.7011)
"Smart Defrag 2_is1" = Smart Defrag 2
"SystemRequirementsLab" = System Requirements Lab
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 04/08/2013 11:26:55 PM | Computer Name = BRUCE-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16496 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1628 Start Time: 01ce918b0ea351cf Termination Time: 187

Error - 04/08/2013 11:39:14 PM | Computer Name = BRUCE-PC | Source = Perflib | ID = 1010
Description =

Error - 05/08/2013 5:19:58 AM | Computer Name = BRUCE-PC | Source = MsiInstaller | ID = 11316
Description =

Error - 05/08/2013 5:33:37 AM | Computer Name = BRUCE-PC | Source = Application Error | ID = 1000
Description = Faulting application MsMpEng.exe, version 4.1.522.0, time stamp 0x505124fc,
faulting module mpclient.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception
code 0xc0000135, fault offset 0x00009f5d, process id 0x4198, application start time
0x01ce91bedbd79b0f.

Error - 05/08/2013 5:39:37 AM | Computer Name = BRUCE-PC | Source = Application Error | ID = 1000
Description = Faulting application MsMpEng.exe, version 4.1.522.0, time stamp 0x505124fc,
faulting module mpclient.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception
code 0xc0000135, fault offset 0x00009f5d, process id 0x5fec, application start time
0x01ce91bfb30f202f.

Error - 05/08/2013 8:32:36 AM | Computer Name = BRUCE-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 07/08/2013 12:21:56 AM | Computer Name = BRUCE-PC | Source = MatSvc | ID = 262159
Description = The scheduled MATS task encountered a failure when collecting configuration
data. hr=0x80070005 .

Error - 07/08/2013 12:25:56 AM | Computer Name = BRUCE-PC | Source = MatSvc | ID = 262153
Description = The MATS service encountered a failure when diagnosing problems. hr=0x80040154
SAP
folder: C:\Program Files\Microsoft Fix it Center\SAPFolder\Scheduled\DDA435FA-6E05-4DBF-80FE-C4EBE882E798.32


Error - 07/08/2013 12:25:57 AM | Computer Name = BRUCE-PC | Source = MatSvc | ID = 262159
Description = The scheduled MATS task encountered a failure when collecting configuration
data. hr=0x80040154 .

Error - 07/08/2013 1:21:33 AM | Computer Name = BRUCE-PC | Source = Application Error | ID = 1000
Description = Faulting application EXCEL.EXE, version 12.0.6665.5003, time stamp
0x5061d2a8, faulting module gdiplus.dll_unloaded, version 0.0.0.0, time stamp 0x515ba857,
exception code 0xc0000005, fault offset 0x74a574b2, process id 0xb7c, application
start time 0x01ce932640738c85.

[ IntelDH Events ]
Error - 04/07/2011 7:58:43 PM | Computer Name = BRUCE-PC | Source = CCU_Engine | ID = 15
Description = A CCU internal function detected an error: CCUEngine failed to create
the DataManager

Error - 04/07/2011 7:58:43 PM | Computer Name = BRUCE-PC | Source = UIMgr | ID = 17
Description = A CCU interface function returned an error: CCUUIManager could not
create an instance of the CCU Engine

Error - 10/11/2011 6:29:40 AM | Computer Name = BRUCE-PC | Source = CCU_Engine | ID = 15
Description = A CCU internal function detected an error: CCUEngine failed to create
the DataManager

Error - 10/11/2011 6:29:40 AM | Computer Name = BRUCE-PC | Source = UIMgr | ID = 17
Description = A CCU interface function returned an error: CCUUIManager could not
create an instance of the CCU Engine

Error - 09/05/2012 10:16:47 PM | Computer Name = BRUCE-PC | Source = CCU_Engine | ID = 15
Description = A CCU internal function detected an error: CCUEngine failed to create
the DataManager

Error - 09/05/2012 10:16:47 PM | Computer Name = BRUCE-PC | Source = UIMgr | ID = 17
Description = A CCU interface function returned an error: CCUUIManager could not
create an instance of the CCU Engine

Error - 10/05/2012 5:51:08 AM | Computer Name = BRUCE-PC | Source = CCU_Engine | ID = 15
Description = A CCU internal function detected an error: CCUEngine failed to create
the DataManager

[ Media Center Events ]
Error - 20/05/2012 10:30:01 PM | Computer Name = BRUCE-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 21/05/2012 12:08:47 AM | Computer Name = BRUCE-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 21/05/2012 1:54:30 AM | Computer Name = BRUCE-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 21/05/2012 8:40:05 AM | Computer Name = BRUCE-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 23/05/2012 5:32:07 AM | Computer Name = BRUCE-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 23/05/2012 7:18:04 AM | Computer Name = BRUCE-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 11/07/2013 3:58:01 AM | Computer Name = BRUCE-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 424
seconds with 360 seconds of active time. This session ended with a crash.

Error - 11/07/2013 6:55:51 AM | Computer Name = BRUCE-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 75
seconds with 60 seconds of active time. This session ended with a crash.

Error - 17/07/2013 8:41:31 PM | Computer Name = BRUCE-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 289
seconds with 240 seconds of active time. This session ended with a crash.

Error - 17/07/2013 9:07:12 PM | Computer Name = BRUCE-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1527
seconds with 1500 seconds of active time. This session ended with a crash.

Error - 22/07/2013 8:32:17 PM | Computer Name = BRUCE-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 210
seconds with 60 seconds of active time. This session ended with a crash.

Error - 22/07/2013 10:57:16 PM | Computer Name = BRUCE-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 7578
seconds with 7140 seconds of active time. This session ended with a crash.

Error - 25/07/2013 12:16:40 AM | Computer Name = BRUCE-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 66
seconds with 60 seconds of active time. This session ended with a crash.

Error - 28/07/2013 11:05:51 PM | Computer Name = BRUCE-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 40
seconds with 0 seconds of active time. This session ended with a crash.

Error - 04/08/2013 3:07:43 PM | Computer Name = BRUCE-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1097
seconds with 600 seconds of active time. This session ended with a crash.

Error - 07/08/2013 1:21:32 AM | Computer Name = BRUCE-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 3318
seconds with 1680 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 08/08/2013 9:44:21 PM | Computer Name = BRUCE-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 08/08/2013 9:44:21 PM | Computer Name = BRUCE-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 08/08/2013 9:50:23 PM | Computer Name = BRUCE-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 09/08/2013 12:40:10 AM | Computer Name = BRUCE-PC | Source = DCOM | ID = 10010
Description =

Error - 09/08/2013 12:43:24 AM | Computer Name = BRUCE-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 09/08/2013 12:43:24 AM | Computer Name = BRUCE-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 09/08/2013 12:43:24 AM | Computer Name = BRUCE-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 09/08/2013 12:43:24 AM | Computer Name = BRUCE-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 09/08/2013 12:43:24 AM | Computer Name = BRUCE-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 09/08/2013 12:43:32 AM | Computer Name = BRUCE-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >
  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Let's see if we can get rid of McAfee completely.

