My computer is running a bit unstable

**DeeMal** · 2012-09-12, 00:34

Windows XP Ver 2002 Serv Pk 3
IBM X30
Pentium III M 1200 MHz
760 MB Ram
40 Meg HD with 34 Meg Used.

Avast Virus Protection
Comodo Firewall
Win Patrol
Superantispyware
Malewarebytes

Added Sanboxie last month and copernic desktop search this week.

I had trouble surfing the Internet this morning. I rebooted and was able to surf. The icon in taskbar showed that it was working fine (dial-up) but it did not allow me to connect to any website. It kept giving me that error page, "Unable to connect.." yada, yada, yada. I also noticed that certain websites didn't work well until I enabled cookies. However, these websites worked fine, without any cookies alerts, while running Opera. Firefox would not work as well. Winauclt sometimes takes up a lot of memory and I am unable to do anything except wait for, sometimes, 20 minutes before I can use my computer again. Seems at times that my system wants to freeze at times but luckily no blue screen of death yet. One other thing, Spybot will not complete without disabling or un-checking one of the boxes for Opera. I also noticed that the folders for Opera are now grey instead of yellow. However, that happened years ago.

I ran Combofix on this machine about a month or two ago and my system shut down and restarted. Nope, I didn't know that I couldn't do that. Well..actually I did and did it anyway. That will not happen again. I have since (actually today) attempted to remove Combofix from the machine. However, I get the following message when I attempt to uninstall it, "Windows cannot fine 'combofix'. Make sure you typed the name correctly, and then try againg. To search for a file, click the start button, and then click Search."

Here are the scans requested by your website along with a Malwarebytes scan.

========================================================
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.7.2
Run by DLM09260 at 16:39:00 on 2012-09-11
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *Disabled*
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyServer = 127.0.0.1:8118
uURLSearchHooks: H - No File
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: 1 (0x1): {02478d38-c3f9-4efb-9b51-7695eca05670} - &Yahoo! Toolbar Helper
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTO
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
uRun: [Copernic Desktop Search - Home] "c:\program files\copernic desktop search - home\DesktopSearchService.exe" /tray
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [TrackPointSrv] c:\program files\lenovo\trackpoint\tp4serv.exe
mRun: [TPHOTKEY] c:\progra~1\thinkpad\pkgmgr\hotkey\TPHKMGR.exe
mRun: [TP4EX] tp4ex.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [BMMGAG] RunDll32 c:\progra~1\thinkpad\utilit~1\pwrmonit.dll,StartPwrMonitor
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\dlm09260\startm~1\programs\startup\alarmm~1.lnk - c:\program files\palm\AlarmApp_PSI.exe
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1234369100940
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1340656938307
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{1F51527D-CDAA-4E51-ACDD-D02A9CC079CD} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{EBF653BE-794F-47DF-903D-6947117D14CB} : DhcpNameServer = 192.168.6.1 64.134.255.2 64.134.255.10
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dlm09260\application data\mozilla\firefox\profiles\vsym55us.default\
FF - plugin: c:\progra~1\palm\packag~1\NPInstal.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-09-09 03:32:38 -------- d-----w- c:\program files\Copernic Desktop Search - Home
2012-09-09 03:32:03 -------- d-----w- c:\documents and settings\dlm09260\local settings\application data\Copernic
2012-09-08 21:40:27 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2012-09-08 21:40:17 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2012-09-06 17:46:04 -------- d-----w- c:\program files\Macrium
2012-09-06 17:30:44 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-06 17:29:46 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-21 09:33:48 12992 ----a-w- c:\windows\system32\drivers\PSVolAcc.sys
2012-08-21 09:33:28 16064 ----a-w- c:\windows\system32\drivers\pssnap.sys
2012-08-21 09:33:20 53952 ----a-w- c:\windows\system32\drivers\psmounter.sys
.
==================== Find3M ====================
.
2012-09-06 17:28:13 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-06 17:28:12 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-22 23:24:41 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-22 23:24:41 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-21 09:13:15 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:12:33 41224 ----a-w- c:\windows\avastSS.scr
2012-07-16 01:23:07 1611 ----a-w- c:\windows\system32\drivers\etc\mvps.bat
2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05:43 385024 ----a-w- c:\windows\system32\html.iec
2012-06-30 23:56:00 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
.
============= FINISH: 16:44:30.62 ===============

========================================================

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-11 16:48:41
-----------------------------
16:48:41.067 OS Version: Windows 5.1.2600 Service Pack 3
16:48:41.067 Number of processors: 1 586 0xB04
16:48:41.067 ComputerName: RCMSMYMADEE UserName: DLM09260
16:48:44.542 Initialize success
16:48:49.159 AVAST engine defs: 12091100
16:48:59.664 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
16:48:59.674 Disk 0 Vendor: HITACHI_DK23EA-40B 00K3A0B5 Size: 38154MB BusType: 3
16:48:59.684 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-10
16:48:59.684 Disk 1 Vendor: SanDisk_SDCFJ-128 HDX_4.09 Size: 122MB BusType: 3
16:48:59.714 Disk 0 MBR read successfully
16:48:59.724 Disk 0 MBR scan
16:48:59.864 Disk 0 Windows VISTA default MBR code
16:48:59.894 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 34691 MB offset 2048
16:48:59.955 Disk 0 Partition 2 00 13 NTFS 3461 MB offset 71049216
16:48:59.985 Disk 0 scanning sectors +78137344
16:49:00.155 Disk 0 scanning C:\WINDOWS\system32\drivers
16:49:32.431 Service scanning
16:50:23.415 Modules scanning
16:50:39.798 Module: C:\WINDOWS\System32\drivers\dxgthk.sys **SUSPICIOUS**
16:50:43.163 Disk 0 trace - called modules:
16:50:43.203 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
16:50:43.213 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x83b76ab8]
16:50:43.233 3 CLASSPNP.SYS[f75e9fd7] -> nt!IofCallDriver -> \Device\00000095[0x83b65478]
16:50:43.243 5 ACPI.sys[f7540620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x83b62940]
16:50:43.894 AVAST engine scan C:\WINDOWS
16:50:53.388 AVAST engine scan C:\WINDOWS\system32
16:54:50.529 AVAST engine scan C:\WINDOWS\system32\drivers
16:55:16.326 AVAST engine scan C:\Documents and Settings\DLM09260
17:01:01.162 AVAST engine scan C:\Documents and Settings\All Users
17:01:40.939 Scan finished successfully
17:03:49.143 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\DLM09260\Desktop\Spybot Malware Work 091112\MBR.dat"
17:03:49.163 The log file has been saved successfully to "C:\Documents and Settings\DLM09260\Desktop\Spybot Malware Work 091112\aswMBR.txt"

========================================================

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.08.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
DLM09260 :: RCMSMYMADEE [administrator]

9/11/2012 2:22:16 PM
mbam-log-2012-09-11 (14-22-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 270614
Time elapsed: 45 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

**ken545** · 2012-09-18, 13:43

Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Sorry for the delay. You dont have much hard drive space left and with the small amount of memory installed this will reflect on poor performance.

