Solved Windows Calculator and Alt-Tab display keep popping up

[Resolved] Windows Calculator and Alt-Tab display keep popping up

Note: I originally posted this in the Windows 7 forum. As instructed by admin Arie, I've moved it here. The contents of the requested DDS.txt file (see http://www.windowsbbs.com/windows-7...t-tab-display-keep-popping-up.html#post524145) are pasted below. The contents of the Attach.txt file will follow in my next post.

I have a 2-weeks old Win7 Home Premium 64-bit PC (see my system profile), and yesterday the Windows Calculator mini-app started popping up randomly at about 5- to 10-minute intervals as I was using the machine and browsing normally.

I deleted the Calculator program from the HD and searched for and deleted all references to any calculator whatsoever, but it still keeps popping up, even though I close it every time. Sometimes two or three instances of it appear, stacked, and the Alt-Tab display appears, with each of the miniature windows (of currently open apps) being selected in rapid sequence, sometimes closing the open window. It's almost as if a keyboard macro is working in the background, running like a program. What triggers the sequence I don't know.

Since day one I've had Avast! and Windows Defender running all the time in the background and I've run Windows Malicious Software Removal Tool and scans by Avast, SuperAntiSpyware and Malwarebytes' Antimalware. They all report that my PC is clean.

Could this be a Windows 7 system anomaly, or is it possible I have a virus or a keyboard macro enabled without knowing it? Whatever it is, it's making my use of the computer very difficult with all the random interruptions and window switching.

Help please? Thanks.

Frank D

==========================

DDS.txt

DDS (Ver_10-03-17.01) - NTFSX64
Run by Frank at 9:48:12.44 on Fri 07/30/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3838.2240 [GMT -4:00]

SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Process Lasso\ProcessLasso.exe
C:\Program Files\Process Lasso\ProcessGovernor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Software Informer\softinfo.exe
C:\Program Files (x86)\Gadwin PrintScreen\PrintScreen.exe
C:\Program Files\Listary\Listary.exe
C:\Program Files\Hidden Menu\HiddenMenu.exe
C:\Program Files\Copy Handler\ch64.exe
C:\Program Files (x86)\Dicter\DicterService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Listary\Listary32helper.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\TheSage\TheSage.exe
C:\Windows\system32\spool\DRIVERS\x64\3\HP1006MC.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\PopTray\PopTray.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\ZeeVee\ZvRemote\ZvRemote.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Genie Timeline Free\GenieTimelineService.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Visagesoft\eXPert PDF 6\vspdfprsrv.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Macrium Reflect\ReflectService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Advanced SystemCare 3\AWC.exe
C:\Program Files\Genie Timeline Free\x86\WebServer\PHP\php-cgi.exe
C:\Program Files\Genie Timeline Free\x86\WebServer\nginx\GSTimeLineSearch.exe
C:\Program Files\Genie Timeline Free\x86\WebServer\nginx\GSTimeLineSearch.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Genie Timeline Free\GSTimeLineAgent.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Hewlett-Packard\HP Setup\HPTCS.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\EditPadLite\EditPadLite.exe
C:\Program Files (x86)\Artensoft Photo Mosaic Wizard\Artensoft Photo Mosaic Wizard.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Frank\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\syswow64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files (x86)\adobe acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Babylon IE plugin: {9cfaccb6-2f3f-4177-94ea-0d2b72d384c1} - c:\program files (x86)\babylon\babylon-pro\utils\BabylonIEPI.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files (x86)\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files (x86)\msn\toolbar\3.0.0566.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files (x86)\msn\toolbar\3.0.0566.0\msneshellx.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files (x86)\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Software Informer] "c:\program files (x86)\software informer\softinfo.exe" -autorun
uRun: [Gadwin PrintScreen] c:\program files (x86)\gadwin printscreen\PrintScreen.exe /nosplash
uRun:
[Listary] "c:\program files\listary\Listary.exe "
uRun: [Hidden Menu] c:\program files\hidden menu\HiddenMenu.exe
uRun: [Copy Handler] c:\program files\copy handler\ch64.exe
uRun: [TheSage.exe] c:\program files (x86)\thesage\TheSage.exe
uRun: [DriverMax]
uRun: [DriverMax_RESTART]
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [SystemExplorer]
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\hp odometer\hpsysdrv.exe
mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun: [StartCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [HPCam_Menu] "c:\program files (x86)\hewlett-packard\media\webcam\muitransfer\muistartmenu.exe" "c:\program files (x86)\hewlett-packard\media\webcam" updatewithcreateonce "software\hewlett-packard\media\Webcam "
mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [HPUsageTracking] c:\program files (x86)\hp\hp ut\bin\hppusg.exe "c:\program files (x86)\hp\hp ut\ "
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe "
mRun: [UnlockerAssistant] "c:\program files (x86)\unlocker\UnlockerAssistant.exe "
mRun: [vspdfprsrv.exe] c:\program files (x86)\visagesoft\expert pdf 6\vspdfprsrv.exe --background
mRun: [WinPatrol] c:\program files (x86)\billp studios\winpatrol\winpatrol.exe -expressboot
StartupFolder: c:\users\frank\appdata\roaming\micros~1\windows\startm~1\programs\startup\poptray.lnk - c:\program files (x86)\poptray\PopTray.exe
StartupFolder: c:\users\frank\appdata\roaming\micros~1\windows\startm~1\programs\startup\zvremote.lnk - c:\program files (x86)\zeevee\zvremote\ZvRemote.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\microt~1.lnk - c:\program files (x86)\microtek\scanwizard 5\ScannerFinder.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\~disab~1\acroba~1.lnk - c:\program files (x86)\adobe acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\~disab~1\micros~2.lnk - c:\program files (x86)\ms office 95\office\FASTBOOT.EXE
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\~disab~1\micros~1.lnk - c:\program files (x86)\ms office xp\office10\OSA.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: &Dictionary - http://files.db3nf.com/scripts/ie.htm
IE: &Encyclopedia - http://files.db3nf.com/scripts/ie-e.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\msoffi~2\office10\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\frank\appdata\roaming\dvdvideosoftiehelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\frank\appdata\roaming\dvdvideosoftiehelpers\youtubetomp3.htm
IE: Translate this web page with Babylon - c:\program files (x86)\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files (x86)\babylon\babylon-pro\utils\BabylonIEPI.dll/Action.htm
IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files (x86)\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files (x86)\belarc\advisor\system\BAVoilaX.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
mRun-x64: [RtHDVCpl] c:\program files\realtek\audio\hda\RAVCpl64.exe -s
mRun-x64: [SmartMenu] c:\program files\hewlett-packard\hp mediasmart\SmartMenu.exe /background
mRun-x64: [PC-Doctor for Windows localizer] c:\program files\pc-doctor for windows\localizer.exe
mRun-x64: [Copy Handler]
mRun-x64: [ProcessLassoManagementConsole] c:\program files\process lasso\processlasso.exe
mRun-x64: [ProcessGovernor] c:\program files\process lasso\processgovernor.exe