I am attaching another runfix.txt file. Save it, open it and Ctrl + a then Ctrl + c. Start up OTL and paste the text in by Ctrl + v. Then press the RUN FIX button. Copy and paste the log into a reply then run OTL again, Quickscan and post the log.
  • 0

Advertisements


#11
USAFA74F15

USAFA74F15

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
OTL logfile created on: 09/08/2013 8:44:26 AM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\BRUCE\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

1.49 Gb Total Physical Memory | 0.66 Gb Available Physical Memory | 44.00% Memory free
3.23 Gb Paging File | 1.95 Gb Available in Paging File | 60.26% Paging File free
Paging file location(s): c:\pagefile.sys 1825 2287 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 290.41 Gb Total Space | 171.24 Gb Free Space | 58.97% Space Free | Partition Type: NTFS
Drive D: | 7.68 Gb Total Space | 0.86 Gb Free Space | 11.25% Space Free | Partition Type: NTFS
Drive L: | 298.02 Gb Total Space | 151.57 Gb Free Space | 50.86% Space Free | Partition Type: FAT32

Computer Name: BRUCE-PC | User Name: BRUCE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/27 13:33:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\BRUCE\Downloads\OTL.exe
PRC - [2013/07/24 19:49:49 | 000,846,288 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/07/18 00:36:56 | 000,217,992 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
PRC - [2013/07/03 15:00:44 | 005,271,040 | ---- | M] (Joyent, Inc) -- C:\Program Files\ATT\8.3.1.7\ma\bin\node.exe
PRC - [2013/07/03 15:00:44 | 000,321,024 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\ATT\8.3.1.7\ma\bin\MAHostService.exe
PRC - [2013/07/03 03:32:44 | 001,228,504 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2013/07/03 03:32:44 | 000,660,184 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2013/07/03 03:32:42 | 000,563,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2013/06/30 10:31:02 | 001,888,576 | ---- | M] (IObit) -- C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2013/06/26 09:22:49 | 001,598,128 | ---- | M] (AVG Secure Search) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
PRC - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/09 03:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 03:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/05/09 03:58:27 | 000,137,960 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2013/05/07 10:57:52 | 001,984,000 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\ATT-SST\pcTrayApp.exe
PRC - [2013/05/07 10:54:54 | 000,369,152 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\pcCMService.exe
PRC - [2013/05/07 10:54:02 | 000,342,528 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\pcServiceHost.exe
PRC - [2013/04/24 05:30:28 | 000,483,864 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
PRC - [2013/04/24 05:26:56 | 000,740,888 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Users\BRUCE\Downloads\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Users\BRUCE\Downloads\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Users\BRUCE\Downloads\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/27 16:18:02 | 001,098,072 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files\Garmin\Express Tray\ExpressTray.exe
PRC - [2013/03/27 16:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
PRC - [2013/03/08 16:30:12 | 000,957,512 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
PRC - [2013/02/19 21:10:16 | 000,203,848 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe
PRC - [2012/03/28 02:28:44 | 000,735,168 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2011/09/26 18:15:36 | 000,117,920 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\IPROSetMonitor.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/06/02 18:50:34 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2006/09/11 17:56:20 | 000,188,416 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
PRC - [2006/09/03 12:32:28 | 000,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/03 23:19:57 | 001,226,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\3e35e75d6bb050d75c95df764b607afe\System.WorkflowServices.ni.dll
MOD - [2013/08/03 23:18:09 | 001,087,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\e53c51f2db178f4635682598a38ad9f4\System.ServiceModel.Web.ni.dll
MOD - [2013/07/29 07:37:13 | 000,369,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\c24b36ceb832eabefe020b7453994a87\System.ServiceModel.Routing.ni.dll
MOD - [2013/07/29 07:37:11 | 001,141,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\4e250337cd18240b68997db97a661701\System.ServiceModel.Discovery.ni.dll
MOD - [2013/07/29 07:37:09 | 000,082,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\aab5ffcd3df45c984400184a9a041a8f\System.ServiceModel.Channels.ni.dll
MOD - [2013/07/29 07:36:43 | 001,394,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\fd6ee30e73a33e86f4da7180a38feec7\System.ServiceModel.Activities.ni.dll
MOD - [2013/07/29 07:36:38 | 001,078,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\1489265c93f726f72f59fa268b99af37\System.IdentityModel.ni.dll
MOD - [2013/07/29 07:36:35 | 018,101,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\1fd03dbce5fb842598861bcc46d549a2\System.ServiceModel.ni.dll
MOD - [2013/07/29 07:33:07 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\da2cc25eb270a9d8607ab7486f3ce890\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/07/29 07:33:05 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\8a26ba5b45d30874fbebb0a475b22a75\SMDiagnostics.ni.dll
MOD - [2013/07/29 07:33:04 | 002,647,552 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\6b3adc90b6f811b557d290e1436e7ff8\System.Runtime.Serialization.ni.dll
MOD - [2013/07/29 07:33:00 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\ac41c2666bb4e3dee06bc72eb45c765d\System.Xml.Linq.ni.dll
MOD - [2013/07/29 07:32:10 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\e8aafadcd1fc0f8f406434176fb97477\System.Xaml.ni.dll
MOD - [2013/07/29 02:41:49 | 018,003,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\4c152db66c5438fbf9e3975858dde0bc\PresentationFramework.ni.dll
MOD - [2013/07/29 02:41:19 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\8d9db55b1eef7728c04fb1ec500089c6\PresentationCore.ni.dll
MOD - [2013/07/29 02:41:06 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\6ea5ee4386d67f4b432a27c40fbff93c\System.Windows.Forms.ni.dll
MOD - [2013/07/29 02:40:55 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9631f1dac820cb6987560f074492150d\PresentationFramework.Aero.ni.dll
MOD - [2013/07/29 02:40:49 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4787bb699ed4291859fb86f15d793add\System.Drawing.ni.dll
MOD - [2013/07/29 02:39:00 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\d3c944049319ebe51e939c9342f0bcc2\WindowsBase.ni.dll
MOD - [2013/07/29 02:38:44 | 005,628,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\91c185bd043af039dcdc93e3fcf87f3d\System.Xml.ni.dll
MOD - [2013/07/29 02:38:36 | 001,013,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\256b7bb1216345c5a66ced50c1cf239d\System.Configuration.ni.dll
MOD - [2013/07/29 02:38:31 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\a1c174e579c9ad4e5b6eeed8a58a721b\System.Core.ni.dll
MOD - [2013/07/29 02:38:14 | 009,099,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\8a6d1c8abeb8eb82f06c7d075130cc67\System.ni.dll
MOD - [2013/07/29 02:37:59 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll
MOD - [2013/07/24 19:49:46 | 000,396,240 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\28.0.1500.95\ppgooglenaclpluginchrome.dll
MOD - [2013/07/24 19:49:44 | 004,052,944 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll
MOD - [2013/07/24 19:48:51 | 001,597,392 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\28.0.1500.95\ffmpegsumo.dll
MOD - [2013/06/08 18:14:16 | 000,048,960 | ---- | M] () -- C:\Program Files\IObit\Smart Defrag 2\NtfsData.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (stllssvr)
SRV - File not found [Unavailable | Unknown] -- C:\Windows\system32\mfevtps.exe -- (mfevtp)
SRV - File not found [Unavailable | Unknown] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - File not found [Unavailable | Unknown] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2013/07/20 01:19:45 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/03 15:00:44 | 000,321,024 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\ATT\8.3.1.7\ma\bin\MAHostService.exe -- (ATT MAHostService)
SRV - [2013/07/03 03:32:44 | 001,228,504 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2013/07/03 03:32:44 | 000,660,184 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2013/06/26 09:22:49 | 001,598,128 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe -- (vToolbarUpdater15.3.0)
SRV - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/05/09 03:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/05/09 03:58:27 | 000,137,960 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2013/05/07 10:54:54 | 000,369,152 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\pcCMService.exe -- (pcCMService)
SRV - [2013/05/07 10:54:02 | 000,342,528 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\pcServiceHost.exe -- (pcServiceHost)
SRV - [2013/04/24 05:30:28 | 000,483,864 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Users\BRUCE\Downloads\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Users\BRUCE\Downloads\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/27 16:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2013/02/19 21:10:16 | 000,203,848 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe -- (RtkAudioService)
SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/09/26 18:15:36 | 000,117,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\System32\IPROSetMonitor.exe -- (Intel®
SRV - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2008/06/02 18:50:34 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/09/11 18:02:44 | 000,544,256 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service)
SRV - [2006/09/11 18:01:04 | 000,167,936 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL)
SRV - [2006/09/11 17:56:32 | 000,075,264 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe -- (ISSM)
SRV - [2006/09/11 17:56:20 | 000,188,416 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService)
SRV - [2006/09/03 12:32:28 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2006/09/01 01:47:56 | 000,026,624 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | Unavailable | Unknown] -- system32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - File not found [Kernel | Unavailable | Unknown] -- system32\drivers\mfehidk.sys -- (mfehidk)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2013/07/29 01:09:58 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/07/29 01:09:58 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/07/29 01:09:58 | 000,175,176 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/07/27 16:00:59 | 000,013,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2013/07/03 03:32:42 | 000,016,024 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\drivers\psi_mf_x86.sys -- (PSI)
DRV - [2013/05/22 18:49:32 | 000,015,672 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2013/05/09 03:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/05/09 03:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/05/09 03:59:09 | 000,204,784 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2013/05/09 03:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/05/09 03:59:09 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2013/05/09 03:59:09 | 000,021,576 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2013/05/09 03:59:08 | 000,104,752 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2013/05/09 03:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/03/13 13:01:58 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis.sys -- (aswNdis)
DRV - [2012/03/19 09:18:46 | 000,064,800 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2010/02/02 15:09:42 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/02/02 15:09:42 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/12/30 10:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/04/10 23:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\winusb.sys -- (winusb)
DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/02 02:41:53 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2005/12/12 11:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\PS2.sys -- (Ps2)
DRV - [1999/12/31 19:00:00 | 000,193,640 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.live.com/?mkt=en-us
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{09D7EC1D-6FDC-4B5F-A20F-68F6F7A297A5}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt
IE - HKLM\..\SearchScopes\{354CB769-8CC6-4415-AFE8-D464FAA80346}: "URL" = http://search.live.c...#38;FORM=HVDUS7
IE - HKLM\..\SearchScopes\{45D28774-DBC0-449D-8168-FE1C2E29AD9A}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {6edc3889-b841-4127-a2bf-c5fc48f972c7} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {CDD78D09-C4B0-44D4-84EF-A93F498B398D}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{CDD78D09-C4B0-44D4-84EF-A93F498B398D}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{F8630420-07C2-4D58-9C40-1E113049B3DE}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@consona.com/ScriptRunner: C:\Program Files\Common Files\supportsoft\bin\nptgctlsr.dll (SupportSoft, Inc.)
FF - HKLM\Software\MozillaPlugins\@consona.com/SmartIssue: C:\Program Files\Common Files\supportsoft\bin\nptgctlsi.dll (SupportSoft, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=3.0: C:\Program Files\Virtual Earth 3D\ [2008/11/05 20:22:38 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\ATT\8.3.1.7\ma\bin\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@Motive.com/npMotiveRequest,version=1.0: C:\Program Files\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin: C:\Program Files\PDFlite\npPdfViewer.dll (Simon Bünzli)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin: C:\Program Files\PDFlite\npPdfViewer.dll (Simon Bünzli)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext


========== Chrome ==========

CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yah...d={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: Motive Plug-in (Enabled) = C:\Program Files\ATT\8.3.1.7\ma\bin\npMotive.dll
CHR - plugin: Motive Management Plug-in (Enabled) = C:\Program Files\Common Files\Motive\npMotiveRequest.dll
CHR - plugin: Consona SmartIssue Plugin (Enabled) = C:\Program Files\Common Files\supportsoft\bin\nptgctlsi.dll
CHR - plugin: Consona Script Runner Plugin for Firefox (Enabled) = C:\Program Files\Common Files\supportsoft\bin\nptgctlsr.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - plugin: SumatraPDF Browser Plugin (Enabled) = C:\Program Files\PDFlite\npPdfViewer.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpplugin.dll
CHR - Extension: Motive Extension = C:\Users\BRUCE\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec\1.1_0\
CHR - Extension: avast! Ad Blocker = C:\Users\BRUCE\AppData\Local\Google\Chrome\User Data\Default\Extensions\fplhdcjmbpfkejbhngmlngaecbjmoimd\8.0_0\

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Ad Blocker) - {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files\AVAST Software\avast! Ad Blocker IE\Adblocker32.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\pcTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel® Corporation)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [DW7] "C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe" File not found
O4 - HKCU..\Run: [GarminExpressTrayApp] C:\Program Files\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: google.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: poha.com ([exchange] https in Trusted sites)
O15 - HKCU\..Trusted Domains: taxnotebook.com ([www] https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1735FE75-10B7-4896-91FA-5E0551B9DDE9}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\BRUCE\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\BRUCE\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/03/21 18:15:50 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/11/15 11:08:04 | 000,000,036 | -H-- | M] () - L:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{2a5e7693-a966-11df-a181-001a92b6890f}\Shell - "" = AutoRun
O33 - MountPoints2\{2a5e7693-a966-11df-a181-001a92b6890f}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{e1f1afc7-c375-11de-8a1a-001a92b6890f}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://www.garmin.com/agent
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/09 01:38:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/08/09 01:38:43 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/08/08 22:24:43 | 000,204,784 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys
[2013/08/08 22:24:43 | 000,104,752 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFW.sys
[2013/08/08 22:24:42 | 000,021,576 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
[2013/08/08 22:24:34 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswNdis.sys
[2013/08/08 22:22:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2013/08/05 04:55:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/08/05 00:24:53 | 000,000,000 | ---D | C] -- C:\Users\BRUCE\Desktop\PC Tools
[2013/08/05 00:23:05 | 000,000,000 | ---D | C] -- C:\Users\BRUCE\Desktop\ObamaCare Stuff
[2013/08/05 00:22:40 | 000,000,000 | ---D | C] -- C:\Users\BRUCE\Desktop\Risk Mgt Articles
[2013/08/05 00:11:29 | 000,000,000 | ---D | C] -- C:\Users\BRUCE\Desktop\GeeksToGo 080413
[2013/07/29 08:53:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home
[2013/07/29 01:35:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
[2013/07/29 01:35:15 | 000,000,000 | ---D | C] -- C:\Program Files\Seagate
[2013/07/29 01:20:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2013/07/29 01:16:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2013/07/29 01:16:39 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2013/07/29 01:12:38 | 000,000,000 | ---D | C] -- C:\Users\BRUCE\AppData\Local\The Weather Channel
[2013/07/29 01:09:53 | 000,029,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/07/29 01:09:52 | 000,369,584 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/07/29 01:09:51 | 000,049,760 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2013/07/29 01:09:50 | 000,056,080 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/07/29 01:09:48 | 000,770,344 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/07/29 01:09:42 | 000,229,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013/07/29 01:09:42 | 000,066,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/07/29 01:08:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013/07/29 01:08:21 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/07/28 16:04:39 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2013/07/28 15:53:38 | 000,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
[2013/07/24 08:21:30 | 000,000,000 | ---D | C] -- C:\Windows\tasks\TaskDisabled
[2013/07/20 18:23:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AT&T
[2013/07/20 18:22:23 | 000,000,000 | ---D | C] -- C:\Program Files\ATT-SST
[2013/07/20 17:00:37 | 000,000,000 | ---D | C] -- C:\Users\BRUCE\AppData\Local\{6A7F261E-3225-4D98-B609-1C8DA4B8E763}
[2013/07/20 16:49:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/07/20 16:35:48 | 000,000,000 | ---D | C] -- C:\Users\BRUCE\AppData\Roaming\Oracle
[2013/07/20 04:53:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix
[2013/07/20 04:30:48 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2013/07/20 00:59:52 | 000,000,000 | ---D | C] -- C:\Users\BRUCE\AppData\Local\Secunia PSI
[2013/07/19 22:31:55 | 000,029,528 | ---- | C] (IObit) -- C:\Windows\System32\SmartDefragBootTime.exe
[2013/07/19 18:24:01 | 000,000,000 | ---D | C] -- C:\Users\BRUCE\AppData\Local\{EF428126-1D9B-4E51-BA3D-B26892C36840}
[2013/07/17 21:55:06 | 000,000,000 | ---D | C] -- C:\Users\BRUCE\AppData\Roaming\SpeedyPC Software
[2013/07/17 21:54:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2013/07/12 20:53:52 | 000,000,000 | ---D | C] -- C:\ProgramData\RoboForm
[2013/07/12 20:42:50 | 000,000,000 | ---D | C] -- C:\Users\BRUCE\Documents\My Avast EasyPass Data
[2013/07/12 20:37:30 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/07/12 20:36:06 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/07/12 16:02:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Citrix
[2013/07/12 16:00:03 | 000,000,000 | ---D | C] -- C:\Users\BRUCE\AppData\Roaming\ICAClient
[2013/07/12 16:00:03 | 000,000,000 | ---D | C] -- C:\Users\BRUCE\AppData\Local\Citrix
[2013/07/12 15:59:55 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2013/07/12 15:44:36 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2013/07/12 00:50:11 | 000,000,000 | ---D | C] -- C:\Users\BRUCE\AppData\Roaming\Virus Scan
[2013/07/11 18:42:54 | 000,000,000 | ---D | C] -- C:\Users\BRUCE\AppData\Local\ElevatedDiagnostics
[2013/07/10 21:47:20 | 000,000,000 | ---D | C] -- C:\Users\BRUCE\Documents\Sony PMB
[2013/07/10 21:46:00 | 000,000,000 | ---D | C] -- C:\Users\BRUCE\AppData\Roaming\Sony Corporation
[2013/07/10 21:39:09 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2013/07/10 20:03:19 | 000,000,000 | ---D | C] -- C:\Users\BRUCE\Documents\TX Unclaimed property
[2010/03/08 02:29:07 | 027,024,112 | ---- | C] (Microsoft Corporation) -- C:\Users\BRUCE\PowerPointViewer.exe