You need to enable windows to show all files and folders, instructions Here

Go to VirusTotal and submit this file for analysis, just use the browse feature and then Send File, if it says this file has been checked before, have them recheck it. When the scan is done just copy and paste the link back to this forum for me to see.

C:\WINDOWS\System32\drivers\dxgthk.sys<-- This file

If the site is busy you can try this one
http://virusscan.jotti.org/en

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64 Bit Version

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
Code:
```
:filefind
wuauclt.exe
```
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

OTL by OldTimer

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
  Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

Let me see the following

1. Results from VirusTotal
2. Results from System Look
3. Log from the OTL Scan

**DeeMal** · 2012-09-19, 04:27

As Requested:

https://www.virustotal.com/file/c364...is/1348017664/

==========================================================

SystemLook 30.07.11 by jpshortstuff
Log created at 20:25 on 18/09/2012 by DLM09260
Administrator - Elevation successful

**DeeMal** · 2012-09-19, 04:28

Con't

OTL logfile created on: 9/18/2012 8:38:40 PM - Run 1
OTL by OldTimer - Version 3.2.64.0 Folder = C:\Documents and Settings\DLM09260\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

758.98 Mb Total Physical Memory | 341.12 Mb Available Physical Memory | 44.94% Memory free
1.81 Gb Paging File | 1.03 Gb Available in Paging File | 57.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.88 Gb Total Space | 4.90 Gb Free Space | 14.47% Space Free | Partition Type: NTFS
Drive D: | 122.10 Mb Total Space | 121.02 Mb Free Space | 99.12% Space Free | Partition Type: FAT

Computer Name: RCMSMYMADEE | User Name: DLM09260 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\DLM09260\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\Opera\opera.exe (Opera Software)
PRC - C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
PRC - C:\Program Files\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
PRC - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Macrium\Reflect\ReflectService.exe ()
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Copernic Desktop Search - Home\DesktopSearchService.exe (Copernic Inc.)
PRC - C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
PRC - C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe (Brother Industries, Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Lenovo\TrackPoint\tp4serv.exe (Lenovo Group Limited)
PRC - C:\Program Files\Palm\AlarmApp_PSI.exe (PalmSource, Inc)
PRC - C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe ()
PRC - C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe ()
PRC - C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe (IBM Corporation)

========== Modules (No Company Name) ==========

MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll ()
MOD - C:\Program Files\AVAST Software\Avast\defs\12091802\algo.dll ()
MOD - C:\Program Files\Macrium\Reflect\ReflectService.exe ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll ()
MOD - C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll ()
MOD - C:\WINDOWS\system32\PDFreDirectMonNT.dll ()
MOD - C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll ()
MOD - C:\Program Files\Haali\MatroskaSplitter\mkunicode.dll ()
MOD - C:\Program Files\Brother\BrUtilities\BrLogAPI.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\Program Files\Palm\PSITzLib.dll ()
MOD - C:\WINDOWS\system32\msjetoledb40.dll ()
MOD - C:\WINDOWS\system32\bcm1xsup.dll ()
MOD - C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe ()
MOD - C:\Program Files\ThinkPad\PkgMgr\HOTKEY_2\tphk_2k.dll ()
MOD - C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe ()

========== Services (SafeList) ==========

SRV - (ZQZTTDFPGUA) -- File not found
SRV - (TI) -- File not found
SRV - (NLSQGWT) -- File not found
SRV - (MySQL) -- C:\xampplite\mysql\bin\mysqld.exe File not found
SRV - (LMAOER) -- File not found
SRV - (KWQRSVF) -- File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (GTPXLJCDD) -- File not found
SRV - (Apache2.2) -- File not found
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (ReflectService.exe) -- C:\Program Files\Macrium\Reflect\ReflectService.exe ()
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (PEVSystemStart) -- C:\ComboFix\pev.3XE ()
SRV - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation)
SRV - (Imapi Helper) -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe (Alex Feinman)