================= FIREFOX ===================

FF - ProfilePath - c:\users\frank\appdata\roaming\mozilla\firefox\profiles\maz74s9a.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.google.com/news?pz=1&ned=us&hl=en&zx=5ukkc7s79dj5&cf=all&q
FF - component: c:\users\frank\appdata\roaming\mozilla\firefox\profiles\maz74s9a.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\platform\winnt_x86-msvc\components\SSSLauncher.dll
FF - component: c:\users\frank\appdata\roaming\mozilla\firefox\profiles\maz74s9a.default\extensions\firedownload@mozilla.org\components\firedownload.dll
FF - plugin: c:\program files (x86)\adobe acrobat 6.0\acrobat\browser\nppdf32.dll
FF - plugin: c:\program files (x86)\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files (x86)\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\program files\pdf-x viewer\pdf viewer\win32\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\pdf-x viewer\pdf viewer\win32\npqtplugin.dll
FF - plugin: c:\program files\pdf-x viewer\pdf viewer\win32\npqtplugin2.dll
FF - plugin: c:\program files\pdf-x viewer\pdf viewer\win32\npqtplugin3.dll
FF - plugin: c:\program files\pdf-x viewer\pdf viewer\win32\npqtplugin4.dll
FF - plugin: c:\program files\pdf-x viewer\pdf viewer\win32\npqtplugin5.dll
FF - plugin: c:\program files\pdf-x viewer\pdf viewer\win32\npqtplugin6.dll
FF - plugin: c:\users\frank\appdata\local\huludesktop\instances\0.9.13.1\nphdplg.dll
FF - plugin: c:\users\frank\appdata\roaming\mozilla\firefox\profiles\maz74s9a.default\extensions\ietab@ip.cn\plugins\npCoralIETab.dll
FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "network.buffer.cache.count ", 24);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "network.buffer.cache.size ", 4096);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys [2010-7-28 33800]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-16 121936]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore64.exe [2010-6-29 128752]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSr64.exe [2010-1-27 92160]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-1-27 203264]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-16 20048]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-7-16 61008]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-16 40384]
R2 DicterUpdateService;Dicter Service;c:\program files (x86)\dicter\DicterService.exe [2010-7-18 468992]
R2 GenieTimelineService;Genie Timeline Service;c:\program files\genie timeline free\GenieTimelineService.exe [2010-6-29 445056]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\macrium reflect\ReflectService.exe [2010-6-21 301024]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2010-7-18 14112]
R2 TeamViewer5;TeamViewer 5;c:\program files (x86)\teamviewer\version5\TeamViewer_Service.exe [2010-7-6 173352]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-16 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-16 40384]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2010-1-27 139616]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2010-1-27 239616]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2010-1-27 34872]
R3 UsbFltr;WayTech USB Filter Driver;c:\windows\system32\drivers\UsbFltr.sys [2007-4-9 12288]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-7-28 136176]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [2009-9-17 23536]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-17 1255736]