========== Files - Modified Within 30 Days ==========

[2013/08/09 08:57:37 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/09 08:54:56 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/09 08:00:42 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013/08/09 08:00:29 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/09 07:59:56 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/09 07:59:56 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/09 07:59:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/09 07:59:43 | 1600,614,400 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/09 07:55:42 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/08/09 01:38:49 | 000,000,847 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/08 22:22:59 | 000,001,791 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013/08/06 23:47:06 | 000,640,636 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/08/06 23:47:06 | 000,118,888 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/08/05 00:32:02 | 000,030,208 | ---- | M] () -- C:\Users\BRUCE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/08/04 22:14:32 | 000,000,345 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/08/04 03:00:00 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\RegSERVO.job
[2013/07/29 08:53:25 | 000,001,801 | ---- | M] () -- C:\Users\Public\Desktop\PlayMemories Home.lnk
[2013/07/29 08:53:25 | 000,001,705 | ---- | M] () -- C:\Users\Public\Desktop\PlayMemories Home Help.lnk
[2013/07/29 03:32:47 | 000,000,616 | ---- | M] () -- C:\Users\BRUCE\Application Data\Microsoft\Internet Explorer\Quick Launch\SeaToolsforWindowsSetup-1208 - Shortcut.lnk
[2013/07/29 03:29:05 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2013/07/29 03:29:05 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2013/07/29 01:22:01 | 000,000,847 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/07/29 01:16:39 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2013/07/29 01:09:58 | 000,770,344 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/07/29 01:09:58 | 000,369,584 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/07/29 01:09:58 | 000,175,176 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/07/29 01:09:58 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/07/29 01:09:58 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/07/29 01:09:58 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/07/28 16:04:44 | 000,000,861 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2013/07/27 16:00:59 | 000,013,464 | ---- | M] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2013/07/27 00:04:56 | 166,937,013 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/07/24 22:29:05 | 000,000,905 | ---- | M] () -- C:\Users\BRUCE\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/07/24 21:49:44 | 000,000,000 | ---- | M] () -- C:\asc_rdflag
[2013/07/24 21:38:32 | 000,001,910 | ---- | M] () -- C:\Users\Public\Desktop\AT&T Troubleshoot & Resolve Tool.lnk
[2013/07/23 00:40:51 | 000,302,536 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/07/20 16:49:28 | 000,002,035 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/07/20 04:53:41 | 000,002,026 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Online plug-in.lnk
[2013/07/20 03:35:23 | 000,005,892 | ---- | M] () -- C:\Users\BRUCE\AppData\Local\d3d9caps.dat
[2013/07/19 22:31:33 | 000,000,949 | ---- | M] () -- C:\Users\BRUCE\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Defrag 2.lnk
[2013/07/13 03:12:27 | 000,000,000 | ---- | M] () -- C:\search.sqlite

========== Files Created - No Company Name ==========

[2013/08/09 01:38:49 | 000,000,847 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/08 22:22:59 | 000,001,791 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013/07/29 08:53:25 | 000,001,825 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home.lnk
[2013/07/29 08:53:25 | 000,001,801 | ---- | C] () -- C:\Users\Public\Desktop\PlayMemories Home.lnk
[2013/07/29 08:53:25 | 000,001,705 | ---- | C] () -- C:\Users\Public\Desktop\PlayMemories Home Help.lnk
[2013/07/29 03:32:47 | 000,000,616 | ---- | C] () -- C:\Users\BRUCE\Application Data\Microsoft\Internet Explorer\Quick Launch\SeaToolsforWindowsSetup-1208 - Shortcut.lnk
[2013/07/29 03:29:05 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2013/07/29 03:29:05 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2013/07/29 01:22:01 | 000,000,847 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/07/29 01:09:58 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/07/29 01:09:58 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/07/29 01:09:58 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/07/29 01:09:47 | 000,175,176 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/07/29 01:09:47 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/07/28 16:04:44 | 000,000,861 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2013/07/28 16:04:44 | 000,000,824 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2013/07/27 15:45:56 | 000,000,345 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/07/27 00:04:56 | 166,937,013 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/07/24 21:49:44 | 000,000,000 | ---- | C] () -- C:\asc_rdflag
[2013/07/20 18:23:58 | 000,001,910 | ---- | C] () -- C:\Users\Public\Desktop\AT&T Troubleshoot & Resolve Tool.lnk
[2013/07/20 04:53:41 | 000,002,026 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Online plug-in.lnk
[2013/07/20 04:01:35 | 1600,614,400 | -HS- | C] () -- C:\hiberfil.sys
[2013/07/19 22:31:34 | 000,015,672 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2013/07/13 03:12:27 | 000,000,000 | ---- | C] () -- C:\search.sqlite
[2013/06/28 01:44:27 | 000,449,481 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2013/03/25 00:42:12 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2013/02/10 15:38:36 | 000,013,464 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2012/07/19 00:36:26 | 004,503,728 | ---- | C] () -- C:\ProgramData\pmt_0piot.pad
[2012/01/30 14:48:42 | 000,005,892 | ---- | C] () -- C:\Users\BRUCE\AppData\Local\d3d9caps.dat
[2011/02/14 01:36:16 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/10/26 01:46:53 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Ambience
[2010/10/26 01:46:52 | 000,000,268 | -H-- | C] () -- C:\Users\BRUCE\AppData\Roaming\AccountTypes
[2010/10/26 00:02:09 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2010/03/14 13:43:55 | 000,000,088 | ---- | C] () -- C:\Users\BRUCE\AppData\Roaming\usb.inf
[2007/07/25 16:06:10 | 000,031,802 | ---- | C] () -- C:\Users\BRUCE\AppData\Roaming\UserTile.png
[2007/06/28 10:19:37 | 000,030,208 | ---- | C] () -- C:\Users\BRUCE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/05 09:54:26 | 000,000,314 | ---- | C] () -- C:\Users\BRUCE\AppData\Roaming\wklnhst.dat
[2007/05/30 23:26:59 | 000,000,318 | ---- | C] () -- C:\Users\BRUCE\Public.lnk