========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (USBAAPL) -- System32\Drivers\usbaapl.sys File not found
DRV - (smwdm) -- system32\drivers\smwdm.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (PCDRDRV) -- C:\PROGRA~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys File not found
DRV - (MRESP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS File not found
DRV - (MREMP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS File not found
DRV - (MEMSWEEP2) -- C:\WINDOWS\system32\23.tmp File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\DLM09260\LOCALS~1\Temp\catchme.sys File not found
DRV - (aeaudio) -- system32\drivers\aeaudio.sys File not found
DRV - (SbieDrv) -- C:\Program Files\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D)
DRV - (pssnap) -- C:\WINDOWS\system32\drivers\pssnap.sys (Macrium Software)
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Inspect) -- C:\WINDOWS\system32\drivers\inspect.sys (COMODO)
DRV - (cmdHlp) -- C:\WINDOWS\system32\drivers\cmdhlp.sys (COMODO)
DRV - (cmdGuard) -- C:\WINDOWS\system32\drivers\cmdGuard.sys (COMODO)
DRV - (truecrypt) -- C:\WINDOWS\system32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (gmer) -- C:\WINDOWS\system32\drivers\gmer.sys (GMER)
DRV - (epmntdrv) -- C:\WINDOWS\system32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\WINDOWS\system32\EuGdiDrv.sys ()
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Neo_PKTDEE) -- C:\WINDOWS\system32\drivers\Neo_0028.sys (SoftEther Corporation)
DRV - (Soluto) -- C:\WINDOWS\system32\drivers\Soluto.sys (Soluto LTD.)
DRV - (taphss) -- C:\WINDOWS\system32\drivers\taphss.sys (AnchorFree Inc)
DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Almico Software)
DRV - (npf) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()
DRV - (w29n51) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (ATMFNVsp) -- C:\WINDOWS\system32\drivers\ATMFNVsp.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (ATMFCVsp) -- C:\WINDOWS\system32\drivers\ATMFCVsp.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (ATMFVsp) -- C:\WINDOWS\system32\drivers\ATMFVsp.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (ATMFMdm) -- C:\WINDOWS\system32\drivers\ATMFMdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (ATMFNET) -- C:\WINDOWS\system32\drivers\ATMFNET.sys (DEVGURU Co., LTD.)
DRV - (ATMFBUS) -- C:\WINDOWS\system32\drivers\ATMFBUS.sys (DEVGURU Co., LTD.)
DRV - (ATMFFLT) -- C:\WINDOWS\system32\drivers\ATMFFLT.sys (DEVGURU Co., LTD.)
DRV - (oodivdh) -- C:\WINDOWS\system32\drivers\oodivdh.sys (O&O Software GmbH)
DRV - (oodivd) -- C:\WINDOWS\system32\drivers\oodivd.sys (O&O Software GmbH)
DRV - (oodisrh) -- C:\WINDOWS\system32\drivers\oodisrh.sys (O&O Software GmbH)
DRV - (oodisr) -- C:\WINDOWS\system32\drivers\oodisr.sys (O&O Software GmbH)
DRV - (JL2005C) -- C:\WINDOWS\system32\drivers\jl2005c.sys (Windows (R) 2000 DDK provider)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (Uim_IM) -- C:\WINDOWS\system32\drivers\Uim_IM.sys (Paragon)
DRV - (hotcore3) -- C:\WINDOWS\system32\drivers\hotcore3.sys (Paragon Software Group)
DRV - (UimBus) -- C:\WINDOWS\system32\drivers\UimBus.sys (Windows (R) 2000 DDK provider)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - ({A7E39B01-B403-11d4-BD18-00D0B7A1821E}) -- C:\WINDOWS\system32\drivers\vch.sys (Intel Corporation)
DRV - (Smapint) -- C:\WINDOWS\system32\drivers\SMAPINT.SYS (Microsoft Corporation)
DRV - (TPPWR) -- C:\WINDOWS\system32\drivers\TPPWR.SYS (IBM Corp.)
DRV - (TDSMAPI) -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS ()
DRV - (PcdrNt) -- C:\WINDOWS\system32\drivers\PcdrNt.sys (PC-Doctor Inc.)
DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\aspi32.BAK (Adaptec)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3277439761-3802400216-3657561249-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-3277439761-3802400216-3657561249-1005\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found
IE - HKU\S-1-5-21-3277439761-3802400216-3657561249-1005\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\InprocServer32 File not found
IE - HKU\S-1-5-21-3277439761-3802400216-3657561249-1005\..\SearchScopes,DefaultScope = {2DCC3372-D258-4E3B-A746-C35B64264DBE}
IE - HKU\S-1-5-21-3277439761-3802400216-3657561249-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-3277439761-3802400216-3657561249-1005\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://tbsearch.ask.com/redirect?client=ie&tb=BT3&o=14987&src=crm&q={searchTerms}&locale=en_US
IE - HKU\S-1-5-21-3277439761-3802400216-3657561249-1005\..\SearchScopes\{2DCC3372-D258-4E3B-A746-C35B64264DBE}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-3277439761-3802400216-3657561249-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3277439761-3802400216-3657561249-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:8118

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1466
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@palmsource.com/installer,version=1.0: C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll ()
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.1864: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.1924: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.857: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/08/22 18:09:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/08 16:40:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{7d666f76-9295-4370-b662-37e2dc87b5d7}: C:\Program Files\Copernic Desktop Search - Home\Firefox110Connector [2012/09/08 22:33:32 | 000,000,000 | ---D | M]