=============== Created Last 30 ================

2010-07-30 13:20:28 0 d-----w- c:\program files (x86)\Artensoft Photo Mosaic Wizard
2010-07-30 03:01:58 0 d-----w- c:\users\frank\appdata\roaming\Uniblue
2010-07-30 01:56:50 0 d-----w- c:\program files (x86)\SpywareBlaster
2010-07-30 01:44:14 0 d-----w- c:\program files (x86)\ESET
2010-07-29 22:11:03 0 d-----w- c:\program files (x86)\Process Explorer
2010-07-29 22:08:23 0 d-----w- c:\programdata\SystemExplorer
2010-07-29 22:08:22 0 d-----w- c:\program files (x86)\System Explorer
2010-07-29 21:46:35 0 d-----w- c:\users\frank\appdata\roaming\ProcessLasso
2010-07-29 21:46:35 0 d-----w- c:\program files\Process Lasso
2010-07-29 17:59:44 0 d-----w- c:\windows\syswow64\Genie Web Server
2010-07-29 17:59:44 0 d-----w- c:\windows\system32\Genie-Soft
2010-07-29 17:59:44 0 d-----w- c:\windows\system32\3?
2010-07-29 17:59:44 0 d-----w- c:\windows\system32\?N
2010-07-29 15:58:48 0 d-----w- c:\program files\USBDeview
2010-07-29 14:50:31 0 d-----w- c:\programdata\!SASCORE
2010-07-29 14:50:28 0 d-----w- c:\program files\SUPERAntiSpyware
2010-07-29 14:02:15 0 d-----w- c:\users\frank\appdata\roaming\Malwarebytes
2010-07-29 14:02:07 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-29 14:02:07 0 d-----w- c:\programdata\Malwarebytes
2010-07-29 14:02:07 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-07-29 13:19:37 0 d-----w- c:\programdata\Innovative Solutions
2010-07-29 13:19:31 0 d-----w- c:\program files (x86)\DriverMax
2010-07-29 13:06:00 526184 ----a-w- c:\windows\syswow64\XceedCry.dll
2010-07-29 13:06:00 456536 ----a-w- c:\windows\syswow64\XCEEDZIP.DLL
2010-07-29 13:06:00 110602 ----a-w- c:\windows\syswow64\xcdsfx32.bin
2010-07-29 03:31:22 33800 ----a-w- c:\windows\system32\drivers\pavboot64.sys
2010-07-29 03:31:06 0 d-----w- c:\program files (x86)\Panda Security
2010-07-29 02:24:40 0 d-----w- c:\users\frank\appdata\roaming\SUPERAntiSpyware.com
2010-07-29 02:24:40 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-07-29 00:39:19 0 d-----w- c:\users\frank\appdata\roaming\TheSage
2010-07-29 00:38:59 0 d-----w- c:\program files (x86)\TheSage
2010-07-29 00:22:20 0 d-----w- c:\users\frank\appdata\roaming\Lingoes
2010-07-29 00:22:12 0 d-----w- c:\programdata\Lingoes
2010-07-28 19:54:40 0 d-----w- c:\users\frank\appdata\roaming\IObit
2010-07-28 19:54:40 0 d-----w- c:\program files (x86)\Advanced SystemCare 3
2010-07-28 19:45:38 0 d-----w- c:\program files (x86)\Stalled Printer Repair
2010-07-28 15:39:24 0 d-----w- c:\users\frank\appdata\roaming\Genie-Soft
2010-07-28 15:39:17 0 d-----w- c:\program files\Genie Timeline Free
2010-07-28 15:07:42 0 d-----w- c:\program files (x86)\WinMerge
2010-07-28 12:30:09 0 d-----w- c:\programdata\ScreenVCR
2010-07-28 12:30:02 0 d-----w- c:\program files (x86)\TotalScreenRecorder_Gold
2010-07-27 20:46:37 0 d-----w- c:\users\frank\appdata\roaming\EurekaLog
2010-07-27 12:43:27 0 d-----w- c:\program files (x86)\ExifTool
2010-07-27 12:24:38 182680 ----a-w- c:\windows\syswow64\cnvshell.dll
2010-07-27 12:24:35 0 d-----w- c:\program files (x86)\ImageConverter Plus
2010-07-26 20:26:49 0 d-----w- c:\program files (x86)\Ashampoo Photo Commander 7
2010-07-26 15:02:19 0 d-----w- c:\users\frank\Rename Master
2010-07-26 14:59:19 0 d-----w- c:\program files (x86)\Rename Master
2010-07-26 14:50:24 0 d-----w- c:\program files (x86)\WildVoice Studio
2010-07-26 14:49:30 0 d-----w- c:\windows\Downloaded Installations
2010-07-26 12:56:46 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-07-25 03:58:10 0 d-----w- c:\users\frank\appdata\roaming\eXPert PDF 6
2010-07-25 03:56:23 24064 ----a-w- c:\windows\system32\vsmon1.dll
2010-07-25 03:56:05 0 d-----w- c:\programdata\Visage Software
2010-07-25 03:56:05 0 d-----w- c:\programdata\eXPert PDF Jobs
2010-07-25 03:56:05 0 d-----w- c:\programdata\eXPert PDF 6
2010-07-25 03:56:05 0 d-----w- c:\program files (x86)\Visagesoft
2010-07-25 03:01:49 0 d-----w- c:\programdata\Babylon
2010-07-25 03:01:48 0 d-----w- c:\users\frank\appdata\roaming\Babylon
2010-07-25 01:47:23 0 d-----w- c:\users\frank\appdata\roaming\AnvSoft
2010-07-25 01:47:20 0 d-----w- c:\program files (x86)\AnvSoft Any Audio Converter
2010-07-25 01:43:00 0 d--h--w- c:\program files (x86)\InstallJammer Registry
2010-07-25 01:42:59 0 d-----w- c:\program files\GutenMark
2010-07-25 01:42:51 0 d-----w- c:\program files (x86)\GutenMark
2010-07-25 01:40:30 0 d-----w- c:\program files (x86)\Goodsol Solitaire 101
2010-07-25 01:30:17 0 d-----w- c:\program files (x86)\Mp3TagToolsv12
2010-07-24 20:33:53 0 d-----w- c:\program files (x86)\Karen's Power Tools
2010-07-24 20:33:41 0 d-----w- c:\programdata\Karen's Power Tools
2010-07-24 20:29:36 0 d-----w- c:\program files (x86)\Asterisk Key
2010-07-24 16:46:14 0 d-----w- c:\users\frank\appdata\roaming\ZeeVee
2010-07-24 16:45:52 0 d-----w- c:\program files (x86)\ZeeVee
2010-07-24 16:22:58 153600 ----a-w- c:\windows\syswow64\AI_ContextMenu.dll
2010-07-24 16:22:54 892928 ----a-w- c:\windows\syswow64\iconv.dll
2010-07-24 16:22:54 675840 ----a-w- c:\windows\syswow64\ac3filter.ax
2010-07-24 16:22:54 496640 ----a-w- c:\windows\syswow64\xvid.ax
2010-07-24 16:22:52 0 d-----w- c:\program files (x86)\Aimersoft Video Converter Std
2010-07-24 03:28:01 524288 --sha-w- c:\users\frank\ntuser.dat{f38bc705-96d0-11df-8021-c80aa928c58a}.TMContainer00000000000000000002.regtrans-ms
2010-07-24 03:28:00 65536 --sha-w- c:\users\frank\ntuser.dat{f38bc705-96d0-11df-8021-c80aa928c58a}.TM.blf
2010-07-24 03:28:00 524288 --sha-w- c:\users\frank\ntuser.dat{f38bc705-96d0-11df-8021-c80aa928c58a}.TMContainer00000000000000000001.regtrans-ms
2010-07-24 02:00:09 65536 --sha-w- c:\users\frank\ntuser.dat{88f7bcd8-9693-11df-a925-c80aa928c58a}.TM.blf
2010-07-24 02:00:09 524288 --sha-w- c:\users\frank\ntuser.dat{88f7bcd8-9693-11df-a925-c80aa928c58a}.TMContainer00000000000000000002.regtrans-ms
2010-07-24 02:00:09 524288 --sha-w- c:\users\frank\ntuser.dat{88f7bcd8-9693-11df-a925-c80aa928c58a}.TMContainer00000000000000000001.regtrans-ms
2010-07-24 01:16:00 0 d-sh--w- c:\users\frank\IETldCache
2010-07-23 13:58:24 0 d-----w- c:\programdata\Nero
2010-07-23 13:56:53 0 d-----w- c:\program files (x86)\Ask.com
2010-07-22 16:20:45 0 d-----w- c:\program files (x86)\Process Hacker
2010-07-22 16:18:12 0 d-----w- c:\users\frank\appdata\roaming\Process Hacker 2
2010-07-22 15:26:10 0 d-----w- c:\programdata\Macrium
2010-07-22 15:24:01 0 d-----w- c:\program files\Macrium Reflect