========== ZeroAccess Check ==========

[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2008/07/09 16:38:18 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/06/20 00:41:14 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\GARMIN
[2013/07/17 23:57:39 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\GlarySoft
[2013/07/20 04:45:47 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\ICAClient
[2013/07/17 23:57:40 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\IObit
[2008/05/24 17:54:19 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\Laplink
[2009/10/28 00:45:07 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\Leadertech
[2011/11/10 05:30:07 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\muvee Technologies
[2012/10/03 05:19:10 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\Nico Mak Computing
[2011/11/10 09:04:37 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\Nikon
[2013/07/20 16:35:48 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\Oracle
[2013/01/04 12:49:15 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\PC Utility Kit
[2013/04/05 23:17:18 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\PDFlite
[2013/07/17 21:55:06 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\SpeedyPC Software
[2007/06/05 09:54:30 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\Template
[2011/03/10 02:54:54 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\Tific
[2013/07/29 00:20:39 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\Uniblue
[2013/07/12 01:01:00 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\Virus Scan
[2007/06/04 12:27:48 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\WinBatch
[2011/02/22 00:43:57 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\Windows Live Writer
[2013/07/17 23:57:41 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\{A004037C-8B9A-4390-9074-1D3EEE0A3BDF}

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:07BF512B
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Where is the log from the Run Fix run? Doesn't look like you ran it at all.
  • 0

#13
USAFA74F15

USAFA74F15

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
========== FILES ==========
< sc config PxHelp20 start= disabled /c >
[SC] ChangeServiceConfig SUCCESS
C:\Users\BRUCE\Downloads\cmd.bat deleted successfully.
C:\Users\BRUCE\Downloads\cmd.txt deleted successfully.
< sc delete avgtp /c >
[SC] OpenService FAILED 1060:
The specified service does not exist as an installed service.
C:\Users\BRUCE\Downloads\cmd.bat deleted successfully.
C:\Users\BRUCE\Downloads\cmd.txt deleted successfully.
< sc delete mfewfpk /c >
[SC] OpenService FAILED 1060:
The specified service does not exist as an installed service.
C:\Users\BRUCE\Downloads\cmd.bat deleted successfully.
C:\Users\BRUCE\Downloads\cmd.txt deleted successfully.
< sc delete mfehidk /c >
[SC] OpenService FAILED 1060:
The specified service does not exist as an installed service.
C:\Users\BRUCE\Downloads\cmd.bat deleted successfully.
C:\Users\BRUCE\Downloads\cmd.txt deleted successfully.
< sc delete mfeapfk /c >
[SC] OpenService FAILED 5:
Access is denied.
C:\Users\BRUCE\Downloads\cmd.bat deleted successfully.
C:\Users\BRUCE\Downloads\cmd.txt deleted successfully.
< sc delete mfevtp /c >
[SC] OpenService FAILED 1060:
The specified service does not exist as an installed service.
C:\Users\BRUCE\Downloads\cmd.bat deleted successfully.
C:\Users\BRUCE\Downloads\cmd.txt deleted successfully.
< sc delete mfefire /c >
[SC] OpenService FAILED 1060:
The specified service does not exist as an installed service.
C:\Users\BRUCE\Downloads\cmd.bat deleted successfully.
C:\Users\BRUCE\Downloads\cmd.txt deleted successfully.
< sc delete McShield /c >
[SC] OpenService FAILED 1060:
The specified service does not exist as an installed service.
C:\Users\BRUCE\Downloads\cmd.bat deleted successfully.
C:\Users\BRUCE\Downloads\cmd.txt deleted successfully.
< sc config stllssvr start= disabled /c >
[SC] ChangeServiceConfig SUCCESS
C:\Users\BRUCE\Downloads\cmd.bat deleted successfully.
C:\Users\BRUCE\Downloads\cmd.txt deleted successfully.
File\Folder C:\WINDOWS\System32\drivers\avgtpx86.sys not found.
File\Folder C:\WINDOWS\System32\drivers\mfewfpk.sys not found.
File\Folder C:\WINDOWS\System32\drivers\mfehidk.sys not found.
File\Folder C:\WINDOWS\System32\drivers\mfeapfk.sys not found.
File\Folder C:\Program Files\Common Files\McAfee not found.
File\Folder C:\WINDOWS\System32\mfevtps.exe not found.
< sc config MsMpSvc start= disabled /c >
[SC] OpenService FAILED 5:
Access is denied.
C:\Users\BRUCE\Downloads\cmd.bat deleted successfully.
C:\Users\BRUCE\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: BRUCE
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: EVERYDAY USE
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: IUSR_NMPR

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: BRUCE
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: EVERYDAY USE
->Java cache emptied: 0 bytes

User: Guest
->Java cache emptied: 0 bytes

User: IUSR_NMPR

User: Public

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 08222013_231324


OTL logfile created on: 22/08/2013 11:15:18 PM - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\BRUCE\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

1.49 Gb Total Physical Memory | 0.46 Gb Available Physical Memory | 31.14% Memory free
3.23 Gb Paging File | 1.89 Gb Available in Paging File | 58.50% Paging File free
Paging file location(s): c:\pagefile.sys 1825 2287 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 290.41 Gb Total Space | 161.59 Gb Free Space | 55.64% Space Free | Partition Type: NTFS
Drive D: | 7.68 Gb Total Space | 0.96 Gb Free Space | 12.56% Space Free | Partition Type: NTFS
Drive F: | 4.20 Gb Total Space | 4.20 Gb Free Space | 100.00% Space Free | Partition Type: UDF
Drive L: | 298.02 Gb Total Space | 151.74 Gb Free Space | 50.92% Space Free | Partition Type: FAT32