[2010/03/24 21:37:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\DLM09260\Application Data\Mozilla\Extensions
[2012/07/07 16:46:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\DLM09260\Application Data\Mozilla\Firefox\Profiles\vsym55us.default\extensions
[2012/09/08 16:40:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/08/22 18:09:56 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/09/05 20:27:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/05 20:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/05 20:26:22 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\DLM09260\Local Settings\Application Data\Google\Chrome\Application\18.0.1017.2\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\DLM09260\Local Settings\Application Data\Google\Chrome\Application\18.0.1017.2\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\DLM09260\Local Settings\Application Data\Google\Chrome\Application\18.0.1017.2\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: PalmSource Package Installer (Enabled) = C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U2 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\DLM09260\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\DLM09260\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\DLM09260\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: Gmail = C:\Documents and Settings\DLM09260\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/09/08 15:39:27 | 001,039,528 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost #[IPv6]
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 csh.actiondesk.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 cms.ad2click.nl
O1 - Hosts: 31240 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Value error. File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-3277439761-3802400216-3657561249-1005\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BMMGAG] C:\Program Files\ThinkPad\Utilities\PWRMONIT.DLL (IBM Corp.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (IBM Corporation)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe ()
O4 - HKLM..\Run: [TrackPointSrv] C:\Program Files\Lenovo\TrackPoint\tp4serv.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-21-3277439761-3802400216-3657561249-1005..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-3277439761-3802400216-3657561249-1005..\Run: [Copernic Desktop Search - Home] C:\Program Files\Copernic Desktop Search - Home\DesktopSearchService.exe (Copernic Inc.)
O4 - HKU\S-1-5-21-3277439761-3802400216-3657561249-1005..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKU\S-1-5-21-3277439761-3802400216-3657561249-1005..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\DAVIDM\Start Menu\Programs\Startup\Alarm Manager.LNK = C:\Program Files\Palm\AlarmApp_PSI.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\DLM09260\Start Menu\Programs\Startup\Alarm Manager.LNK = C:\Program Files\Palm\AlarmApp_PSI.exe (PalmSource, Inc)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3277439761-3802400216-3657561249-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3277439761-3802400216-3657561249-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3277439761-3802400216-3657561249-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - Reg Error: Key error. File not found
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll File not found
O15 - HKU\S-1-5-21-3277439761-3802400216-3657561249-1005\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/res...scbase1140.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/wind...?1234369100940 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1340656938307 (MUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.6.1 64.134.255.2 64.134.255.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F51527D-CDAA-4E51-ACDD-D02A9CC079CD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EBF653BE-794F-47DF-903D-6947117D14CB}: DhcpNameServer = 192.168.6.1 64.134.255.2 64.134.255.10
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/23 18:22:19 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{472e5680-3734-11e0-be17-000e3535d38b}\Shell - "" = AutoRun
O33 - MountPoints2\{472e5680-3734-11e0-be17-000e3535d38b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{472e5680-3734-11e0-be17-000e3535d38b}\Shell\AutoRun\command - "" = D:\start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/18 20:35:01 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\DLM09260\Desktop\OTL.exe
[2012/09/18 19:54:48 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\DLM09260\Recent
[2012/09/11 15:38:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DLM09260\Desktop\Spybot Malware Work 091112
[2012/09/08 22:32:38 | 000,000,000 | ---D | C] -- C:\Program Files\Copernic Desktop Search - Home
[2012/09/08 22:32:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DLM09260\Local Settings\Application Data\Copernic
[2012/09/08 21:42:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DLM09260\Desktop\WORDPRESS
[2012/09/06 12:46:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DLM09260\Start Menu\Programs\Macrium
[2012/09/06 12:46:04 | 000,000,000 | ---D | C] -- C:\Program Files\Macrium
[2012/09/06 12:37:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sandboxie
[2012/09/06 12:31:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/09/06 12:30:44 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/09/06 12:30:41 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/09/06 12:29:46 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/09/06 12:29:46 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012/09/06 12:29:45 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/08/21 04:33:48 | 000,012,992 | ---- | C] (Paramount Software UK Ltd) -- C:\WINDOWS\System32\drivers\PSVolAcc.sys
[2012/08/21 04:33:28 | 000,016,064 | ---- | C] (Macrium Software) -- C:\WINDOWS\System32\drivers\pssnap.sys
[2012/08/21 04:33:20 | 000,053,952 | ---- | C] (Macrium Software) -- C:\WINDOWS\System32\drivers\psmounter.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/18 20:35:02 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DLM09260\Desktop\OTL.exe
[2012/09/18 20:24:38 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\DLM09260\Desktop\SystemLook.exe
[2012/09/18 20:19:29 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/09/18 20:14:02 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/18 20:02:58 | 000,263,067 | ---- | M] () -- C:\Documents and Settings\DLM09260\Desktop\My computer is running a bit unstable - Safer-Networking Forums.mht
[2012/09/18 20:01:00 | 000,000,240 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/09/18 19:51:08 | 000,002,700 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2012/09/18 19:49:54 | 000,552,370 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/09/18 19:49:54 | 000,099,808 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/09/18 19:47:30 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job
[2012/09/18 19:46:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/18 19:45:57 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/09/18 19:45:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/09/18 19:43:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/18 19:43:41 | 795,922,432 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/18 19:05:44 | 000,000,842 | ---- | M] () -- C:\WINDOWS\tasks\BMMTask.job
[2012/09/18 18:34:02 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job
[2012/09/14 16:24:13 | 000,000,643 | ---- | M] () -- C:\Documents and Settings\DLM09260\Desktop\FAST INTERNET.rtf
[2012/09/09 12:20:08 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\DLM09260\Desktop\Comments about Scott Pelly interview..rtf
[2012/09/08 22:33:10 | 000,000,863 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Copernic Desktop Search - Home.lnk
[2012/09/08 16:40:39 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\DLM09260\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/09/08 15:39:27 | 001,039,528 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2012/09/08 15:36:37 | 001,039,528 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120908-153927.backup
[2012/09/06 12:28:43 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012/09/06 12:28:23 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/09/06 12:28:23 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/09/06 12:28:22 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/09/06 12:28:21 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/09/06 12:28:13 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/09/06 12:28:12 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012/08/22 18:59:37 | 001,039,402 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120908-153636.backup
[2012/08/22 18:56:31 | 001,039,402 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120822-185937.backup
[2012/08/22 18:24:41 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/08/22 18:24:41 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/08/22 18:10:13 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/08/21 04:33:48 | 000,012,992 | ---- | M] (Paramount Software UK Ltd) -- C:\WINDOWS\System32\drivers\PSVolAcc.sys
[2012/08/21 04:33:28 | 000,016,064 | ---- | M] (Macrium Software) -- C:\WINDOWS\System32\drivers\pssnap.sys
[2012/08/21 04:33:20 | 000,053,952 | ---- | M] (Macrium Software) -- C:\WINDOWS\System32\drivers\psmounter.sys
[2012/08/21 04:13:15 | 000,729,752 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/08/21 04:13:15 | 000,355,632 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/08/21 04:13:15 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/08/21 04:13:14 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/08/21 04:13:14 | 000,089,624 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/08/21 04:13:14 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/08/21 04:13:13 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/08/21 04:13:13 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/08/21 04:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/08/21 04:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/18 20:24:37 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\DLM09260\Desktop\SystemLook.exe
[2012/09/18 20:02:58 | 000,263,067 | ---- | C] () -- C:\Documents and Settings\DLM09260\Desktop\My computer is running a bit unstable - Safer-Networking Forums.mht
[2012/09/14 16:10:38 | 000,000,643 | ---- | C] () -- C:\Documents and Settings\DLM09260\Desktop\FAST INTERNET.rtf
[2012/09/09 10:09:06 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\DLM09260\Desktop\Comments about Scott Pelly interview..rtf
[2012/09/08 22:33:10 | 000,000,869 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Copernic Desktop Search - Home.lnk
[2012/09/08 22:33:10 | 000,000,863 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Copernic Desktop Search - Home.lnk
[2012/08/22 18:24:08 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/08/05 21:28:00 | 000,002,700 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2012/07/13 15:39:34 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/07/13 15:39:34 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/07/13 15:39:34 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/07/13 15:39:34 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/07/13 15:39:34 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/07/10 21:33:20 | 000,178,184 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/05/30 22:14:30 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\DLM09260\.recently-used.xbel
[2012/02/18 10:32:17 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/19 21:36:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2012/01/19 21:25:21 | 000,031,767 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2011/09/19 11:33:22 | 000,019,840 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2011/09/19 11:33:21 | 002,469,760 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2011/09/19 11:33:21 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2011/09/19 11:33:20 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2011/09/19 11:33:20 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2011/08/29 15:27:21 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\DLM09260\Application Data\winscp.rnd
[2011/08/22 08:58:35 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\DLM09260\Local Settings\Application Data\d3d9caps.dat
[2011/08/12 19:50:45 | 000,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2011/08/12 19:50:43 | 000,573,440 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2011/08/12 19:50:43 | 000,565,311 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2011/08/06 19:39:03 | 000,001,664 | ---- | C] () -- C:\WINDOWS\System32\.ini
[2011/07/11 01:20:22 | 000,000,131 | ---- | C] () -- C:\WINDOWS\CRC.INI
[2011/06/16 20:52:20 | 000,000,193 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2011/05/14 23:49:52 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2011/01/07 09:50:09 | 011,796,480 | ---- | C] () -- C:\Documents and Settings\DLM09260\ntuser.bak
[2009/08/31 21:09:47 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\C142D3A14B.sys
[2009/08/31 21:09:46 | 000,002,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009/08/31 16:20:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\DLM09260\DLM09260_notes.dat