2010-07-22 14:59:02 0 d-----w- c:\program files (x86)\MozBackup
2010-07-22 01:12:46 0 d-----w- c:\users\frank\appdata\roaming\DVDVideoSoftIEHelpers
2010-07-22 01:11:34 0 d-----w- c:\program files (x86)\DVDVideoSoft Free Studio
2010-07-22 00:57:40 0 d-----w- c:\program files (x86)\Gyazo
2010-07-21 23:05:37 0 d-----w- c:\program files\Unlocker
2010-07-21 20:13:42 0 d-----w- c:\program files (x86)\Unlocker
2010-07-21 19:58:41 0 d-----w- c:\program files (x86)\Lame for Audacity
2010-07-21 19:22:51 0 d-----w- c:\program files (x86)\cdTree
2010-07-21 18:20:54 0 d-----w- c:\program files (x86)\ConvertLIT GUI
2010-07-21 17:54:44 0 d-----w- c:\program files (x86)\CD-R Label
2010-07-21 17:52:51 57 ----a-w- c:\windows\cdrLabel.ini
2010-07-21 17:44:57 0 d-----w- c:\program files (x86)\AutoHotkey
2010-07-21 15:51:59 98304 ----a-w- c:\windows\syswow64\unzip.dll
2010-07-21 15:51:59 94208 ----a-w- c:\windows\syswow64\vbpng.dll
2010-07-21 15:51:59 72192 ----a-w- c:\windows\syswow64\zlib.dll
2010-07-21 15:51:59 454656 ----a-w- c:\windows\syswow64\PaintX.dll
2010-07-21 15:51:59 157696 ----a-w- c:\windows\syswow64\unrar.dll
2010-07-21 15:51:59 119568 ----a-w- c:\windows\syswow64\VB6FR.DLL
2010-07-21 15:51:58 252240 ----a-w- c:\windows\syswow64\MSDATLST.OCX
2010-07-21 15:51:58 136008 ----a-w- c:\windows\syswow64\MSINET.OCX
2010-07-21 15:51:58 127808 ----a-w- c:\windows\syswow64\MSWINSCK.OCX
2010-07-21 15:51:58 0 d-----w- c:\program files (x86)\Gentibus CD
2010-07-21 15:30:11 0 d-----w- c:\program files (x86)\AllChars
2010-07-21 15:16:29 0 d-----w- c:\program files (x86)\ABC Amber LIT Converter
2010-07-21 15:09:15 0 d-----w- c:\users\frank\appdata\roaming\abelhadigital.com
2010-07-21 15:09:15 0 d-----w- c:\programdata\abelhadigital.com
2010-07-21 15:09:13 0 d-----w- c:\program files (x86)\HostsMan
2010-07-21 14:17:24 0 d-----w- c:\users\frank\appdata\roaming\SecurityHeroes
2010-07-21 01:20:47 0 d-----w- c:\program files\Hidden Menu
2010-07-20 21:23:01 35 ----a-w- c:\windows\Ulead32.INI
2010-07-20 21:04:44 0 d-----w- C:\ScanWizard 5 v6.32
2010-07-20 20:35:18 0 d-----w- C:\OCR Eng v4.00.20
2010-07-20 20:32:36 0 d-----w- C:\Kpcms
2010-07-20 20:32:35 15396 ----a-w- c:\windows\syswow64\Msmusd5.dll
2010-07-20 20:32:35 13962 ----a-w- c:\windows\syswow64\Msmusd6.dll
2010-07-20 20:32:35 12499 ----a-w- c:\windows\syswow64\Msmusd7.dll
2010-07-20 20:32:16 0 d-----w- c:\program files (x86)\Microtek
2010-07-20 20:31:52 0 d-----w- c:\program files (x86)\ScanWizard 5.6.63
2010-07-20 20:01:24 0 d-----w- c:\users\frank\appdata\roaming\WinPatrol
2010-07-20 20:01:21 0 d-----w- c:\program files (x86)\BillP Studios
2010-07-20 19:59:40 0 d-----w- c:\programdata\Listary
2010-07-20 19:59:32 0 d-----w- c:\program files\Listary
2010-07-20 19:43:25 0 d-----w- C:\junk
2010-07-20 15:31:09 0 d-----w- c:\program files\factormystic.net
2010-07-20 14:47:52 0 d-----w- c:\users\frank\appdata\roaming\KO Approach Items
2010-07-20 14:39:17 0 d-----w- c:\program files\FolderSize
2010-07-20 13:49:46 0 d-----w- c:\program files\Copy Handler
2010-07-20 12:00:26 0 d-----w- c:\programdata\Sun
2010-07-20 12:00:05 423656 ----a-w- c:\windows\syswow64\deployJava1.dll
2010-07-20 12:00:05 153376 ----a-w- c:\windows\syswow64\javaws.exe
2010-07-20 12:00:05 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-07-20 12:00:05 145184 ----a-w- c:\windows\syswow64\java.exe
2010-07-20 02:08:22 0 d-----w- c:\program files (x86)\SnowFox Total Video Converter
2010-07-19 19:16:43 0 d-----w- c:\program files\FreeLaunchBar
2010-07-19 14:10:10 0 d-----w- c:\users\frank\appdata\roaming\HP Support Assistant
2010-07-19 14:10:04 0 d-----w- c:\users\frank\appdata\roaming\HpUpdate
2010-07-19 02:34:31 0 d-----w- c:\users\frank\appdata\roaming\JGsoft
2010-07-19 02:33:12 0 d-----w- c:\program files (x86)\CD Design Creator
2010-07-19 01:19:50 132 ----a-w- C:\StopPrint.bat
2010-07-19 01:07:35 0 d-----w- c:\program files (x86)\FreeLaunchBar
2010-07-19 00:43:45 656 ---ha-w- c:\users\frank\tlbdata.xml
2010-07-18 23:50:16 0 d-----w- c:\program files (x86)\common files\PX Storage Engine
2010-07-18 23:50:11 0 d-----w- c:\windows\syswow64\IOSUBSYS
2010-07-18 23:10:48 0 d-----w- c:\users\frank\appdata\roaming\IrfanView
2010-07-18 23:10:47 0 d-----w- c:\program files (x86)\IrfanView
2010-07-18 23:06:15 0 d-----w- c:\program files (x86)\Gadwin PrintScreen
2010-07-18 22:33:47 0 d-----w- c:\programdata\Apple Computer
2010-07-18 22:33:44 94208 ----a-w- c:\windows\syswow64\QuickTimeVR.qtx
2010-07-18 22:33:44 69632 ----a-w- c:\windows\syswow64\QuickTime.qts
2010-07-18 22:33:43 180224 ----a-w- c:\windows\syswow64\QTCF.dll
2010-07-18 22:33:39 0 d-----w- c:\program files (x86)\QuickTime Alternative
2010-07-18 22:21:51 0 d-----w- c:\program files (x86)\Google Picasa3
2010-07-18 22:21:16 8 --sh--r- c:\programdata\7C18212ACF.sys
2010-07-18 22:21:15 2828 --sha-w- c:\programdata\KGyGaAvL.sys
2010-07-18 22:17:07 40 ---ha-w- c:\windows\system32\ivireg.ivr
2010-07-18 22:17:07 14112 ----a-w- c:\windows\system32\drivers\regi.sys
2010-07-18 22:16:03 0 d-----w- c:\program files (x86)\common files\Protexis
2010-07-18 22:15:01 0 d-----w- c:\programdata\Corel
2010-07-18 22:15:01 0 d-----w- c:\program files (x86)\Corel WinDVD 2010
2010-07-18 22:12:51 2332368 ----a-w- c:\windows\syswow64\d3dx9_29.dll
2010-07-18 22:10:26 210200 ----a-w- c:\windows\syswow64\TWNPRO3.DLL
2010-07-18 22:10:26 122880 ----a-w- c:\windows\syswow64\TWNLIB3.DLL
2010-07-18 22:10:26 0 d-----w- c:\program files (x86)\Photocopier
2010-07-18 22:10:01 0 d-----w- c:\program files (x86)\Free PDF to Word Doc Converter
2010-07-18 22:02:39 0 d-----w- c:\programdata\Pianosoft
2010-07-18 22:02:39 0 d-----w- c:\program files (x86)\Free MP3 Converter
2010-07-18 22:00:38 0 d-----w- c:\program files (x86)\MP3 Converter
2010-07-18 21:13:21 0 d-----w- c:\users\frank\appdata\roaming\MakeitOne
2010-07-18 21:13:14 0 d-----w- c:\program files (x86)\MakeitOne MP3AlbumMaker
2010-07-18 21:09:30 0 d-----w- c:\program files (x86)\Inpaint
2010-07-18 21:06:39 0 d-----w- c:\program files (x86)\FFmpeg for Audacity
2010-07-18 21:00:14 0 d-----w- c:\program files (x86)\Do It Again
2010-07-18 20:52:36 0 d-----w- c:\programdata\TreeCardGames
2010-07-18 20:52:27 0 d-----w- c:\users\frank\appdata\roaming\TreeCardGames
2010-07-18 20:52:22 0 d-----w- c:\program files (x86)\123 Free Solitaire
2010-07-18 20:32:16 0 d-----w- c:\windows\AllMedia Grabber
2010-07-18 20:32:16 0 d-----w- c:\program files (x86)\AllMedia Grabber