Computer Name: BRUCE-PC | User Name: BRUCE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/27 13:33:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\BRUCE\Downloads\OTL.exe
PRC - [2013/07/20 01:19:44 | 000,814,984 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe
PRC - [2013/07/18 00:36:56 | 000,217,992 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
PRC - [2013/07/03 15:00:44 | 005,271,040 | ---- | M] (Joyent, Inc) -- C:\Program Files\ATT\8.3.1.7\ma\bin\node.exe
PRC - [2013/07/03 15:00:44 | 000,321,024 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\ATT\8.3.1.7\ma\bin\MAHostService.exe
PRC - [2013/07/03 03:32:44 | 001,228,504 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2013/07/03 03:32:44 | 000,660,184 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2013/07/03 03:32:42 | 000,563,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2013/06/30 10:31:02 | 001,888,576 | ---- | M] (IObit) -- C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2013/06/26 09:22:49 | 001,598,128 | ---- | M] (AVG Secure Search) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
PRC - [2013/05/22 18:49:32 | 000,691,584 | ---- | M] (IObit) -- C:\Program Files\IObit\Smart Defrag 2\AutoUpdate.exe
PRC - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/09 03:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 03:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/05/09 03:58:27 | 000,137,960 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2013/05/07 10:57:52 | 001,984,000 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\ATT-SST\pcTrayApp.exe
PRC - [2013/05/07 10:54:54 | 000,369,152 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\pcCMService.exe
PRC - [2013/05/07 10:54:02 | 000,342,528 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\pcServiceHost.exe
PRC - [2013/04/24 05:30:28 | 000,483,864 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
PRC - [2013/04/24 05:26:56 | 000,740,888 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Users\BRUCE\Downloads\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Users\BRUCE\Downloads\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Users\BRUCE\Downloads\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/27 16:18:02 | 001,098,072 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files\Garmin\Express Tray\ExpressTray.exe
PRC - [2013/03/27 16:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
PRC - [2013/03/08 16:30:12 | 000,957,512 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
PRC - [2013/02/19 21:10:16 | 000,203,848 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe
PRC - [2012/03/28 02:28:44 | 000,735,168 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2012/03/28 02:27:06 | 000,309,184 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2011/09/26 18:15:36 | 000,117,920 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\IPROSetMonitor.exe
PRC - [2010/12/14 09:49:23 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sdclt.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/06/02 18:50:34 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2006/09/11 17:56:20 | 000,188,416 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
PRC - [2006/09/03 12:32:28 | 000,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/19 08:03:30 | 001,226,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\ecfb43e24051aed189d440e0fa1e9854\System.WorkflowServices.ni.dll
MOD - [2013/08/16 20:30:39 | 000,369,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\3fae818d7b77ce74ea15675ec06d2b1f\System.ServiceModel.Routing.ni.dll
MOD - [2013/08/16 20:30:37 | 001,141,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\9fa70774f4fdb66f3f500c46fa3ac824\System.ServiceModel.Discovery.ni.dll
MOD - [2013/08/16 20:30:33 | 000,082,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\d9d0cfcd2148c32aeb8dc27530903125\System.ServiceModel.Channels.ni.dll
MOD - [2013/08/16 20:30:00 | 001,394,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\ad71a48cf5a6828d4e07f78e50a9eb54\System.ServiceModel.Activities.ni.dll
MOD - [2013/08/16 20:29:52 | 001,078,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\224d59cb515eb3660e0b4d4530f946bc\System.IdentityModel.ni.dll
MOD - [2013/08/16 20:29:44 | 018,101,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\069130d01589ff7ead36c597b37fcdf7\System.ServiceModel.ni.dll
MOD - [2013/08/16 20:29:11 | 001,087,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\763d27427278ff580fd8face4edd9c5f\System.ServiceModel.Web.ni.dll
MOD - [2013/08/16 20:26:01 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\d82770dc4e5fee30ca8a7244bf7f613a\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/08/16 20:25:58 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\af7d7a2e47e0ac57b4f0fe5e0c1cda9a\SMDiagnostics.ni.dll
MOD - [2013/08/16 20:25:57 | 002,647,552 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\420022aad3481c670eb86a4ca72d5b43\System.Runtime.Serialization.ni.dll
MOD - [2013/08/16 20:25:53 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\c389533f1477363803e53dce01560d12\System.Xml.Linq.ni.dll
MOD - [2013/08/16 20:24:36 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\4d277a8481c203a35c58bd277a2e71df\System.Xaml.ni.dll
MOD - [2013/08/16 20:20:49 | 018,003,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\56a1feb800860a3bc5d8a45ee92a77ec\PresentationFramework.ni.dll
MOD - [2013/08/16 20:20:21 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\001aeb860d7f2ba416e0fedc606fee98\PresentationCore.ni.dll
MOD - [2013/08/16 20:20:12 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\1a3b614a84244ea5fa4147b5cf007333\System.Windows.Forms.ni.dll
MOD - [2013/08/16 20:19:57 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\228b114c79c5d9024bdb4cc580e32c09\PresentationFramework.Aero.ni.dll
MOD - [2013/08/16 20:19:55 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\3a3fc0216674bdea0be809b305517c98\System.Drawing.ni.dll
MOD - [2013/08/16 20:19:47 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\b3ed31a444f444325ddb64b290ed2f1e\WindowsBase.ni.dll
MOD - [2013/08/16 20:19:39 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\c25ede0d0127774c504c4fc41d4de273\System.Core.ni.dll
MOD - [2013/08/16 20:19:35 | 005,628,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll
MOD - [2013/08/16 20:19:27 | 001,014,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\df40dab689e9d8febfb943599ba79f8d\System.Configuration.ni.dll
MOD - [2013/08/16 20:19:25 | 009,099,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll
MOD - [2013/07/29 02:37:59 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll
MOD - [2013/06/08 18:14:16 | 000,048,960 | ---- | M] () -- C:\Program Files\IObit\Smart Defrag 2\NtfsData.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (stllssvr)
SRV - File not found [Unavailable | Unknown] -- C:\Windows\system32\mfevtps.exe -- (mfevtp)
SRV - File not found [Unavailable | Unknown] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - File not found [Unavailable | Unknown] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2013/07/20 01:19:45 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/03 15:00:44 | 000,321,024 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\ATT\8.3.1.7\ma\bin\MAHostService.exe -- (ATT MAHostService)
SRV - [2013/07/03 03:32:44 | 001,228,504 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2013/07/03 03:32:44 | 000,660,184 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2013/06/26 09:22:49 | 001,598,128 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe -- (vToolbarUpdater15.3.0)
SRV - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/05/09 03:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/05/09 03:58:27 | 000,137,960 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2013/05/07 10:54:54 | 000,369,152 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\pcCMService.exe -- (pcCMService)
SRV - [2013/05/07 10:54:02 | 000,342,528 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\pcServiceHost.exe -- (pcServiceHost)
SRV - [2013/04/24 05:30:28 | 000,483,864 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Users\BRUCE\Downloads\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Users\BRUCE\Downloads\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/27 16:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2013/02/19 21:10:16 | 000,203,848 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe -- (RtkAudioService)
SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/09/26 18:15:36 | 000,117,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\System32\IPROSetMonitor.exe -- (Intel®
SRV - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2008/06/02 18:50:34 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/09/11 18:02:44 | 000,544,256 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service)
SRV - [2006/09/11 18:01:04 | 000,167,936 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL)
SRV - [2006/09/11 17:56:32 | 000,075,264 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe -- (ISSM)
SRV - [2006/09/11 17:56:20 | 000,188,416 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService)
SRV - [2006/09/03 12:32:28 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2006/09/01 01:47:56 | 000,026,624 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | Unavailable | Unknown] -- system32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - File not found [Kernel | Unavailable | Unknown] -- system32\drivers\mfehidk.sys -- (mfehidk)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2013/07/29 01:09:58 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/07/29 01:09:58 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/07/29 01:09:58 | 000,175,176 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/07/27 16:00:59 | 000,013,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2013/07/03 03:32:42 | 000,016,024 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\drivers\psi_mf_x86.sys -- (PSI)
DRV - [2013/05/22 18:49:32 | 000,015,672 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2013/05/09 03:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/05/09 03:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/05/09 03:59:09 | 000,204,784 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2013/05/09 03:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/05/09 03:59:09 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2013/05/09 03:59:09 | 000,021,576 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2013/05/09 03:59:08 | 000,104,752 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2013/05/09 03:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/03/13 13:01:58 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis.sys -- (aswNdis)
DRV - [2012/03/19 09:18:46 | 000,064,800 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2010/02/02 15:09:42 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/02/02 15:09:42 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/12/30 10:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/04/10 23:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\winusb.sys -- (winusb)
DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/02 02:41:53 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2005/12/12 11:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\PS2.sys -- (Ps2)
DRV - [1999/12/31 19:00:00 | 000,193,640 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.live.com/?mkt=en-us
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{09D7EC1D-6FDC-4B5F-A20F-68F6F7A297A5}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt
IE - HKLM\..\SearchScopes\{354CB769-8CC6-4415-AFE8-D464FAA80346}: "URL" = http://search.live.c...#38;FORM=HVDUS7
IE - HKLM\..\SearchScopes\{45D28774-DBC0-449D-8168-FE1C2E29AD9A}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {6edc3889-b841-4127-a2bf-c5fc48f972c7} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {CDD78D09-C4B0-44D4-84EF-A93F498B398D}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{CDD78D09-C4B0-44D4-84EF-A93F498B398D}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{F8630420-07C2-4D58-9C40-1E113049B3DE}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@consona.com/ScriptRunner: C:\Program Files\Common Files\supportsoft\bin\nptgctlsr.dll (SupportSoft, Inc.)
FF - HKLM\Software\MozillaPlugins\@consona.com/SmartIssue: C:\Program Files\Common Files\supportsoft\bin\nptgctlsi.dll (SupportSoft, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=3.0: C:\Program Files\Virtual Earth 3D\ [2008/11/05 20:22:38 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\ATT\8.3.1.7\ma\bin\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@Motive.com/npMotiveRequest,version=1.0: C:\Program Files\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin: C:\Program Files\PDFlite\npPdfViewer.dll (Simon Bünzli)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin: C:\Program Files\PDFlite\npPdfViewer.dll (Simon Bünzli)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext


========== Chrome ==========

CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yah...d={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: Motive Plug-in (Enabled) = C:\Program Files\ATT\8.3.1.7\ma\bin\npMotive.dll
CHR - plugin: Motive Management Plug-in (Enabled) = C:\Program Files\Common Files\Motive\npMotiveRequest.dll
CHR - plugin: Consona SmartIssue Plugin (Enabled) = C:\Program Files\Common Files\supportsoft\bin\nptgctlsi.dll
CHR - plugin: Consona Script Runner Plugin for Firefox (Enabled) = C:\Program Files\Common Files\supportsoft\bin\nptgctlsr.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - plugin: SumatraPDF Browser Plugin (Enabled) = C:\Program Files\PDFlite\npPdfViewer.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpplugin.dll
CHR - Extension: Motive Extension = C:\Users\BRUCE\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec\1.1_0\
CHR - Extension: avast! Ad Blocker = C:\Users\BRUCE\AppData\Local\Google\Chrome\User Data\Default\Extensions\fplhdcjmbpfkejbhngmlngaecbjmoimd\8.0_0\

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Ad Blocker) - {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files\AVAST Software\avast! Ad Blocker IE\Adblocker32.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\pcTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel® Corporation)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [DW7] "C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe" File not found
O4 - HKCU..\Run: [GarminExpressTrayApp] C:\Program Files\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: google.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: poha.com ([exchange] https in Trusted sites)
O15 - HKCU\..Trusted Domains: taxnotebook.com ([www] https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1735FE75-10B7-4896-91FA-5E0551B9DDE9}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\BRUCE\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\BRUCE\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/03/21 18:15:50 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/11/15 11:08:04 | 000,000,036 | -H-- | M] () - L:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{2a5e7693-a966-11df-a181-001a92b6890f}\Shell - "" = AutoRun
O33 - MountPoints2\{2a5e7693-a966-11df-a181-001a92b6890f}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{e1f1afc7-c375-11de-8a1a-001a92b6890f}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://www.garmin.com/agent
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/09 01:38:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/08/09 01:38:43 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/08/08 22:24:43 | 000,204,784 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys
[2013/08/08 22:24:43 | 000,104,752 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFW.sys
[2013/08/08 22:24:42 | 000,021,576 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
[2013/08/08 22:24:34 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswNdis.sys
[2013/08/08 22:22:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2013/08/05 04:55:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/08/05 00:24:53 | 000,000,000 | ---D | C] -- C:\Users\BRUCE\Desktop\PC Tools
[2013/08/05 00:23:05 | 000,000,000 | ---D | C] -- C:\Users\BRUCE\Desktop\ObamaCare Stuff
[2013/08/05 00:22:40 | 000,000,000 | ---D | C] -- C:\Users\BRUCE\Desktop\Risk Mgt Articles
[2013/08/05 00:11:29 | 000,000,000 | ---D | C] -- C:\Users\BRUCE\Desktop\GeeksToGo 080413
[2013/07/29 08:53:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home
[2013/07/29 01:35:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
[2013/07/29 01:35:15 | 000,000,000 | ---D | C] -- C:\Program Files\Seagate
[2013/07/29 01:20:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2013/07/29 01:16:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2013/07/29 01:16:39 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2013/07/29 01:12:38 | 000,000,000 | ---D | C] -- C:\Users\BRUCE\AppData\Local\The Weather Channel
[2013/07/29 01:09:53 | 000,029,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/07/29 01:09:52 | 000,369,584 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/07/29 01:09:51 | 000,049,760 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2013/07/29 01:09:50 | 000,056,080 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/07/29 01:09:48 | 000,770,344 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/07/29 01:09:42 | 000,229,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013/07/29 01:09:42 | 000,066,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/07/29 01:08:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013/07/29 01:08:21 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/07/28 16:04:39 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2013/07/28 15:53:38 | 000,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
[2013/07/24 08:21:30 | 000,000,000 | ---D | C] -- C:\Windows\tasks\TaskDisabled
[2010/03/08 02:29:07 | 027,024,112 | ---- | C] (Microsoft Corporation) -- C:\Users\BRUCE\PowerPointViewer.exe

========== Files - Modified Within 30 Days ==========

[2013/08/22 23:02:46 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/22 23:02:22 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013/08/22 23:01:53 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/22 23:01:52 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/22 23:01:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/22 23:01:36 | 1600,614,400 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/22 22:57:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/22 22:54:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/21 07:10:19 | 000,302,536 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/08/20 23:53:02 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/08/16 20:17:45 | 000,640,636 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/08/16 20:17:45 | 000,118,888 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/08/11 22:03:14 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\RegSERVO.job
[2013/08/09 01:38:49 | 000,000,847 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/08 22:22:59 | 000,001,791 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013/08/05 00:32:02 | 000,030,208 | ---- | M] () -- C:\Users\BRUCE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/08/04 22:14:32 | 000,000,345 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/07/29 08:53:25 | 000,001,801 | ---- | M] () -- C:\Users\Public\Desktop\PlayMemories Home.lnk
[2013/07/29 08:53:25 | 000,001,705 | ---- | M] () -- C:\Users\Public\Desktop\PlayMemories Home Help.lnk
[2013/07/29 03:32:47 | 000,000,616 | ---- | M] () -- C:\Users\BRUCE\Application Data\Microsoft\Internet Explorer\Quick Launch\SeaToolsforWindowsSetup-1208 - Shortcut.lnk
[2013/07/29 03:29:05 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2013/07/29 03:29:05 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2013/07/29 01:22:01 | 000,000,847 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/07/29 01:16:39 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2013/07/29 01:09:58 | 000,770,344 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/07/29 01:09:58 | 000,369,584 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/07/29 01:09:58 | 000,175,176 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/07/29 01:09:58 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/07/29 01:09:58 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/07/29 01:09:58 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/07/28 16:04:44 | 000,000,861 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2013/07/27 16:00:59 | 000,013,464 | ---- | M] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2013/07/27 00:04:56 | 166,937,013 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/07/24 22:29:05 | 000,000,905 | ---- | M] () -- C:\Users\BRUCE\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/07/24 21:49:44 | 000,000,000 | ---- | M] () -- C:\asc_rdflag
[2013/07/24 21:38:32 | 000,001,910 | ---- | M] () -- C:\Users\Public\Desktop\AT&T Troubleshoot & Resolve Tool.lnk

========== Files Created - No Company Name ==========

[2013/08/09 01:38:49 | 000,000,847 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/08 22:22:59 | 000,001,791 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013/07/29 08:53:25 | 000,001,825 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home.lnk
[2013/07/29 08:53:25 | 000,001,801 | ---- | C] () -- C:\Users\Public\Desktop\PlayMemories Home.lnk
[2013/07/29 08:53:25 | 000,001,705 | ---- | C] () -- C:\Users\Public\Desktop\PlayMemories Home Help.lnk
[2013/07/29 03:32:47 | 000,000,616 | ---- | C] () -- C:\Users\BRUCE\Application Data\Microsoft\Internet Explorer\Quick Launch\SeaToolsforWindowsSetup-1208 - Shortcut.lnk
[2013/07/29 03:29:05 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2013/07/29 03:29:05 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2013/07/29 01:22:01 | 000,000,847 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/07/29 01:09:58 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/07/29 01:09:58 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/07/29 01:09:58 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/07/29 01:09:47 | 000,175,176 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/07/29 01:09:47 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/07/28 16:04:44 | 000,000,861 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2013/07/28 16:04:44 | 000,000,824 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2013/07/27 15:45:56 | 000,000,345 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/07/27 00:04:56 | 166,937,013 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/07/24 21:49:44 | 000,000,000 | ---- | C] () -- C:\asc_rdflag
[2013/07/19 22:31:34 | 000,015,672 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2013/06/28 01:44:27 | 000,449,481 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2013/03/25 00:42:12 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2013/02/10 15:38:36 | 000,013,464 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2012/07/19 00:36:26 | 004,503,728 | ---- | C] () -- C:\ProgramData\pmt_0piot.pad
[2012/01/30 14:48:42 | 000,005,892 | ---- | C] () -- C:\Users\BRUCE\AppData\Local\d3d9caps.dat
[2011/02/14 01:36:16 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/10/26 01:46:53 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Ambience
[2010/10/26 01:46:52 | 000,000,268 | -H-- | C] () -- C:\Users\BRUCE\AppData\Roaming\AccountTypes
[2010/10/26 00:02:09 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2010/03/14 13:43:55 | 000,000,088 | ---- | C] () -- C:\Users\BRUCE\AppData\Roaming\usb.inf
[2007/07/25 16:06:10 | 000,031,802 | ---- | C] () -- C:\Users\BRUCE\AppData\Roaming\UserTile.png
[2007/06/28 10:19:37 | 000,030,208 | ---- | C] () -- C:\Users\BRUCE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/05 09:54:26 | 000,000,314 | ---- | C] () -- C:\Users\BRUCE\AppData\Roaming\wklnhst.dat
[2007/05/30 23:26:59 | 000,000,318 | ---- | C] () -- C:\Users\BRUCE\Public.lnk