========== ZeroAccess Check ==========

[2009/02/11 11:17:33 | 000,000,069 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\Cookies\administrator@c.live[1].txt
[2009/02/11 11:17:33 | 000,000,094 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\Cookies\administrator@live[2].txt
[2009/02/11 11:18:22 | 000,000,235 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\Cookies\administrator@microsoft[2].txt
[2009/02/11 11:17:33 | 000,000,426 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\Cookies\administrator@msn[2].txt
[2009/02/11 11:17:32 | 000,000,680 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\Cookies\administrator@rad.msn[2].txt
[2009/02/11 16:13:13 | 000,000,327 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\Cookies\administrator@www.msn[2].txt
[2009/09/03 16:33:20 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

========== LOP Check ==========

[2009/09/09 12:04:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ABCXYZ123\Application Data\CompanionLink
[2009/08/23 21:35:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ABCXYZ123\Application Data\IBM
[2009/09/09 12:21:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ABCXYZ123\Application Data\OpenOffice.org
[2009/08/24 08:03:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ABCXYZ123\Application Data\Opera
[2012/06/17 10:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ABCXYZ123\Application Data\PDF Writer
[2009/09/09 12:04:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ABCXYZ123\Application Data\Royal
[2012/06/17 10:00:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ABCXYZ123\Application Data\SumatraPDF
[2011/04/03 09:22:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ABCXYZ123\Application Data\WinPatrol
[2011/08/09 09:49:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/02/16 12:36:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
[2011/04/22 15:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2012/07/24 18:18:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2010/05/25 12:15:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrium
[2011/10/05 20:19:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PDF reDirect
[2012/04/17 20:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PDF Writer
[2012/04/14 17:43:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2012/03/14 10:13:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2012/07/24 17:21:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERSetup
[2012/09/08 15:30:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/02 22:27:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivitar
[2010/02/02 22:27:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivitar Experience Image Manager
[2010/04/10 15:24:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zeon
[2011/03/30 12:50:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/11/24 16:59:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVIDM\Application Data\Amazon
[2012/09/12 15:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVIDM\Application Data\CintaNotes
[2011/02/13 02:05:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVIDM\Application Data\Cricket
[2009/07/31 19:14:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVIDM\Application Data\Foxit
[2010/06/25 17:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVIDM\Application Data\Foxit Software
[2011/05/21 22:38:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVIDM\Application Data\FreeLanguageTranslator
[2012/09/10 19:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVIDM\Application Data\gtk-2.0
[2011/04/22 16:09:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVIDM\Application Data\HotSync
[2009/08/23 21:48:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVIDM\Application Data\IBM
[2009/09/15 16:48:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVIDM\Application Data\ieSpell
[2010/05/15 13:50:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVIDM\Application Data\ImgBurn
[2012/05/30 22:51:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVIDM\Application Data\inkscape
[2011/06/25 16:55:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVIDM\Application Data\LibreOffice
[2012/09/10 15:23:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVIDM\Application Data\Notepad++
[2011/08/23 13:58:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVIDM\Application Data\Open Source Applications Foundation
[2009/08/05 09:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVIDM\Application Data\OpenOffice.org
[2009/07/26 23:56:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVIDM\Application Data\Opera
[2012/03/10 18:32:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVIDM\Application Data\PC-FAX TX
[2011/10/05 21:56:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVIDM\Application Data\PDF reDirect
[2012/04/17 20:39:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVIDM\Application Data\PDF Writer
[2010/09/10 14:28:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVIDM\Application Data\pdf995
[2011/08/23 13:58:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVIDM\Application Data\Python-Eggs
[2011/01/10 20:52:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVIDM\Application Data\RLM Software
[2010/04/10 15:22:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVIDM\Application Data\ScanSoft
[2012/05/30 23:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVIDM\Application Data\Scribus
[2011/07/04 12:10:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVIDM\Application Data\SumatraPDF
[2009/11/25 19:31:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVIDM\Application Data\Windows Desktop Search
[2009/12/26 13:04:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVIDM\Application Data\Windows Search
[2012/06/13 08:39:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVIDM\Application Data\WinPatrol
[2010/04/10 15:24:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVIDM\Application Data\Zeon
[2011/08/10 18:06:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DLM09260\Application Data\BitTorrent
[2012/02/26 11:49:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DLM09260\Application Data\CintaNotes
[2009/09/08 15:20:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DLM09260\Application Data\CompanionLink
[2011/02/13 01:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DLM09260\Application Data\Cricket
[2010/11/24 22:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DLM09260\Application Data\desksware
[2011/05/21 19:35:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DLM09260\Application Data\FreeLanguageTranslator
[2012/02/26 12:45:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DLM09260\Application Data\gtk-2.0
[2011/04/22 15:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DLM09260\Application Data\HotSync
[2009/07/23 14:33:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DLM09260\Application Data\IBM
[2009/10/19 13:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DLM09260\Application Data\ieSpell
[2009/12/05 12:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DLM09260\Application Data\ImgBurn
[2012/05/30 22:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DLM09260\Application Data\inkscape
[2010/05/29 14:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DLM09260\Application Data\IObit
[2010/02/07 17:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DLM09260\Application Data\Leadertech
[2011/09/27 17:31:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DLM09260\Application Data\LibreOffice
[2011/10/26 15:38:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DLM09260\Application Data\Notepad++
[2011/08/22 19:59:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DLM09260\Application Data\Open Source Applications Foundation
[2009/07/25 15:30:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DLM09260\Application Data\OpenOffice.org
[2012/08/03 21:51:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DLM09260\Application Data\Opera
[2012/06/12 18:10:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DLM09260\Application Data\Oracle
[2009/12/27 15:17:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DLM09260\Application Data\PC-FAX TX
[2011/10/26 16:13:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DLM09260\Application Data\PDF reDirect
[2012/04/19 12:15:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DLM09260\Application Data\PDF Writer
[2012/04/14 17:43:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DLM09260\Application Data\pdf995
[2011/08/22 19:59:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DLM09260\Application Data\Python-Eggs
[2009/08/03 21:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DLM09260\Application Data\QcWizard
[2009/09/08 15:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DLM09260\Application Data\Royal
[2012/01/25 23:22:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DLM09260\Application Data\Scribus
[2011/07/01 21:20:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DLM09260\Application Data\SumatraPDF
[2010/05/26 17:55:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DLM09260\Application Data\SystemRequirementsLab
[2012/02/25 17:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DLM09260\Application Data\TrueCrypt
[2009/10/09 10:37:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DLM09260\Application Data\Windows Desktop Search
[2009/10/09 10:56:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DLM09260\Application Data\Windows Search
[2009/07/27 09:24:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DLM09260\Application Data\WinPatrol
[2011/01/01 05:31:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DLM09260\Application Data\Zeon

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6

< End of report >

**DeeMal** · 2012-09-19, 04:29

con't

OTL Extras logfile created on: 9/18/2012 8:38:40 PM - Run 1
OTL by OldTimer - Version 3.2.64.0 Folder = C:\Documents and Settings\DLM09260\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

758.98 Mb Total Physical Memory | 341.12 Mb Available Physical Memory | 44.94% Memory free
1.81 Gb Paging File | 1.03 Gb Available in Paging File | 57.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.88 Gb Total Space | 4.90 Gb Free Space | 14.47% Space Free | Partition Type: NTFS
Drive D: | 122.10 Mb Total Space | 121.02 Mb Free Space | 99.12% Space Free | Partition Type: FAT

Computer Name: RCMSMYMADEE | User Name: DLM09260 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[HKEY_USERS\S-1-5-21-3277439761-3802400216-3657561249-1005\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"135:TCP" = 135:TCP:*:Enabled:DCOM(135)
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Support.com\bin\tgcmd.exe" = C:\Program Files\Support.com\bin\tgcmd.exe:*:Enabled:Support.com Scheduler and Command Dispatcher
"C:\Program Files\ATT-HSI\McciBrowser.exe" = C:\Program Files\ATT-HSI\McciBrowser.exe:*:Enabled:motivebrowser.exe -- (Motive Communications, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Documents and Settings\DLM09260\Desktop\SOLUTION INSTALLER\solutoinstaller.exe" = C:\Documents and Settings\DLM09260\Desktop\SOLUTION INSTALLER\solutoinstaller.exe:*:Enabled:SolutoInstaller
"C:\Documents and Settings\DLM09260\Desktop\solutoinstaller.exe" = C:\Documents and Settings\DLM09260\Desktop\solutoinstaller.exe:*:Enabled:SolutoInstaller
"C:\Program Files\PacketiX VPN Client English\vpncmd.exe" = C:\Program Files\PacketiX VPN Client English\vpncmd.exe:*:Enabled:PacketiX VPN Command-Line Admin Tool 2.0
"C:\Program Files\PacketiX VPN Client English\vpnclient.exe" = C:\Program Files\PacketiX VPN Client English\vpnclient.exe:*:Enabled:PacketiX VPN Client 2.0
"C:\Program Files\PacketiX VPN Client English\vpncmgr.exe" = C:\Program Files\PacketiX VPN Client English\vpncmgr.exe:*:Enabled:PacketiX VPN Client Connection Manager 2.0
"C:\Program Files\Soluto\Soluto.exe" = C:\Program Files\Soluto\Soluto.exe:*:Enabled:Soluto Tray
"C:\Program Files\Soluto\SolutoService.exe" = C:\Program Files\Soluto\SolutoService.exe:*:Enabled:Soluto Service
"C:\Program Files\Soluto\SolutoConsole.exe" = C:\Program Files\Soluto\SolutoConsole.exe:*:Enabled:Soluto Console
"C:\Program Files\Soluto\SolutoUpdateService.exe" = C:\Program Files\Soluto\SolutoUpdateService.exe:*:Enabled:Soluto Update Service
"C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe" = C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{13CD417D-F1F1-4AC4-945D-FDDEB884756F}" = Microsoft Baseline Security Analyzer 2.2
"{1D10C273-3F95-42A2-8371-AB6B1F59821B}" = WOT for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.5.1.2903
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{302A1E2E-DD58-4673-BC99-9CC10EC2637A}" = WinPatrol
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{31C2FBAC-67CF-4093-8F36-15A146613747}" = IBM Update Connector
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B7B3B4A-AF8C-4671-A92E-3E7E9ABCB22B}" = IBM Rapid Restore PC Setup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.66
"{51071D66-D034-4239-94E0-723FCA10B6FE}" = OpenOffice.org 3.4
"{51169E2B-6AE3-4FB2-B8A7-C7AC16BBA3F1}" = Macrium Reflect Free Edition
"{53480460-90B7-407C-8AF3-BD87B0A36C98}" = OODIX_32
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}" = Brother MFL-Pro Suite MFC-295CN
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{8AA462CC-7F29-4F51-9D7F-68ED38658E92}" = FreeLanguageTranslator2
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ACC9F63-CF54-46D7-9140-D40E57564EDA}_is1" = COMODO Registry Cleaner 1.0.17.23
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DBCF56A-CDF0-41bf-BE0F-E00A88B18F56}" = Cricket EVDO Modem
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A62F9CD0-B2E0-4F2A-88F2-79254A3C8539}" = WinPatrol
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5599ECB-DA72-43EE-8A30-2C80396FF8BB}" = Access ThinkPad
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{B860298B-CE03-4DE2-B92E-422F2C20A2D8}_is1" = PDF-XChange Lite 4
"{BE7B959B-BEB0-456C-BB55-60F5EAD8E9B0}" = Cricket Broadband 1.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4576E0D-2295-4B8E-B663-B68086B00EE5}" = Sonic CinePlayer DVD Pack
"{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E739A5A3-DEE2-4771-B48D-5AEC18402CFD}" = Computer Basics
"{EA664480-3844-11D5-8C25-444553540000}" = IBM TrackPoint Accessibility Features
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
"{F8013DD1-574B-4921-A473-88A2F7A34D16}" = Paragon Drive Backup™ 9 Personal
"{FD6034A3-655C-49F0-B496-D4CBFD74D7A7}" = Palm Desktop by ACCESS
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"Aspell English Dictionary_is1" = Aspell English Dictionary-0.50-2
"avast" = avast! Free Antivirus
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 8.2.0.1394
"CCleaner" = CCleaner
"Chandler" = Chandler 1.0.3
"CintaNotes_is1" = CintaNotes 1.5.6
"CopernicDesktopSearch2" = Copernic Desktop Search - Home
"Defraggler" = Defraggler
"Dia" = Dia (remove only)
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.1.0 Home Edition
"EasyEject Utility" = IBM ThinkPad EasyEject Utility
"ERUNT_is1" = ERUNT 1.1j
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"FileHippo.com" = FileHippo.com Update Checker
"ftp995" = ftp995
"GNU Aspell_is1" = GNU Aspell 0.50-3
"GPL Ghostscript 9.02" = GPL Ghostscript
"HaaliMkx" = Haali Media Splitter
"IBM Access Support" = IBM ThinkPad Access Support
"IBM Rapid Restore PC" = IBM Rapid Restore PC
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"ieSpell" = ieSpell
"ImgBurn" = ImgBurn
"Inkscape" = Inkscape 0.48.1
"IrfanView" = IrfanView (remove only)
"Jokosher_is1" = Jokosher version 0.11.4
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"MHTML Converter" = MHTML Converter
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nmap" = Nmap 5.21
"Notepad++" = Notepad++
"OmniFormat" = OmniFormat
"Opera 12.01.1532" = Opera 12.01
"Opera 12.02.1578" = Opera 12.02
"PDF reDirect" = PDF reDirect (remove only)
"PDO Desktop" = PDO Desktop
"Power Features" = IBM ThinkPad Battery MaxiMiser and Power Management Features
"Power Management Driver" = ThinkPad Power Management Driver
"Presentation Director" = IBM ThinkPad Presentation Director
"PROSet" = Intel(R) Network Connections Drivers
"Revo Uninstaller" = Revo Uninstaller 1.92
"Sandboxie" = Sandboxie 3.74 (32-bit)
"Scribus 1.4.0" = Scribus 1.4.0rc5
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
"SpeedFan" = SpeedFan (remove only)
"SpywareBlaster_is1" = SpywareBlaster 4.6
"SumatraPDF" = SumatraPDF 2.1.1
"Support.com" = Support.com Software
"TDC13E0_2009_0603_1515_is1" = Uninstall Dual Mode Camera (TDC13E0)
"ThinkPad Configuration" = IBM ThinkPad Configuration
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"ThinkPadSoftwareInstaller" = ThinkPad Software Installer
"TrackPoint" = ThinkPad TrackPoint Driver
"TrueCrypt" = TrueCrypt
"Vivitar Experience Image Manager" = Vivitar Experience Image Manager
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.11
"Winmail Opener" = Winmail Opener 1.4
"WinPatrol" = WinPatrol 2009
"WinPcapInst" = WinPcap 4.1.1
"winscp3_is1" = WinSCP 4.3.9
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3277439761-3802400216-3657561249-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/16/2012 9:07:36 AM | Computer Name = RCMSMYMADEE | Source = MatSvc | ID = 262147
Description = The MATS service encountered a web service failure. hr=0x80072EE7

Error - 9/16/2012 9:07:37 AM | Computer Name = RCMSMYMADEE | Source = MatSvc | ID = 262159
Description = The scheduled MATS task encountered a failure when collecting configuration
data. hr=0xC004F00E .

Error - 9/16/2012 6:50:50 PM | Computer Name = RCMSMYMADEE | Source = MatSvc | ID = 262159
Description = The scheduled MATS task encountered a failure when collecting configuration
data. hr=0x8007041D .

Error - 9/17/2012 9:12:38 AM | Computer Name = RCMSMYMADEE | Source = MatSvc | ID = 262159
Description = The scheduled MATS task encountered a failure when collecting configuration
data. hr=0x8007041D .

Error - 9/18/2012 10:41:41 AM | Computer Name = RCMSMYMADEE | Source = MatSvc | ID = 262159
Description = The scheduled MATS task encountered a failure when collecting configuration
data. hr=0x8007041D .

Error - 9/18/2012 2:56:23 PM | Computer Name = RCMSMYMADEE | Source = MatSvc | ID = 262159
Description = The scheduled MATS task encountered a failure when collecting configuration
data. hr=0x8007041D .

Error - 9/18/2012 7:26:16 PM | Computer Name = RCMSMYMADEE | Source = MatSvc | ID = 262159
Description = The scheduled MATS task encountered a failure when collecting configuration
data. hr=0x8007041D .

Error - 9/18/2012 8:45:24 PM | Computer Name = RCMSMYMADEE | Source = JavaQuickStarterService | ID = 1
Description =

Error - 9/18/2012 8:47:30 PM | Computer Name = RCMSMYMADEE | Source = MatSvc | ID = 262159
Description = The scheduled MATS task encountered a failure when collecting configuration
data. hr=0x8007041D .

Error - 9/18/2012 8:57:11 PM | Computer Name = RCMSMYMADEE | Source = Application Error | ID = 1000
Description = Faulting application ssupdate.exe, version 1.0.0.1074, faulting module
ssupdate.exe, version 1.0.0.1074, fault address 0x0001c2fa.

[ Application Events ]
Error - 9/16/2012 9:07:36 AM | Computer Name = RCMSMYMADEE | Source = MatSvc | ID = 262147
Description = The MATS service encountered a web service failure. hr=0x80072EE7

Error - 9/16/2012 9:07:37 AM | Computer Name = RCMSMYMADEE | Source = MatSvc | ID = 262159
Description = The scheduled MATS task encountered a failure when collecting configuration
data. hr=0xC004F00E .

Error - 9/16/2012 6:50:50 PM | Computer Name = RCMSMYMADEE | Source = MatSvc | ID = 262159
Description = The scheduled MATS task encountered a failure when collecting configuration
data. hr=0x8007041D .

Error - 9/17/2012 9:12:38 AM | Computer Name = RCMSMYMADEE | Source = MatSvc | ID = 262159
Description = The scheduled MATS task encountered a failure when collecting configuration
data. hr=0x8007041D .

Error - 9/18/2012 10:41:41 AM | Computer Name = RCMSMYMADEE | Source = MatSvc | ID = 262159
Description = The scheduled MATS task encountered a failure when collecting configuration
data. hr=0x8007041D .

Error - 9/18/2012 2:56:23 PM | Computer Name = RCMSMYMADEE | Source = MatSvc | ID = 262159
Description = The scheduled MATS task encountered a failure when collecting configuration
data. hr=0x8007041D .

Error - 9/18/2012 7:26:16 PM | Computer Name = RCMSMYMADEE | Source = MatSvc | ID = 262159
Description = The scheduled MATS task encountered a failure when collecting configuration
data. hr=0x8007041D .

Error - 9/18/2012 8:45:24 PM | Computer Name = RCMSMYMADEE | Source = JavaQuickStarterService | ID = 1
Description =

Error - 9/18/2012 8:47:30 PM | Computer Name = RCMSMYMADEE | Source = MatSvc | ID = 262159
Description = The scheduled MATS task encountered a failure when collecting configuration
data. hr=0x8007041D .

Error - 9/18/2012 8:57:11 PM | Computer Name = RCMSMYMADEE | Source = Application Error | ID = 1000
Description = Faulting application ssupdate.exe, version 1.0.0.1074, faulting module
ssupdate.exe, version 1.0.0.1074, fault address 0x0001c2fa.

[ System Events ]
Error - 9/18/2012 7:25:33 PM | Computer Name = RCMSMYMADEE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Microsoft Automated Troubleshooting
Service service to connect.

Error - 9/18/2012 7:26:16 PM | Computer Name = RCMSMYMADEE | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service MatSvc with
arguments "" in order to run the server: {109DB0ED-7C89-416B-AC66-6D0323941464}

Error - 9/18/2012 7:26:16 PM | Computer Name = RCMSMYMADEE | Source = Service Control Manager | ID = 7000
Description = The Microsoft Automated Troubleshooting Service service failed to
start due to the following error: %%1053

Error - 9/18/2012 8:44:42 PM | Computer Name = RCMSMYMADEE | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.104 for the Network Card with network
address 000E3535D38B has been denied by the DHCP server 192.168.6.1 (The DHCP Server
sent a DHCPNACK message).

Error - 9/18/2012 8:45:40 PM | Computer Name = RCMSMYMADEE | Source = Service Control Manager | ID = 7000
Description = The Apache2.2 service failed to start due to the following error:
%%3

Error - 9/18/2012 8:45:50 PM | Computer Name = RCMSMYMADEE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Soluto

Error - 9/18/2012 8:46:20 PM | Computer Name = RCMSMYMADEE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Microsoft Automated Troubleshooting
Service service to connect.

Error - 9/18/2012 8:47:30 PM | Computer Name = RCMSMYMADEE | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service MatSvc with
arguments "" in order to run the server: {109DB0ED-7C89-416B-AC66-6D0323941464}

Error - 9/18/2012 8:47:32 PM | Computer Name = RCMSMYMADEE | Source = Service Control Manager | ID = 7000
Description = The Microsoft Automated Troubleshooting Service service failed to
start due to the following error: %%1053

Error - 9/18/2012 8:47:33 PM | Computer Name = RCMSMYMADEE | Source = Service Control Manager | ID = 7034
Description = The Google Update Service (gupdate) service terminated unexpectedly.
It has done this 1 time(s).

[ System Events ]
Error - 9/18/2012 7:25:33 PM | Computer Name = RCMSMYMADEE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Microsoft Automated Troubleshooting
Service service to connect.

Error - 9/18/2012 7:26:16 PM | Computer Name = RCMSMYMADEE | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service MatSvc with
arguments "" in order to run the server: {109DB0ED-7C89-416B-AC66-6D0323941464}

Error - 9/18/2012 7:26:16 PM | Computer Name = RCMSMYMADEE | Source = Service Control Manager | ID = 7000
Description = The Microsoft Automated Troubleshooting Service service failed to
start due to the following error: %%1053

Error - 9/18/2012 8:44:42 PM | Computer Name = RCMSMYMADEE | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.104 for the Network Card with network
address 000E3535D38B has been denied by the DHCP server 192.168.6.1 (The DHCP Server
sent a DHCPNACK message).

Error - 9/18/2012 8:45:40 PM | Computer Name = RCMSMYMADEE | Source = Service Control Manager | ID = 7000
Description = The Apache2.2 service failed to start due to the following error:
%%3

Error - 9/18/2012 8:45:50 PM | Computer Name = RCMSMYMADEE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Soluto

Error - 9/18/2012 8:46:20 PM | Computer Name = RCMSMYMADEE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Microsoft Automated Troubleshooting
Service service to connect.

Error - 9/18/2012 8:47:30 PM | Computer Name = RCMSMYMADEE | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service MatSvc with
arguments "" in order to run the server: {109DB0ED-7C89-416B-AC66-6D0323941464}

Error - 9/18/2012 8:47:32 PM | Computer Name = RCMSMYMADEE | Source = Service Control Manager | ID = 7000
Description = The Microsoft Automated Troubleshooting Service service failed to
start due to the following error: %%1053

Error - 9/18/2012 8:47:33 PM | Computer Name = RCMSMYMADEE | Source = Service Control Manager | ID = 7034
Description = The Google Update Service (gupdate) service terminated unexpectedly.
It has done this 1 time(s).

< End of report >

Thanks for your help

**DeeMal** · 2012-09-19, 06:29

I received the following alert from WinPatrol:

A new Startup Program has been detected.
This program will run each time you login or restart your machine.

Do you approve the addition of this program startup setting?
Press Yes if this program is expected and accepted.

Applnit_DLLs

C:\\WINDOWS\system32\guard32.dll

It is not unusual to receive these type alerts from WinPatrol but I have been using Comodo for 2-3yrs and can not every remember receiving an alert for a DLL for Comodo. The first time I saw this was after running those scans.

I did change a setting to "Paranoid" for "Defense+Security Level" for the Firewall yesterday or day before yesterday.

I run Comodo on all the machines that I support at home and for my mother. I have not made those changes for my mother computer and have not seen this alert.

**ken545** · 2012-09-19, 10:36

Hi,

What you need to do is disable WinPatrol, you can right click on it in the system tray to do that and leave it disabled

COMODO Internet Security
AVAST

You also have two Anti Virus programs running, you need to uninstall one via Add Remove Programs in the Control Panel, with AV more is not better, just keep one, keep it updated and run regular scans

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

Code:

:processes
killallprocesses

:OTL
IE - HKU\S-1-5-21-3277439761-3802400216-3657561249-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:8118
2012/09/08 15:36:37 | 001,039,528 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120908-153927.backup
[2012/08/22 18:59:37 | 001,039,402 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120908-153636.backup
[2012/08/22 18:56:31 | 001,039,402 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120822-185937.backup


:Services

:Reg

:Files
ipconfig /flushdns /c


:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces

**DeeMal** · 2012-09-19, 17:17

Thanks Ken,

I don't have two virus protections running. Comodo requires that you download both (firewall and virus protection) and then choose both or one or the other. Comodo is my firewall. I have used Comodo's virus protection in the past but I didn't care for it and went for Avast. That has been at least a year ago. Therefore, this would leave me without a firewall or use of the onerous Windows firewall that does not give me outbound protection.

Any ideas before I delete Comodo?

In addition, I am now getting the following pop-up box when Windows loads in my standard user account:

"Found new hardware"

"You must be a member of the Administrators group on this computer to install this hardware: PCMCIA UNKNOWN_MANUFACTURER"

Gives two fields (boxes): One to choose Admin account and the other for my password.

**DeeMal** · 2012-09-19, 17:37

BTW, I have followed your directions by not installing or uninstalling any programs or devices. One other thing, my computer will not shut down properly unless I exit Copernic first. I like the program but seems like this is adding to the instability. Lastly, I have to boot twice--on average--in order for Windows to properly run. That is shut system down and reboot, today I had to hard boot. This happened after Copernic was installed. Like the program but will trash it in a heartbeat if this is the source of the issue(s).

Thanks.

**ken545** · 2012-09-19, 18:58

If you have AV with Comodo than keep it and uninstall Avast.

Copernic<--If its giving you problems than uninstall it, not sure about the new hardware found message, it may be related to a USB drive.

Go ahead and run the OTL fix because you have infected copies of the hosts file that we need to remove

Thread: My computer is running a bit unstable

Thread Tools

Display

My computer is running a bit unstable

Posting Permissions