2010-07-18 20:27:04 0 d-----w- c:\program files\UPHClean
2010-07-18 20:22:07 0 d-----w- c:\users\frank\appdata\roaming\TeraCopy
2010-07-18 20:22:04 0 d-----w- c:\program files (x86)\TeraCopy
2010-07-18 20:17:22 0 d-----w- c:\users\frank\appdata\roaming\TeamViewer
2010-07-18 20:17:17 0 d-----w- c:\program files (x86)\TeamViewer
2010-07-18 20:15:45 0 d-----w- c:\program files (x86)\SIW
2010-07-18 20:14:48 0 d-----w- c:\program files\Recuva
2010-07-18 20:13:24 57436 ----a-w- c:\windows\DASShp.dll
2010-07-18 20:13:24 0 d-----w- c:\program files (x86)\Microsoft Reader
2010-07-18 20:06:12 0 d-----w- c:\program files (x86)\MPlayer for Windows
2010-07-18 19:58:48 0 d-----w- c:\users\frank\appdata\roaming\Mp3tag
2010-07-18 19:58:39 0 d-----w- c:\program files (x86)\Mp3tag
2010-07-18 19:49:34 0 d-----w- c:\program files (x86)\MediaMonkey
2010-07-18 19:43:34 0 d-----w- c:\program files (x86)\common files\DVDVideoSoft
2010-07-18 19:43:33 0 d-----w- c:\program files (x86)\Free YouTube to MP3 Converter
2010-07-18 19:38:36 0 d-----w- c:\program files (x86)\FolderSize
2010-07-18 19:37:43 68232 ----a-w- c:\windows\UnDeployV.exe
2010-07-18 19:37:43 0 d-----w- c:\program files (x86)\EditPadLite
2010-07-18 19:22:25 0 d-----w- c:\program files (x86)\Belarc
2010-07-18 19:11:54 0 d-----w- c:\program files (x86)\Resize Enable Runner
2010-07-18 19:08:34 0 d-----w- c:\users\frank\appdata\roaming\Bullzip
2010-07-18 19:03:59 227840 ----a-w- c:\windows\syswow64\bzFlRdr.dll
2010-07-18 19:03:59 126976 ----a-w- c:\windows\syswow64\bzpdfc.dll
2010-07-18 19:03:59 103424 ----a-w- c:\windows\syswow64\bzDCT.dll
2010-07-18 19:03:56 212480 ----a-w- c:\windows\system32\bzpdf.dll
2010-07-18 19:03:53 0 d-----w- c:\program files\Bullzip PDF Printer
2010-07-18 18:59:48 0 d-----w- c:\program files (x86)\ABBYY FineReader 6.0 Sprint
2010-07-18 18:53:30 0 d-----w- c:\programdata\Adobe
2010-07-18 18:29:29 0 d-----w- c:\program files\PDF-X Viewer
2010-07-18 17:09:04 0 d-----w- c:\windows\syswow64\spool
2010-07-18 17:07:46 0 d-----w- c:\program files (x86)\Adobe Acrobat 6.0
2010-07-18 16:53:28 14336 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-07-18 16:48:33 0 d-----w- c:\program files (x86)\Microsoft ActiveSync
2010-07-18 16:47:41 0 d-----w- c:\program files (x86)\MS Office XP
2010-07-18 16:37:29 0 d-----w- c:\program files (x86)\MS Office 95
2010-07-18 16:31:50 1103 ----a-w- c:\windows\ODBCINST.INI
2010-07-18 14:59:55 0 d-----w- c:\programdata\NCH Software
2010-07-18 14:59:44 0 d-----w- c:\program files (x86)\NCH Software
2010-07-18 13:19:50 0 d-----w- c:\users\frank\appdata\roaming\Ashampoo
2010-07-18 13:19:44 0 d-----w- c:\programdata\ashampoo
2010-07-18 13:19:39 0 d-----w- c:\program files (x86)\Ashampoo
2010-07-18 12:38:18 0 d-----w- c:\program files (x86)\FotoSketcher
2010-07-18 12:30:29 0 d-----w- c:\program files (x86)\Dicter
2010-07-18 02:57:59 0 d-----w- c:\users\frank\appdata\roaming\Digiarty
2010-07-18 02:57:50 0 d-----w- c:\program files (x86)\Digiarty WinX_DVD_Ripper_Platinum
2010-07-18 01:19:03 0 d-----w- c:\programdata\{DA06AA03-DF24-4ECE-939E-1B0939235C66}
2010-07-18 01:18:39 0 d-----w- c:\users\frank\appdata\roaming\hpqLog
2010-07-18 01:18:00 0 d-----w- c:\users\frank\appdata\roaming\WinBatch
2010-07-18 01:03:35 0 d-----w- c:\users\frank\appdata\roaming\Software Informer
2010-07-18 01:03:35 0 d-----w- c:\program files (x86)\Software Informer
2010-07-17 23:57:06 0 d-----w- c:\users\frank\appdata\roaming\SupportSoft
2010-07-17 23:54:11 0 d-----w- c:\program files (x86)\common files\supportsoft
2010-07-17 23:20:59 0 d-----w- c:\program files (x86)\Audacity
2010-07-17 23:14:24 0 d-----w- c:\program files (x86)\Audacity 1.3 Beta (Unicode)
2010-07-17 20:39:43 0 d-----w- c:\programdata\HP
2010-07-17 20:36:12 0 d-----w- c:\windows\syswow64\Wat
2010-07-17 20:36:12 0 d-----w- c:\windows\system32\Wat
2010-07-17 20:08:17 0 d-----w- c:\program files (x86)\MSXML 4.0
2010-07-17 20:05:29 99176 ----a-w- c:\windows\syswow64\PresentationHostProxy.dll
2010-07-17 20:05:29 49472 ----a-w- c:\windows\syswow64\netfxperf.dll
2010-07-17 20:05:29 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2010-07-17 20:05:29 297808 ----a-w- c:\windows\syswow64\mscoree.dll
2010-07-17 20:05:29 295264 ----a-w- c:\windows\syswow64\PresentationHost.exe
2010-07-17 20:05:29 1130824 ----a-w- c:\windows\syswow64\dfshim.dll
2010-07-17 20:05:29 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-07-17 20:05:28 48960 ----a-w- c:\windows\system32\netfxperf.dll
2010-07-17 20:05:28 444752 ----a-w- c:\windows\system32\mscoree.dll
2010-07-17 20:05:28 1942856 ----a-w- c:\windows\system32\dfshim.dll
2010-07-17 19:40:39 0 d-----w- c:\program files (x86)\Revo Uninstaller
2010-07-17 19:30:07 0 d-----w- c:\programdata\HPSSUPPLY
2010-07-17 19:29:44 0 d-----w- c:\program files\Avago-HP
2010-07-17 19:29:18 64512 ----a-w- c:\windows\system32\HPPLVS.dll
2010-07-17 19:29:16 398336 ----a-w- c:\windows\system32\HP1006LM.DLL
2010-07-17 19:28:50 0 d--h--w- c:\program files (x86)\Avago-HP
2010-07-17 19:27:41 0 d-----w- C:\hp_P1000_P1500_Full_Solution
2010-07-17 16:59:08 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-07-17 13:53:47 0 d-----w- c:\program files (x86)\PopTray
2010-07-17 13:15:44 2870272 ----a-w- c:\windows\explorer.exe
2010-07-17 13:14:58 84480 ----a-w- c:\windows\syswow64\mciavi32.dll
2010-07-17 01:27:40 61008 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-07-17 01:27:40 0 ----a-w- c:\windows\syswow64\config.nt
2010-07-17 01:27:25 38848 ----a-w- c:\windows\avastSS.scr
2010-07-17 01:27:25 165032 ----a-w- c:\windows\syswow64\aswBoot.exe
2010-07-17 01:27:21 0 d-----w- c:\programdata\Alwil Software
2010-07-17 01:27:21 0 d-----w- c:\program files\Alwil Software
2010-07-16 19:44:19 0 d-----w- c:\users\frank\appdata\roaming\PictureMover
2010-07-16 19:42:41 270208 ------w- c:\windows\system32\MpSigStub.exe
2010-07-16 19:33:11 220672 ----a-w- c:\windows\system32\wintrust.dll
2010-07-16 19:33:11 172032 ----a-w- c:\windows\syswow64\wintrust.dll
2010-07-16 19:33:10 139264 ----a-w- c:\windows\system32\cabview.dll
2010-07-16 19:33:10 132608 ----a-w- c:\windows\syswow64\cabview.dll
2010-07-16 19:32:01 1652 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_AY587AA-ABA MS225_YC_0Pavi_Q4CS011_EA1NAv6PrA2_49_ICapirona_SHP_V_BV5.13_T091126_WUH0_L409_M3839_J320_7AMD_8Athlon II X2 250_91.6_#_N10EC8136_Z_G10029612_Ohp CDDVDW TS-L633N SATA CdRom Device_DHWP4105.MRK

==================== Find3M ====================

2010-06-21 16:13:50 39904 ----a-w- c:\windows\system32\drivers\psmounter.sys
2010-05-27 07:24:13 34304 ----a-w- c:\windows\syswow64\atmlib.dll
2010-05-27 06:34:09 46080 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 04:11:32 366080 ----a-w- c:\windows\system32\atmfd.dll
2010-05-27 03:49:37 293888 ----a-w- c:\windows\syswow64\atmfd.dll
2010-05-21 05:52:30 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-05-21 05:18:06 977920 ----a-w- c:\windows\syswow64\wininet.dll
2010-05-21 05:14:50 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-05-19 19:48:12 144384 ----a-w- c:\windows\system32\cdd.dll
2010-05-09 09:46:00 961024 ----a-w- c:\windows\system32\CPFilters.dll
2010-05-09 09:45:57 552960 ----a-w- c:\windows\system32\msdri.dll
2010-05-09 09:14:55 641536 ----a-w- c:\windows\syswow64\CPFilters.dll
2010-05-06 12:42:05 1225216 ----a-w- c:\windows\syswow64\urlmon.dll
2010-05-06 12:41:55 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-05-06 12:41:53 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-05-06 12:41:53 5970944 ----a-w- c:\windows\syswow64\mshtml.dll
2010-05-06 12:41:49 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-05-06 12:41:49 10984448 ----a-w- c:\windows\syswow64\ieframe.dll
2010-05-01 15:07:05 3122176 ----a-w- c:\windows\system32\win32k.sys
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 9:49:47.71 ===============

 

Attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/16/2010 3:31:32 PM
System Uptime: 7/29/2010 11:53:30 PM (10 hours ago)

Motherboard: Hewlett-Packard | | Capirona
Processor: AMD Athlon(tm) II X2 250 | Socket S1G2 | 1600/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 288 GiB total, 235.043 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 1.523 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP73: 7/26/2010 10:49:55 AM - Installed WildVoice Studio 1.0.
RP74: 7/26/2010 2:38:24 PM - Windows Update
RP75: 7/26/2010 2:39:03 PM - Windows Update
RP76: 7/26/2010 9:26:27 PM - Nightly restore point
RP77: 7/27/2010 7:33:18 PM - Installed Windows Media Player Firefox Plugin
RP78: 7/27/2010 9:22:49 PM - Nightly restore point
RP79: 7/28/2010 11:39:56 AM - Installed Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
RP80: 7/28/2010 11:40:31 AM - Installed Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
RP81: 7/28/2010 3:55:14 PM - Advanced SystemCare RestorePoint
RP82: 7/28/2010 7:28:53 PM - Revo Uninstaller's restore point - Babylon
RP83: 7/28/2010 7:30:06 PM - Revo Uninstaller's restore point - Free Audio CD Burner version 1.4
RP84: 7/28/2010 7:30:49 PM - Revo Uninstaller's restore point - Uninstall 1.0.0.1
RP85: 7/28/2010 8:11:12 PM - Revo Uninstaller's restore point - Click Translator 3.2
RP86: 7/28/2010 8:46:55 PM - Revo Uninstaller's restore point - Lingoes 2.7.0
RP87: 7/28/2010 11:54:26 PM - Nightly restore point
RP88: 7/29/2010 9:18:05 AM - Revo Uninstaller's restore point - Driver Magician 3.5
RP89: 7/29/2010 10:52:20 PM - Nightly restore point
RP90: 7/29/2010 11:04:37 PM - Revo Uninstaller's restore point - Uniblue RegistryBooster

==== Installed Programs ======================

123 Free Solitaire 2009 v7.0
ABBYY FineReader 6.0 Sprint
ABBYY FineReader OCR Engine for Microtek
ABC Amber LIT Converter
ActiveCheck component for HP Active Support Library
Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat 6.0.1 Professional
Adobe Acrobat and Reader 6.0.3 Update
Adobe Acrobat and Reader 6.0.4 Update
Adobe Acrobat and Reader 6.0.5 Update
Adobe Acrobat and Reader 6.0.6 Update
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Advanced SystemCare 3
Aimersoft Video Converter Std(Build 4.0.0.0)
AMD USB Filter Driver
Any Audio Converter 3.0.6
AnyBizSoft PDF to Word (Build 2.5.3)
Artensoft Photo Mosaic Wizard
Ashampoo Burning Studio 6 FREE
Ashampoo Photo Commander 7.40
Asterisk Key 10.0
Audacity 1.3.12 (Unicode)
avast! Free Antivirus
Belarc Advisor 8.1
Burlington's CD Design Creator
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
cdTree 3 Standard Edition 3.1.4 Std
Compatibility Pack for the 2007 Office system
ConvertLIT Graphical User Interface 2.0
Corel WinDVD 2010
CyberLink DVD Suite Deluxe
DICTER 3.05
DirectX for Managed Code Update (Summer 2004)
Disketch CD Label Software
Do It Again
DriverMax 5
DVD Menu Pack for HP MediaSmart Video
ERUNT 1.1j
ESET Online Scanner v3
eXPert PDF 6
FFmpeg 2009-01-08 for Audacity
FFmpeg for Audacity on Windows
Folder Size for Windows
FotoSketcher 1.97
Free PDF to Word Doc Converter v1.1
Free Studio version 4.8
Free YouTube to MP3 Converter version 3.7
Gadwin PrintScreen
Genie Timeline Free 2.1
Gentibus CD 1.49
Goodsol Solitaire 101 Version 2.01
Google Earth
Google Update Helper
GPL Ghostscript Lite 8.70
Gyazo 0.2
HostsMan 3.2.73
HP Advisor
HP Customer Experience Enhancements
HP Games
HP LaserJet P1000 series
HP MediaSmart Demo
HP MediaSmart Music/Photo/Video
HP MediaSmart Webcam
HP MediaSmart/TouchSmart Netflix
HP Odometer
HP Remote Solution
HP Setup
HP Support Assistant
HP Support Information
HP Update
HPAsset component for HP Active Support Library
hppMSRedist
hppusgP1000
HPSSupply
Hulu Desktop
ImageConverter Plus 8.0
Inpaint 2.3
Internet TV for Windows Media Center
IrfanView (remove only)
Java Auto Updater
Java(TM) 6 Update 21
Junk Mail filter update
Just Great Software EditPad Lite 6.5.2
Karen's Directory Printer
LabelPrint
LADSPA_plugins-win-0.4.15
LAME v3.98.2 for Audacity
LightScribe System Software
MakeitOne - MP3AlbumMaker
Malwarebytes' Anti-Malware
MarketResearch
MediaMonkey 3.2
Microsoft Choice Guard
Microsoft Live Search Toolbar
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional
Microsoft Office XP Professional
Microsoft Reader
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
Movie Theme Pack for HP MediaSmart Video
MozBackup 1.4.10
Mozilla Firefox (3.6.8)
Mozilla Thunderbird (3.1.1)
MP3 Converter V4.7.0
Mp3 Tag Tools v1.2
Mp3tag v2.46a
MPlayer for Windows (Full Package)
MrvlUsgTracking
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Panda ActiveScan 2.0
Photocopier 3.05
Picasa 3
PictureMover
PopTray 3.20
Power2Go
PowerDirector
Process Lasso
Project Gutenberg Prettifier
QuickTime Alternative 3.2.2
Realtek High Definition Audio Driver
Recovery Manager
Rename Master
Revo Uninstaller 1.89
ScanWizard 5
SIW version 2009-09-09
SnowFox Total Video Converter 2.1.1.0
Software Informer 1.0 BETA
SpywareBlaster 4.3
Stalled Printer Repair 1.2
System Explorer 2.2.5
TeamViewer 5
TeraCopy 1.22
TheSage
Total Screen Recorder Gold 1.5
TWC Customer Controls
WildVoice Studio 1.0
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Center Add-in for Silverlight
Windows Media Player Firefox Plugin
WinMerge 2.12.4
WinPatrol
WinX DVD Ripper Platinum 5.15.3
Zinc
ZvRemote

==== Event Viewer Messages From Past Week ========

7/30/2010 12:02:52 AM, Error: atikmdag [43029] - Display is not active
7/30/2010 12:02:49 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
7/29/2010 9:00:47 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
7/29/2010 11:33:31 PM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
7/28/2010 7:17:26 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
7/28/2010 7:16:05 PM, Error: amdsata [11] - The driver detected a controller error on \Device\RaidPort0.
7/28/2010 11:34:38 PM, Error: Service Control Manager [7000] - The RkPavproc1 service failed to start due to the following error: This driver has been blocked from loading
7/28/2010 11:34:38 PM, Error: Application Popup [1060] - \??\C:\Windows\SysWow64\drivers\RkPavproc1.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
7/28/2010 10:34:35 AM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {ABC01078-F197-4B0B-ADBC-CFE684B39C82}. The error: "740" Happened while starting this command: "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" -Embedding
7/26/2010 9:00:11 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume HP.
7/26/2010 8:14:48 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
7/26/2010 2:39:26 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070103: WayTech - Input - Office Keyboard.
7/23/2010 11:32:20 PM, Error: Service Control Manager [7022] - The avast! Antivirus service hung on starting.
7/23/2010 11:20:05 PM, Error: Service Control Manager [7000] - The TrustedInstaller service failed to start due to the following error: The system cannot find the file specified.
7/23/2010 11:20:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "2" attempting to start the service TrustedInstaller with arguments " " in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
7/23/2010 11:09:26 PM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The system cannot find the file specified.
7/23/2010 11:07:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "2" attempting to start the service TrustedInstaller with arguments " " in order to run the server: {3C6859CE-230B-48A4-BE6C-932C0C202048}

==== End Of File ===========================

 

New info:
A half-hour ago about two hours after startup the original problem started popping up again. Even though yesterday I renamed Calc.exe to Calc.ex_, when I checked C:\windows\system32 a few minutes ago there was a new version of Calc.exe. This time I deleted both files. Let's see if it will / how long it will take to generate a new copy.

 

Sorry, I posted this before I saw the previous two admin messages. I'm working on broni's procedure right now.

Update:
The Calculator no longer appears (for the present), but the Alt-Tab merry-go-round continues, now about every 2-3 minutes. It switches randomly among open application windows, so I never know when I'll be interrupted doing something, then have to find the window I was working in and reorient myself.

I stopped and disabled the DWM service. Let's see what good that does.

 

Here's the Malwarebytes log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4371

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

7/30/2010 2:43:51 PM
mbam-log-2010-07-30 (14-43-51).txt

Scan type: Quick scan
Objects scanned: 136786
Time elapsed: 6 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

Here is the Super AntiSpyware log:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/30/2010 at 04:45 PM

Application Version : 4.41.1000

Core Rules Database Version : 5291
Trace Rules Database Version: 3103

Scan type : Complete Scan
Total Scan Time : 01:47:33

Memory items scanned : 391
Memory threats detected : 0
Registry items scanned : 13282
Registry threats detected : 0
File items scanned : 229023
File threats detected : 16

Adware.Tracking Cookie
C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Cookies\frank@atdmt[1].txt
C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Cookies\frank@doubleclick[1].txt
C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Cookies\frank@imrworldwide[2].txt
C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Cookies\frank@msnportal.112.2o7[1].txt
C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Cookies\Low\frank@ad.wsod[2].txt
C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Cookies\Low\frank@atdmt[1].txt
C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Cookies\Low\frank@doubleclick[2].txt
C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Cookies\Low\frank@landing.hitfarm[1].txt
C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Cookies\Low\frank@msnportal.112.2o7[1].txt
.atdmt.com [ C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\maz74s9a.Default\cookies.sqlite ]
.atdmt.com [ C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\maz74s9a.Default\cookies.sqlite ]
.2o7.net [ C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\maz74s9a.Default\cookies.sqlite ]
adserver.pctools.com [ C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\maz74s9a.Default\cookies.sqlite ]
.2o7.net [ C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\maz74s9a.Default\cookies.sqlite ]
.2o7.net [ C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\maz74s9a.Default\cookies.sqlite ]
.2o7.net [ C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\maz74s9a.Default\cookies.sqlite ]

 

Here is the MBRCheck text:

MBRCheck, version 1.1.1

(c) 2010, AD



\\.\C: --> \\.\PhysicalDrive0

\\.\D: --> \\.\PhysicalDrive0



Size Device Name MBR Status

--------------------------------------------

298 GB \\.\PhysicalDrive0 Error reading raw MBR!





Done! Press ENTER to exit...

 

Update:
Well, as I said before the Calculator isn't appearing, but the Alt-Tab stuff still pops up every 2-3 minutes, as before, even though the DWM service is still disabled.

 

Sorry, but I saw your cautionary message about not running or changing anything after I posted my previous message.

Here's a problem: If I follow your instructions, the program runs without any options. So I can't enter 'Y' or anything else. Is there a way around this?

Frank

 

Update:
My computer is difficult to use now, with the Alt-Tab thing popping up every 30 seconds to 2 minutes. It's like a one-armed bandit - you don't know when or where the "wheels" are going to stop.

 

broni, I followed your script above. I saw all the things referenced in it, and I typed bootrec /FixMbr at the prompt and pressed Enter, and was told that it was successful, but after rebooting I see that the MBRCheck results did not change:

MBRCheck, version 1.1.1
(c) 2010, AD

\\.\C: --> \\.\PhysicalDrive0
\\.\D: --> \\.\PhysicalDrive0

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Error reading raw MBR!

Done! Press ENTER to exit...

So far, after ~15 minutes now, the Alt-Tab display hasn't popped up. Maybe something worked?

 

No, I'm a very basic user. Nothing fancy. This machine (HP MS225) is straight out of the box and I haven't changed anything but add software and what I've described in this thread. It's got a single hard drive (C) with a recovery partition (D).

(I have to omit the : after C and D, otherwise they appear as smilies.)

Well another 10 minutes or so with no Alt-Tab display. (Pant, pant!)

 

broni, this is the message I get when trying to post the text of OTL.txt: "The text that you have entered is too long (179387 characters). Please shorten it to 55000 characters long. "

So I'm going to have to copy it and post it in five or six parts.

 

OTL logfile created on: 7/30/2010 7:58:56 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Frank\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.57 Gb Total Space | 235.35 Gb Free Space | 81.84% Space Free | Partition Type: NTFS
Drive D: | 10.42 Gb Total Space | 1.52 Gb Free Space | 14.61% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FRANKS-PC
Current User Name: Frank
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/30 19:57:39 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Frank\Downloads\OTL.exe
PRC - [2010/07/22 22:06:53 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/07/08 12:15:14 | 000,007,680 | ---- | M] () -- C:\Program Files\Listary\Listary32helper.exe
PRC - [2010/07/06 11:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010/07/02 17:33:10 | 002,347,216 | ---- | M] (IObit) -- C:\Program Files (x86)\Advanced SystemCare 3\AWC.exe
PRC - [2010/06/28 16:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/06/17 18:12:46 | 001,566,016 | ---- | M] () -- C:\Program Files (x86)\ZeeVee\ZvRemote\ZvRemote.exe
PRC - [2010/06/15 04:55:52 | 000,039,936 | ---- | M] (The PHP Group) -- C:\Program Files\Genie Timeline Free\x86\WebServer\PHP\php-cgi.exe
PRC - [2010/06/15 04:53:48 | 001,417,216 | ---- | M] () -- C:\Program Files\Genie Timeline Free\x86\WebServer\nginx\GSTimeLineSearch.exe
PRC - [2010/05/31 07:18:16 | 000,323,976 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2010/01/06 08:09:22 | 001,237,504 | ---- | M] () -- C:\Program Files (x86)\Visagesoft\eXPert PDF 6\vspdfprsrv.exe
PRC - [2009/12/01 20:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/11/25 18:50:10 | 002,011,205 | ---- | M] (Informer Technologies, Inc.) -- C:\Program Files (x86)\Software Informer\softinfo.exe
PRC - [2009/09/27 06:52:00 | 002,542,848 | ---- | M] (Just Great Software) -- C:\Program Files (x86)\EditPadLite\EditPadLite.exe
PRC - [2009/08/29 18:43:46 | 000,468,992 | ---- | M] (Zeyfman Genady) -- C:\Program Files (x86)\Dicter\DicterService.exe
PRC - [2009/08/24 22:11:15 | 000,656,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
PRC - [2009/01/07 19:59:06 | 000,325,632 | ---- | M] (Sequence Publishing) -- C:\Program Files (x86)\TheSage\TheSage.exe
PRC - [2008/12/09 07:08:38 | 000,495,616 | ---- | M] (Gadwin Systems, Inc) -- C:\Program Files (x86)\Gadwin PrintScreen\PrintScreen.exe
PRC - [2008/11/20 14:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2007/09/21 09:25:52 | 000,344,064 | ---- | M] () -- C:\Program Files (x86)\Microtek\ScanWizard 5\ScannerFinder.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2006/09/16 09:01:16 | 001,666,048 | ---- | M] (Renier Crause) -- C:\Program Files (x86)\PopTray\PopTray.exe
PRC - [2001/11/17 18:51:22 | 000,659,968 | ---- | M] (Ideasoft) -- C:\Program Files\Hidden Menu\HiddenMenu.exe


========== Modules (SafeList) ==========

MOD - [2010/07/30 19:57:39 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Frank\Downloads\OTL.exe
MOD - [2009/07/13 21:16:14 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc_os.dll
MOD - [2009/07/13 21:15:42 | 000,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msacm32.dll
MOD - [2009/07/13 21:14:51 | 002,175,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\AppPatch\AcGenral.dll
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 21:10:22 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc.dll
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/06/29 13:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/06/29 06:38:02 | 000,445,056 | ---- | M] (Genie-Soft) [Auto | Running] -- C:\Program Files\Genie Timeline Free\GenieTimelineService.exe -- (GenieTimelineService)
SRV:64bit: - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/06/21 12:13:36 | 000,301,024 | ---- | M] () [Auto | Running] -- C:\Program Files\Macrium Reflect\ReflectService.exe -- (ReflectService)
SRV:64bit: - [2010/04/06 00:45:04 | 000,167,936 | ---- | M] (Brio) [Auto | Running] -- C:\Program Files\FolderSize\FolderSizeSvc.exe -- (FolderSize)
SRV:64bit: - [2009/07/29 16:03:40 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/31 10:01:34 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2008/10/31 16:34:08 | 000,337,920 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Auto | Stopped] -- C:\Program Files\UPHClean\uphclean.dll -- (UPHClean)
SRV - [2010/07/06 11:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/24 16:42:56 | 000,386,424 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2009/08/29 18:43:46 | 000,468,992 | ---- | M] (Zeyfman Genady) [Auto | Running] -- C:\Program Files (x86)\Dicter\DicterService.exe -- (DicterUpdateService)
SRV - [2009/06/05 20:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/06/28 16:33:00 | 000,061,008 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010/02/17 14:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 14:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/09/17 01:57:46 | 000,023,536 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms -- (PCDSRVC{F36B3A4C-F95654BD-06000000}_0)
DRV:64bit: - [2009/08/20 20:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/30 02:11:22 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/30 09:37:16 | 000,033,800 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot)
DRV:64bit: - [2009/06/15 10:07:56 | 000,139,616 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 11:10:10 | 001,478,144 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/05/05 06:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/04/28 14:33:42 | 000,067,128 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/04/28 14:33:42 | 000,028,216 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/04/03 10:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2007/04/17 11:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV:64bit: - [2007/04/09 10:09:46 | 000,012,288 | ---- | M] (Waytech Development, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UsbFltr.sys -- (UsbFltr)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.startup.homepage: "http://news.google.com/news?pz=1&ned=us&hl=en&zx=5ukkc7s79dj5&cf=all&q "
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.1.0625
FF - prefs.js..extensions.enabledItems: firedownload@mozilla.org:2.0.1
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.13
FF - prefs.js..extensions.enabledItems: {2e61e246-e640-4c56-b1ed-f146dbed48cd}:0.9
FF - prefs.js..extensions.enabledItems: {3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8}:0.9.6
FF - prefs.js..extensions.enabledItems: ietab@ip.cn:1.92.20100607
FF - prefs.js..extensions.enabledItems: {70171e70-9057-11da-9562-00e08161165f}:1.0
FF - prefs.js..extensions.enabledItems: canitbecheaper@trafficbroker.co.uk:2.4
FF - prefs.js..extensions.enabledItems: nt@tumbledesign.com:0.3
FF - prefs.js..extensions.enabledItems: {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}:2.6.5
FF - prefs.js..extensions.enabledItems: {8620c15f-30dc-4dba-a131-7c5d20cf4a29}:2.0.3
FF - prefs.js..extensions.enabledItems: info@priceblink.com:1.1
FF - prefs.js..extensions.enabledItems: {5C655500-E712-41e7-9349-CE462F844B19}:0.4.5
FF - prefs.js..extensions.enabledItems: quoteurltext@jay.palat:1.0.9b
FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.0.6
FF - prefs.js..extensions.enabledItems: {1ced4832-f06e-413f-aa14-9eb63ad40ace}:1.0.2
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.80
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
FF - prefs.js..extensions.enabledItems: {f2e5baa8-0711-4113-830c-1b3debd6f2a5}:0.2.0
FF - prefs.js..extensions.enabledItems: {5F590AA2-1221-4113-A6F4-A4BB62414FAC}:0.45.6.20100202.1
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2c}:0.6.4
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.9
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: greasefire@skrul.com:1.0.4
FF - prefs.js..extensions.enabledItems: {1dacc1f2-0e39-4c79-8b10-aa2f18025bf3}:1.1
FF - prefs.js..extensions.enabledItems: bookmarks-button@design-noir.de:1.0
FF - prefs.js..extensions.enabledItems: {fce36c1e-58d8-498a-b2a5-66ad1cedebbb}:0.76
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: gaurangnshah@gmail.com:1.3.2
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:4.0.0
FF - prefs.js..extensions.enabledItems: {6614d11d-d21d-b211-ae23-815234e1ebb5}:1.0.21


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/07/25 09:29:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/07/27 19:33:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010/07/21 18:46:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

End of Part 1