========== ZeroAccess Check ==========

[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2008/07/09 16:38:18 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/06/20 00:41:14 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\GARMIN
[2013/07/17 23:57:39 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\GlarySoft
[2013/07/20 04:45:47 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\ICAClient
[2013/07/17 23:57:40 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\IObit
[2008/05/24 17:54:19 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\Laplink
[2009/10/28 00:45:07 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\Leadertech
[2011/11/10 05:30:07 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\muvee Technologies
[2012/10/03 05:19:10 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\Nico Mak Computing
[2011/11/10 09:04:37 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\Nikon
[2013/07/20 16:35:48 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\Oracle
[2013/01/04 12:49:15 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\PC Utility Kit
[2013/04/05 23:17:18 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\PDFlite
[2013/07/17 21:55:06 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\SpeedyPC Software
[2007/06/05 09:54:30 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\Template
[2011/03/10 02:54:54 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\Tific
[2013/07/29 00:20:39 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\Uniblue
[2013/07/12 01:01:00 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\Virus Scan
[2007/06/04 12:27:48 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\WinBatch
[2011/02/22 00:43:57 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\Windows Live Writer
[2013/07/17 23:57:41 | 000,000,000 | ---D | M] -- C:\Users\BRUCE\AppData\Roaming\{A004037C-8B9A-4390-9074-1D3EEE0A3BDF}

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:07BF512B
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Get autoruns from
http://live.sysinter...om/autoruns.exe

Download Save and Run the program by right clicking and Run As Admin.

Look for the following and uncheck them. I think they will all be marked with yellow highlight.

PxHelp20
avgtp
mfewfpk
mfehidk
mfeapfk
mfevtp
mfefire
McShield
stllssvr
MsMpSvc

Then

Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#15
USAFA74F15

USAFA74F15

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Vino's Event Viewer v01c run on Windows Vista in English
Report run at 25/08/2013 10:19:19 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 25/08/2013 8:46:37 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Log: 'System' Date/Time: 25/08/2013 8:06:58 PM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avast! Firewall service.

Log: 'System' Date/Time: 25/08/2013 8:04:33 PM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avast! Firewall service.

Log: 'System' Date/Time: 25/08/2013 1:25:04 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 25/08/2013 1:25:01 AM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

Log: 'System' Date/Time: 25/08/2013 1:21:49 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 25/08/2013 8:03:39 PM
Type: Warning Category: 0
Event: 51 Source: disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.

Log: 'System' Date/Time: 25/08/2013 8:03:39 PM
Type: Warning Category: 0
Event: 51 Source: disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.

Log: 'System' Date/Time: 25/08/2013 8:03:38 PM
Type: Warning Category: 0
Event: 51 Source: disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.

Log: 'System' Date/Time: 25/08/2013 8:03:38 PM
Type: Warning Category: 0
Event: 51 Source: disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.

Log: 'System' Date/Time: 25/08/2013 8:03:38 PM
Type: Warning Category: 0
Event: 51 Source: disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.

Log: 'System' Date/Time: 25/08/2013 8:03:38 PM
Type: Warning Category: 0
Event: 51 Source: disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.

Log: 'System' Date/Time: 25/08/2013 8:03:34 PM
Type: Warning Category: 0
Event: 51 Source: disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.

Log: 'System' Date/Time: 25/08/2013 8:03:34 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001A92B6890F. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 25/08/2013 8:03:34 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001A92B6890F. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 25/08/2013 10:20:24 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 26/08/2013 3:18:21 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application notepad.exe, version 6.0.6001.18000, time stamp 0x47918ea2, faulting module gdiplus.dll_unloaded, version 0.0.0.0, time stamp 0x515ba857, exception code 0xc0000005, fault offset 0x74dd74b2, process id 0x94f0, application start time 0x01cea202bfef37b8.

Log: 'Application' Date/Time: 26/08/2013 1:12:52 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 15148

Log: 'Application' Date/Time: 26/08/2013 1:12:52 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledEvent 15148

Log: 'Application' Date/Time: 26/08/2013 1:12:52 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: Continuously busy for more than a second

Log: 'Application' Date/Time: 26/08/2013 1:12:51 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 14134

Log: 'Application' Date/Time: 26/08/2013 1:12:51 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledEvent 14134

Log: 'Application' Date/Time: 26/08/2013 1:12:51 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: Continuously busy for more than a second

Log: 'Application' Date/Time: 26/08/2013 1:12:50 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 13058

Log: 'Application' Date/Time: 26/08/2013 1:12:50 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledEvent 13058

Log: 'Application' Date/Time: 26/08/2013 1:12:50 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: Continuously busy for more than a second

Log: 'Application' Date/Time: 26/08/2013 1:12:48 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 10655

Log: 'Application' Date/Time: 26/08/2013 1:12:48 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledEvent 10655

Log: 'Application' Date/Time: 26/08/2013 1:12:48 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: Continuously busy for more than a second

Log: 'Application' Date/Time: 26/08/2013 1:12:47 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 9641

Log: 'Application' Date/Time: 26/08/2013 1:12:47 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledEvent 9641

Log: 'Application' Date/Time: 26/08/2013 1:12:47 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: Continuously busy for more than a second

Log: 'Application' Date/Time: 26/08/2013 1:12:46 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 8643

Log: 'Application' Date/Time: 26/08/2013 1:12:46 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledEvent 8643

Log: 'Application' Date/Time: 26/08/2013 1:12:46 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: Continuously busy for more than a second

Log: 'Application' Date/Time: 26/08/2013 1:12:45 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 7644

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 26/08/2013 2:51:37 AM
Type: Warning Category: 7
Event: 509 Source: ESENT
Windows (4236) Windows: A request to read from the file "L:\BRUCE-PC\Indexed Files\Search\Data\Applications\Windows\Windows.edb" at offset 1581056 (0x0000000000182000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (2907 seconds) to be serviced by the OS. In addition, 0 other I/O requests to this file have also taken an abnormally long time to be serviced since the last message regarding this problem was posted 0 seconds ago. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 26/08/2013 2:51:37 AM
Type: Warning Category: 7
Event: 507 Source: ESENT
Windows (4236) Windows: A request to read from the file "L:\BRUCE-PC\Indexed Files\Search\Data\Applications\Windows\Windows.edb" at offset 3751936 (0x0000000000394000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (2409 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 25/08/2013 9:17:34 PM
Type: Warning Category: 1
Event: 1015 Source: Microsoft-Windows-Search
Event ID 3031 for the Windows Search Service has been suppressed 21 time(s) since 3:09:50 PM. This event is used to suppress Windows Search Service events that have occurred frequently within a short period of time. See Event ID 3031 for further details on this event.

Log: 'Application' Date/Time: 25/08/2013 8:14:58 PM
Type: Warning Category: 1
Event: 1015 Source: Microsoft-Windows-Search
Event ID 3031 for the Windows Search Service has been suppressed 15 time(s) since 3:09:50 PM. This event is used to suppress Windows Search Service events that have occurred frequently within a short period of time. See Event ID 3031 for further details on this event.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP