Solved Task Scheduler - shows corrupt files

broni · 2012/06/09

I don't think you pasted my script.
Please retry.

AirHead · 2012/06/11

Code in #59
Code:
:reg

I think this is what you are refering to. Am I correct?

AirHead · 2012/06/11

SystemLook 30.07.11 by jpshortstuff
Log created at 15:53 on 11/06/2012 by Ralph K
Administrator - Elevation successful

No Context: Code:

========== reg ==========

[]
Hive unrecognized.

-= EOF =-

broni · 2012/06/11

No, my code is:

:reg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree /s

AirHead · 2012/06/11

Check post #59
I will try the updated script.
Thanks.

AirHead · 2012/06/11

SystemLook 30.07.11 by jpshortstuff
Log created at 16:14 on 11/06/2012 by Ralph K
Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater]
"Id "= "{D97E924F-45E0-4D59-826B-8B3AF1F7AE97} "
"Index "= 0x0000000003 (3)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Clean System Memory]
"Id "= "{5FB2E3BB-0DB0-41F3-833F-D228BE6F622B} "
"Index "= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Event Viewer Tasks]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Event Viewer Tasks\2f2c5506-730c-43d5-9ba3-b2a1abe76d4e]
"Id "= "{3DA82DB9-F34C-4EC5-A7DD-257FF3E832E4} "
"Index "= 0x0000000003 (3)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Event Viewer Tasks\318c32fc-9dd1-40dc-8b7f-4ca9f1121ede]
"Id "= "{E3B88B4D-2F44-4380-953E-3412739D881C} "
"Index "= 0x0000000003 (3)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Event Viewer Tasks\687a8f8a-777a-4c89-b954-8f295b19c004]
"Id "= "{187B92D5-3545-4C6B-A948-E14F1D96EA9C} "
"Index "= 0x0000000003 (3)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FreeFileViewerUpdateChecker]
"Id "= "{4FBDF125-4FAF-41FE-B092-7F28B84BDD2A} "
"Index "= 0x0000000002 (2)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GlaryInitialize]
"Id "= "{48FC9D8E-495B-4EBE-A350-EB26EE15101E} "
"Index "= 0x0000000002 (2)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Google Software Updater]
"Id "= "{95F10892-0761-421C-A7FB-1992BFFF93C1} "
"Index "= 0x0000000003 (3)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore]
"Id "= "{F76A1FCD-3E3E-454B-9A68-F785E86420B8} "
"Index "= 0x0000000002 (2)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA]
"Id "= "{B522E696-3377-419D-849F-3FABF5879774} "
"Index "= 0x0000000003 (3)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-3033927999-2936934246-3914811308-1001Core]
"Id "= "{169F81EC-7E96-4105-B786-3CD8A96CEFBC} "
"Index "= 0x0000000003 (3)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-3033927999-2936934246-3914811308-1001UA]
"Id "= "{C87356B7-198C-4719-9420-78F40FC2DA75} "
"Index "= 0x0000000003 (3)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Microsoft Antimalware]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Microsoft Antimalware\MpIdleTask]
"Id "= "{B5D888D0-C410-47E1-9046-9D1A655DFA50} "
"Index "= 0x0000000003 (3)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Active Directory Rights Management Services Client]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)]
"Id "= "{7D1FF46A-4516-4C0C-80D2-F3194404D773} "
"Index "= 0x0000000002 (2)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)]
"Id "= "{D43C6D59-3609-4B68-BED7-0F5A50795C6B} "
"Index "= 0x0000000002 (2)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Bluetooth]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Bluetooth\UninstallDeviceTask]
"Id "= "{4D7BC85C-5A41-4963-8CDD-6D9D55F757DB} "
"Index "= 0x0000000003 (3)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\CertificateServicesClient]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\CertificateServicesClient\SystemTask]
"Id "= "{7D6040AE-2D30-49F3-9E48-FC8AF6F1AC75} "
"Index "= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\CertificateServicesClient\UserTask]
"Id "= "{792493DE-3878-4323-B44D-F6F0C3562126} "
"Index "= 0x0000000002 (2)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\CertificateServicesClient\UserTask-Roam]
"Id "= "{6C041448-C69A-4D8B-A774-4F3948997407} "
"Index "= 0x0000000003 (3)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Customer Experience Improvement Program]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Customer Experience Improvement Program\Consolidator]
"Id "= "{89194558-47E7-4A9E-B507-6C91CE4E6504} "
"Index "= 0x0000000003 (3)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification]
"Id "= "{A61555D3-7840-45C1-A5A9-0D49851DE37A} "
"Index "= 0x0000000002 (2)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Defrag]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Defrag\ManualDefrag]
"Id "= "{78F63558-0343-47B0-80E5-B16318F1851A} "
"Index "= 0x0000000003 (3)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Defrag\ScheduledDefrag]
"Id "= "{99B9521C-F109-4B7B-BDDF-99CF656525E0} "
"Index "= 0x0000000003 (3)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\DiskDiagnostic]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver]
"Id "= "{CF8D5D5F-D67F-440A-AAA8-6EFB0044A4D5} "
"Index "= 0x0000000002 (2)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ehDRMInit]
"Id "= "{04699375-5AFB-4BAF-9F2A-09D8C0497F4E} "
"Index "= 0x0000000003 (3)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\mcupdate]
"Id "= "{858BD5FB-61C3-4D83-8392-B9855BE4DF1D} "
"Index "= 0x0000000003 (3)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\OCURActivate]
"Id "= "{5936C79A-731F-4716-BE59-35B58194ECE5} "
"Index "= 0x0000000003 (3)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\OCURDiscovery]
"Id "= "{57030356-4699-4E1F-9939-F9D4460CD4DA} "
"Index "= 0x0000000003 (3)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\UpdateRecordPath]
"Id "= "{B0C3FDC1-6390-43BE-927C-2CCE6A3E7B91} "
"Index "= 0x0000000003 (3)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MobilePC]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MobilePC\HotStart]
"Id "= "{48909068-64F9-4B29-8C14-6957F35923C3} "
"Index "= 0x0000000002 (2)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MobilePC\TMM]
"Id "= "{1CC81347-6204-4B83-900C-01E02F50F067} "
"Index "= 0x0000000002 (2)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MUI]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MUI\LPRemove]
"Id "= "{E6FEE240-D7C4-4EC4-84CD-7CCD2F116922} "
"Index "= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Multimedia]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Multimedia\SystemSoundsService]
"Id "= "{77EA1F70-8B2C-4BDA-8E82-3C597D8C7A00} "
"Index "= 0x0000000002 (2)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\NetworkAccessProtection]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI]
"Id "= "{4D426836-3FF6-4914-9858-95E5D2AD7AF3} "
"Index "= 0x0000000002 (2)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\PLA]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\PLA\System]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\PLA\System\{32CB0898-ED1F-417F-AB03-6992ED9532E4}_System Diagnostics]
"Id "= "{BDE08C8F-66B1-4BF1-859A-C5DCF454C0F6} "
"Index "= 0x0000000003 (3)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\RAC]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\RAC\RACAgent]
"Id "= "{44980BEE-7809-44A9-AC24-D6E578A3B7DF} "
"Index "= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\RemoteAssistance]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask]
"Id "= "{0C3AF200-FADC-49E5-880E-DEE192C8B79A} "
"Index "= 0x0000000003 (3)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Shell]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Shell\CrawlStartPages]
"Id "= "{3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} "
"Index "= 0x0000000003 (3)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\AutoWake]
"Id "= "{C6CBFEC8-EF47-4B48-9718-3A4170F99600} "
"Index "= 0x0000000002 (2)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\GadgetManager]
"Id "= "{6B91DF4F-7E1F-4AE8-820A-2FB331567D67} "
"Index "= 0x0000000002 (2)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\SessionAgent]
"Id "= "{74D1CC51-F3BA-47F2-A5B0-2D669FA07C6F} "
"Index "= 0x0000000002 (2)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\SystemDataProviders]
"Id "= "{3BB5D87B-C851-4325-97B6-95E4EA1CBC61} "
"Index "= 0x0000000002 (2)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SystemRestore]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SystemRestore\SR]
"Id "= "{A1868F64-ED08-49A9-9F86-F62ED855AFFD} "
"Index "= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Tcpip]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Tcpip\IpAddressConflict1]
"Id "= "{F8D6E476-24FE-4649-A4D7-985706B29128} "
"Index "= 0x0000000003 (3)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Tcpip\IpAddressConflict2]
"Id "= "{2FDBDC47-7148-49DB-9D32-32E6A003C996} "
"Index "= 0x0000000003 (3)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Tcpip\WSHReset]
"Id "= "{6BF36FA0-F516-4EBF-B79E-63570FC86FE2} "
"Index "= 0x0000000003 (3)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TextServicesFramework]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TextServicesFramework\MsCtfMonitor]
"Id "= "{DCF8CA49-10FE-40EA-A5B8-504B864BC698} "
"Index "= 0x0000000002 (2)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UPnP]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UPnP\UPnPHostConfig]
"Id "= "{F55F85D3-8FDE-479E-82E0-A9BB339AA8E2} "
"Index "= 0x0000000003 (3)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WDI]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WDI\ResolutionHost]
"Id "= "{3CD7BF6C-F120-476E-AF84-851D43BDDEEE} "
"Index "= 0x0000000003 (3)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Error Reporting]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Error Reporting\QueueReporting]
"Id "= "{11893D5E-54A0-4C6B-AB0D-D9FA527334A9} "
"Index "= 0x0000000002 (2)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsCalendar]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Wired]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Wired\GatherWiredInfo]
"Id "= "{561375CB-FF5A-417B-B297-BA73DE149581} "
"Index "= 0x0000000003 (3)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Wireless]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Wireless\GatherWirelessInfo]
"Id "= "{E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} "
"Index "= 0x0000000003 (3)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Defender]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Defender\MP Scheduled Scan]
"Id "= "{ACF6F5A9-53B1-4D63-9C13-B5A509D329D7} "
"Index "= 0x0000000003 (3)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Live]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Live\SOXE]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task]
"Id "= "{F50DD3FF-0844-4102-9805-4766261D7F25} "
"Index "= 0x0000000002 (2)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC-Doctor]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC-Doctor\Scheduled Maintanence]
"Id "= "{77872D17-72CF-456E-ACD7-39621CAE319D} "
"Index "= 0x0000000003 (3)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealUpgradeLogonTaskS-1-5-21-3033927999-2936934246-3914811308-1001]
"Id "= "{DB98DD95-9B4E-4705-A0A3-24CE0C67AA9F} "
"Index "= 0x0000000002 (2)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealUpgradeScheduledTaskS-1-5-21-3033927999-2936934246-3914811308-1001]
"Id "= "{1F9455FA-B028-4F3B-8F46-621063EF9DCF} "
"Index "= 0x0000000003 (3)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RecoveryCD]
"Id "= "{C528ABB6-3A1B-4EE7-A3CD-A824100E6F7F} "
"Index "= 0x0000000003 (3)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RNUpgradeHelperResumePrompt_Ralph K]
"Id "= "{476A49AC-9CD6-4599-94CD-CAE4CF049DE9} "
"Index "= 0x0000000003 (3)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartDefrag_Startup]
"Id "= "{80C88AA5-E972-4178-B6E1-D03FCE9AC3AC} "
"Index "= 0x0000000002 (2)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\User_Feed_Synchronization-{D9195C88-F0F1-4A82-B6B5-ECDF7DC8285C}]
"Id "= "{8199C620-A8EC-43FF-8C51-E98FE9ECBB22} "
"Index "= 0x0000000003 (3)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-3033927999-2936934246-3914811308-1001]
"Id "= "{FCE29570-F428-4FCD-9C52-4719F1A30279} "
"Index "= 0x0000000003 (3)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-3033927999-2936934246-3914811308-1002]
"Id "= "{B37F2323-25BC-4C0A-95EB-E5F4573E2AC8} "
"Index "= 0x0000000003 (3)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{089F6DE4-2C54-486B-8AE9-2E7E20985023}]
"Id "= "{0686F1D9-63AB-42A3-B1DF-F9335356EEED} "
"Index "= 0x0000000003 (3)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0E40A113-541C-4097-9B3B-5D44DB6A2FC1}]
"Id "= "{E7384685-582E-4095-B864-B5DDDC635F82} "
"Index "= 0x0000000003 (3)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1064C1AF-1472-4DD5-8ACF-CBBFD9032427}]
"Id "= "{0C44EA1C-E582-4E55-9AC4-1F6BA934AB82} "
"Index "= 0x0000000003 (3)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1A16E213-1815-402C-988C-E60B8EBEAEE0}]
"Id "= "{F9CAF565-B7AB-429A-976B-6536663C4A3E} "
"Index "= 0x0000000003 (3)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{237038E1-728B-482D-82E0-08C7BE1A317D}]
"Id "= "{857AC994-8478-418F-A36A-15BA0CDCC313} "
"Index "= 0x0000000003 (3)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{255E2384-A0A3-442A-BC5C-CB75073E3E9D}]
"Id "= "{409BA92B-8711-411E-8B81-6AB52845F4A8} "
"Index "= 0x0000000003 (3)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{30FBFE4D-112D-4C71-AB50-F9A567B83AEF}]
"Id "= "{4880CEBD-F1E0-445C-886C-C661AA731642} "
"Index "= 0x0000000003 (3)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3E2673DA-6790-43C1-BD80-5D7289534901}]
"Id "= "{AE6A6CD0-779E-4043-BA23-6196BDE26D3A} "
"Index "= 0x0000000003 (3)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4A67EBBC-86D8-4473-9F42-81BA2F6EB608}]
"Id "= "{1A48F760-9924-43B9-8FFB-0163B1319A57} "
"Index "= 0x0000000003 (3)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8176BADB-243B-46DB-A878-462CA992EF7C}]
"Id "= "{618BAFC6-50B5-44A4-A291-426C4F95FF83} "
"Index "= 0x0000000003 (3)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DA0AF817-965E-4124-B8E8-DD2B66FAF0E3}]
"Id "= "{FF6DD591-26D7-484E-9BCB-AA23ABFA825E} "
"Index "= 0x0000000003 (3)

-= EOF =-

broni · 2012/06/11

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL

:Services

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Event Viewer Tasks\2f2c5506-730c-43d5-9ba3-b2a1abe76d4e]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Event Viewer Tasks\318c32fc-9dd1-40dc-8b7f-4ca9f1121ede]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Event Viewer Tasks\687a8f8a-777a-4c89-b954-8f295b19c004]

:Files

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply. Only one log will be created.
Let me know if the issue is still present.

AirHead · 2012/06/13

6/13/2012
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Event Viewer Tasks\687a8f8a-777a-4c89-b954-8f295b19c004\ scheduled to be deleted on reboot.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: IUSR_NMPR
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Ralph
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Ralph K
->Temp folder emptied: 11476720 bytes
->Temporary Internet Files folder emptied: 45319887 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 11405 bytes

User: Ralph.D4996T
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 27771457 bytes
RecycleBin emptied: 50809 bytes

Total Files Cleaned = 81.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: IUSR_NMPR

User: Public

User: Ralph

User: Ralph K
->Java cache emptied: 0 bytes

User: Ralph.D4996T

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: IUSR_NMPR

User: Public

User: Ralph
->Flash cache emptied: 0 bytes

User: Ralph K
->Flash cache emptied: 0 bytes

User: Ralph.D4996T

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.46.0 log created on 06132012_105744

AirHead · 2012/06/13

OTL logfile created on: 6/13/2012 11:14:54 AM - Run 2
OTL by OldTimer - Version 3.2.46.0 Folder = C:\Users\Ralph K\Desktop\WinBBS\Progs
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.81 Gb Available Physical Memory | 60.24% Memory free
7.41 Gb Paging File | 6.23 Gb Available in Paging File | 84.10% Paging File free
Paging file location(s): c:\pagefile.sys 4605 5000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 689.22 Gb Total Space | 537.20 Gb Free Space | 77.94% Space Free | Partition Type: NTFS
Drive D: | 9.41 Gb Total Space | 0.32 Gb Free Space | 3.44% Space Free | Partition Type: NTFS
Drive M: | 298.08 Gb Total Space | 22.35 Gb Free Space | 7.50% Space Free | Partition Type: NTFS
Drive N: | 232.88 Gb Total Space | 218.66 Gb Free Space | 93.89% Space Free | Partition Type: NTFS
Drive O: | 298.09 Gb Total Space | 297.42 Gb Free Space | 99.77% Space Free | Partition Type: NTFS

Computer Name: D4996T | User Name: Ralph K | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/04 09:36:52 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ralph K\Desktop\WinBBS\Progs\OTL.exe
PRC - [2012/05/04 11:49:15 | 000,351,904 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
PRC - [2012/03/06 17:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012/03/06 17:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/12/22 05:31:08 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/06/02 18:50:34 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/30 10:35:20 | 000,425,984 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2007/08/29 10:55:54 | 001,347,584 | ---- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
PRC - [2007/04/18 08:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/02/15 04:59:00 | 000,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
PRC - [2006/09/03 11:32:28 | 000,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
PRC - [2003/04/09 17:42:06 | 000,147,456 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hposol08.exe

========== Modules (No Company Name) ==========

MOD - [2009/03/26 14:46:42 | 000,148,480 | ---- | M] () -- C:\WINDOWS\System32\APOMngr.DLL
MOD - [2009/03/17 03:39:46 | 000,148,992 | ---- | M] () -- C:\WINDOWS\System32\OemSpiE.dll
MOD - [2009/02/06 18:52:24 | 000,073,728 | ---- | M] () -- C:\WINDOWS\System32\CmdRtr.DLL

========== Win32 Services (SafeList) ==========

SRV - [2012/05/04 11:49:16 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/10 21:26:22 | 000,452,512 | ---- | M] (Kingsoft Corporation) [Auto | Stopped] -- C:\Program Files\Kingsoft\PCDoctor\KSafeSvc.exe -- (KSafeSvc)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/03/06 17:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/12/22 05:31:08 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011/11/16 07:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\System32\lsass.exe -- (Netlogon)
SRV - [2011/09/27 09:01:42 | 000,194,104 | ---- | M] (Google) [Disabled | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2010/12/08 13:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2010/11/08 12:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/09/22 16:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/06/25 10:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/04/21 10:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/04/21 10:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/10/09 14:56:18 | 001,181,696 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\System32\WsmSvc.dll -- (WinRM)
SRV - [2009/09/30 18:01:54 | 000,081,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\System32\wpdbusenum.dll -- (WPDBusEnum)
SRV - [2009/09/25 10:56:23 | 000,133,104 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdatem) Google Update Service (gupdatem)
SRV - [2009/09/25 10:56:23 | 000,133,104 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/08/04 09:43:13 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/04/10 23:28:25 | 000,199,680 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\System32\WebClnt.dll -- (WebClient)
SRV - [2009/04/10 23:28:25 | 000,140,288 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\System32\wpcsvc.dll -- (WPCSvc)
SRV - [2009/04/10 23:28:24 | 000,107,008 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\System32\regsvc.dll -- (RemoteRegistry)
SRV - [2009/04/10 23:28:24 | 000,095,232 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\System32\SCardSvr.dll -- (SCardSvr)
SRV - [2009/04/10 23:28:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\System32\certprop.dll -- (SCPolicySvc)
SRV - [2009/04/10 23:28:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\System32\certprop.dll -- (CertPropSvc)
SRV - [2009/04/10 23:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/03/29 21:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/18 11:38:43 | 000,129,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/10/16 20:12:28 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [Disabled | Stopped] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008/10/09 07:56:48 | 000,094,208 | ---- | M] (Hewlett-Packard) [Disabled | Stopped] -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe -- (HP Health Check Service)
SRV - [2008/08/08 21:10:46 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/06/02 18:50:34 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/04/30 10:35:20 | 000,425,984 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 00:34:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\System32\mprdim.dll -- (RemoteAccess)
SRV - [2008/01/19 00:34:44 | 000,053,760 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\System32\Mcx2Svc.dll -- (Mcx2Svc)
SRV - [2007/05/31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/05/11 12:15:20 | 000,887,544 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- c:\Program Files\Common Files\Roxio Shared\9.0\SharedCom\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2007/05/03 14:31:12 | 000,074,656 | ---- | M] (MicroVision Development, Inc.) [Disabled | Stopped] -- c:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2006/11/02 02:45:46 | 000,012,800 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\System32\snmptrap.exe -- (SNMPTRAP)
SRV - [2006/09/11 17:02:44 | 000,544,256 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel(R)
SRV - [2006/09/11 17:01:04 | 000,167,936 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel(R)
SRV - [2006/09/11 16:56:32 | 000,075,264 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe -- (ISSM) Intel(R)
SRV - [2006/09/11 16:56:20 | 000,188,416 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel(R)
SRV - [2006/09/03 11:32:28 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2006/09/01 00:47:56 | 000,026,624 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel(R) Viiv(TM)
SRV - [2006/05/10 10:13:52 | 000,029,696 | R--- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe -- (IntelDHSvcConf)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NTIDrvr)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/03/06 17:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 17:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 17:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/03/06 17:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 17:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/03/06 17:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/10/20 19:33:50 | 000,111,008 | ---- | M] (Kingsoft Corporation) [Kernel | System | Running] -- C:\Program Files\Kingsoft\PCDoctor\kmodurl.sys -- (kmodurl)
DRV - [2011/10/20 09:11:18 | 000,024,984 | ---- | M] (Kingsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\BC.sys -- (BC)
DRV - [2011/05/03 00:43:00 | 010,525,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/02/23 16:52:34 | 000,016,184 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/12/08 13:12:02 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/09/17 15:40:06 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/09/17 15:40:06 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010/07/07 07:05:32 | 000,014,904 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/06/25 10:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\npf.sys -- (NPF)
DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/29 18:53:36 | 000,025,416 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\UnHooker.sys -- (UnHooker)
DRV - [2009/05/24 07:36:42 | 000,501,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\netr73.sys -- (netr73)
DRV - [2009/05/06 02:35:16 | 000,413,208 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\t3.sys -- (t3)
DRV - [2009/04/10 21:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\winusb.sys -- (WINUSB)
DRV - [2009/04/10 21:13:59 | 000,226,816 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (udfs)
DRV - [2009/03/18 16:35:40 | 000,026,176 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/02/27 14:22:31 | 000,085,969 | ---- | M] (GMER) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\gmer.sys -- (gmer)
DRV - [2008/02/12 07:27:34 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWBS3.sys -- (HSXHWBS3)
DRV - [2008/02/12 07:25:22 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/02/09 01:33:58 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NANMp50.sys -- (NANMp50)
DRV - [2008/01/18 22:49:16 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\sermouse.sys -- (sermouse)
DRV - [2008/01/15 00:56:30 | 000,218,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2008/01/08 21:13:42 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\sffdisk.sys -- (sffdisk)
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/09/07 06:36:08 | 000,156,928 | ---- | M] (ViXS Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\xcbda.sys -- (xcbdaNtsc) ViXS Tuner Card (NTSC)
DRV - [2007/07/03 17:59:10 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM)
DRV - [2007/07/03 17:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 17:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 17:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2006/11/02 02:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 02:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 02:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 02:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 02:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\iaStorV.sys -- (iaStorV)
DRV - [2006/11/02 02:51:12 | 000,167,528 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (pcmcia)
DRV - [2006/11/02 02:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 02:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 02:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 02:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 02:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 02:50:24 | 000,047,208 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\isapnp.sys -- (isapnp)
DRV - [2006/11/02 02:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 02:50:17 | 000,080,488 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\msdsm.sys -- (msdsm)
DRV - [2006/11/02 02:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 02:50:16 | 000,078,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\mpio.sys -- (mpio)
DRV - [2006/11/02 02:50:16 | 000,076,392 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\sbp2port.sys -- (sbp2port)
DRV - [2006/11/02 02:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 02:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 02:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 02:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 02:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 02:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\HpCISSs.sys -- (HpCISSs)
DRV - [2006/11/02 02:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 02:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 02:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 02:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 02:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 02:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 02:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 02:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\Mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 02:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 02:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 02:49:49 | 000,027,752 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\i2omp.sys -- (i2omp)
DRV - [2006/11/02 02:49:44 | 000,023,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\msahci.sys -- (msahci)
DRV - [2006/11/02 02:49:38 | 000,019,560 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\wd.sys -- (Wd)
DRV - [2006/11/02 02:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\atapi.sys -- (atapi)
DRV - [2006/11/02 02:49:32 | 000,018,280 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\compbatt.sys -- (Compbatt)
DRV - [2006/11/02 02:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 02:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 02:49:26 | 000,015,464 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\amdide.sys -- (amdide)
DRV - [2006/11/02 02:49:24 | 000,014,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\intelide.sys -- (intelide)
DRV - [2006/11/02 02:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 02:49:20 | 000,013,416 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pciide.sys -- (pciide)
DRV - [2006/11/02 02:03:00 | 000,242,688 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2006/11/02 01:55:23 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\bthmodem.sys -- (BTHMODEM)
DRV - [2006/11/02 01:55:22 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\hidbth.sys -- (HidBth)
DRV - [2006/11/02 01:55:09 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\usbcir.sys -- (usbcir) eHome Infrared Receiver (USBCIR)
DRV - [2006/11/02 01:55:08 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\circlass.sys -- (circlass)
DRV - [2006/11/02 01:55:05 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\usbohci.sys -- (usbohci)
DRV - [2006/11/02 01:55:01 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\hidir.sys -- (HidIr)
DRV - [2006/11/02 01:52:52 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\wacompen.sys -- (WacomPen)
DRV - [2006/11/02 01:51:40 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\sfloppy.sys -- (sfloppy)
DRV - [2006/11/02 01:51:30 | 000,079,360 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\parport.sys -- (Parport)
DRV - [2006/11/02 01:42:03 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\IPMIDrv.sys -- (IPMIDRV)
DRV - [2006/11/02 01:35:03 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\wmiacpi.sys -- (WmiAcpi)
DRV - [2006/11/02 01:30:19 | 000,039,424 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\viac7.sys -- (ViaC7)
DRV - [2006/11/02 01:30:18 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\amdk8.sys -- (AmdK8)
DRV - [2006/11/02 01:30:18 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\crusoe.sys -- (Crusoe)
DRV - [2006/11/02 01:30:18 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\amdk7.sys -- (AmdK7)
DRV - [2006/11/02 01:30:18 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\processr.sys -- (Processor)
DRV - [2006/11/02 01:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\BrSerId.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 01:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2006/11/02 01:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 00:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2004/10/26 11:22:50 | 000,002,410 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys -- (FreshIO)
DRV - [2004/01/07 17:04:00 | 000,339,488 | ---- | M] (Cisco-Linksys, LLC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\WUSB20XP.sys -- (PRISM_A02)
DRV - [1999/11/05 18:43:24 | 000,036,404 | ---- | M] (Marimba, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\MrtRate.sys -- (mrtRate)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{1AB3D48B-E892-4DE3-A414-9726C08733F0}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
IE - HKLM\..\SearchScopes\{39BB5702-D67C-4471-8FF4-EA923122CD51}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=HVDUS7
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{72D6681A-19CF-46F4-801F-5C6DF08E3E47}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {39BB5702-D67C-4471-8FF4-EA923122CD51}
IE - HKCU\..\SearchScopes\{0FE7A14A-89C4-4B63-9F9C-8D96B8D2BDA1}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKCU\..\SearchScopes\{15DB604C-42C9-4263-9270-39E7E2004DD9}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{C7F25885-F780-4CE5-A45D-13472E07B632}: "URL" = http://search.microsoft.com/results.aspx?mkt=en-US&setlang=en-US&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: M:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ralph K\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ralph K\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/02/03 19:00:33 | 000,000,000 | ---D | M]

[2009/10/12 09:48:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ralph K\AppData\Roaming\Mozilla\Firefox\extensions
[2009/10/12 09:48:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ralph K\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

========== Chrome ==========

CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?q={searchTerms}&hl=en&SelfSearch=1&SearchSource=49&ctid=CT3106518
CHR - default_search_provider: suggest_url = http://search.conduit.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ralph K\AppData\Local\Google\Chrome\Application\17.0.963.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ralph K\AppData\Local\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ralph K\AppData\Local\Google\Chrome\Application\17.0.963.79\pdf.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.71\npGoogleUpdate3.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: Picasa (Enabled) = M:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [KSafeTray] C:\Program files\Kingsoft\PCDoctor\KSafeTray.exe (Kingsoft Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [SPIRunE] C:\Windows\System32\SpiRunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
O4 - HKLM..\RunOnce: [OTL] C:\Users\Ralph K\Desktop\WinBBS\Progs\OTL.exe (OldTimer Tools)
O4 - Startup: C:\Users\Ralph K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()
O4 - Startup: C:\Users\Ralph K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WinCal.exe - Shortcut.lnk = C:\Program Files\Windows Calendar\WinCal.exe (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutorun = 12
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.4.0)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.180.42.100 66.76.175.100 208.180.42.68
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5433C2B3-9893-4A8F-8B4A-F5087E98232F}: DhcpNameServer = 208.180.42.100 66.76.175.100 208.180.42.68
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/08 21:56:43 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/06/09 13:03:55 | 000,000,000 | ---D | M] - C:\Autoruns -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/13 10:23:49 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/06/13 10:23:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/06/13 10:23:48 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/06/13 10:23:47 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/06/13 10:23:47 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/06/13 10:23:47 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/06/13 10:23:46 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/06/13 10:20:44 | 002,045,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/06/09 11:17:59 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Journal
[2012/06/09 11:17:58 | 000,000,000 | RH-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
[2012/06/08 15:02:19 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/06/07 09:56:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/06 09:34:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/06/06 09:33:45 | 000,772,552 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/06/06 09:33:45 | 000,227,784 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/06/04 09:16:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Safe
[2012/06/02 14:20:10 | 000,000,000 | ---D | C] -- C:\Users\Ralph K\AppData\Local\temp
[2012/06/02 13:52:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/28 11:29:13 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/05/28 11:29:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/24 10:44:50 | 000,731,000 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Program Files\autoruns.exe
[2010/11/24 10:44:46 | 000,595,832 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Program Files\autorunsc.exe

========== Files - Modified Within 30 Days ==========

[2012/06/13 11:14:18 | 000,048,317 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/06/13 11:09:32 | 000,723,374 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/13 11:09:32 | 000,147,220 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/13 11:03:21 | 000,003,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/13 11:03:21 | 000,003,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/13 11:03:08 | 000,048,317 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/06/13 11:03:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/13 11:02:20 | 3220,480,000 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/13 10:38:11 | 000,495,248 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/13 08:03:33 | 000,002,585 | ---- | M] () -- C:\Users\Ralph K\Desktop\Microsoft Office Excel 2007.lnk
[2012/06/09 14:25:49 | 000,002,627 | ---- | M] () -- C:\Users\Ralph K\Desktop\Microsoft Office Word 2007.lnk
[2012/06/09 11:21:15 | 000,001,714 | ---- | M] () -- C:\Users\Ralph K\Application Data\Microsoft\Internet Explorer\Quick Launch\Snipping Tool.lnk
[2012/06/07 13:18:15 | 000,003,656 | -HS- | M] () -- C:\Users\Ralph K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2
[2012/06/06 15:38:09 | 000,002,559 | ---- | M] () -- C:\Users\Ralph K\Desktop\Microsoft Office OneNote 2007.lnk
[2012/06/06 09:33:07 | 000,227,784 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/06/06 09:33:07 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/06/06 09:33:06 | 000,772,552 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/06/06 09:33:06 | 000,687,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012/06/06 09:33:06 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/06/04 09:16:37 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/06/04 09:16:30 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/06/01 08:23:59 | 000,000,978 | ---- | M] () -- C:\Users\Public\Desktop\Kingsoft PC Doctor.lnk
[2012/05/31 09:27:19 | 000,000,986 | ---- | M] () -- C:\Users\Ralph K\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/05/31 09:27:10 | 000,002,633 | ---- | M] () -- C:\Users\Ralph K\Desktop\Outlook 2007.lnk
[2012/05/28 13:07:03 | 000,000,958 | ---- | M] () -- C:\Users\Ralph K\Desktop\mbam.lnk
[2012/05/26 13:20:32 | 000,032,546 | ---- | M] () -- C:\Users\Ralph K\Documents\cc_20120526_132023.reg
[2012/05/26 12:35:55 | 000,000,852 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/05/18 16:07:49 | 000,001,935 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/05/17 15:45:37 | 001,800,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/05/17 15:35:39 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/05/17 15:33:08 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/05/17 15:31:16 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/05/17 15:29:45 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/05/17 15:24:45 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/05/17 15:20:42 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/05/17 08:08:07 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/15 12:51:08 | 002,045,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

========== Files Created - No Company Name ==========

[2012/06/09 11:21:15 | 000,001,714 | ---- | C] () -- C:\Users\Ralph K\Application Data\Microsoft\Internet Explorer\Quick Launch\Snipping Tool.lnk
[2012/06/07 13:29:46 | 3220,480,000 | -HS- | C] () -- C:\hiberfil.sys
[2012/06/07 13:18:15 | 000,005,096 | -HS- | C] () -- C:\Users\Ralph K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneNote Table Of Contents.onetoc2
[2012/06/07 13:18:15 | 000,003,656 | -HS- | C] () -- C:\Users\Ralph K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2
[2012/05/26 13:20:27 | 000,032,546 | ---- | C] () -- C:\Users\Ralph K\Documents\cc_20120526_132023.reg
[2011/10/19 15:21:18 | 000,029,520 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe
[2011/10/19 15:21:18 | 000,016,184 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2011/09/24 09:26:35 | 000,000,000 | ---- | C] () -- C:\Users\Ralph K\AppData\Local\{E23ACA73-7BAE-4857-9901-3A1FC487895C}
[2011/08/16 12:59:13 | 000,000,001 | ---- | C] () -- C:\Users\Ralph K\AppData\Local\llftool.4.05.agreement
[2011/07/06 12:47:53 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2011/01/13 09:38:49 | 000,000,151 | ---- | C] () -- C:\Windows\PhotoSnapViewer.INI
[2010/11/20 10:48:41 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/08/31 17:50:52 | 000,149,199 | ---- | C] () -- C:\Windows\hpwins05.dat
[2010/08/07 15:11:47 | 000,016,050 | ---- | C] () -- C:\Windows\hpwscr05.dat
[2010/06/25 10:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll

========== Files - Unicode (All) ==========
[2012/04/23 09:06:38 | 000,000,869 | ---- | M] ()(C:\Users\Ralph K\Application Data\Microsoft\Internet Explorer\Quick Launch\?? Internet Explorer ???.lnk) -- C:\Users\Ralph K\Application Data\Microsoft\Internet Explorer\Quick Launch\启动 Internet Explorer 浏览器.lnk
[2011/11/23 10:51:44 | 000,000,869 | ---- | C] ()(C:\Users\Ralph K\Application Data\Microsoft\Internet Explorer\Quick Launch\?? Internet Explorer ???.lnk) -- C:\Users\Ralph K\Application Data\Microsoft\Internet Explorer\Quick Launch\启动 Internet Explorer 浏览器.lnk
[2011/06/11 14:42:32 | 000,000,000 | ---D | M](C:\Users\Ralph K\AppData\Roaming\???????sAppData) -- C:\Users\Ralph K\AppData\Roaming\敎潲䍄敔灭慬整sAppData
(C:\Users\Ralph K\AppData\Roaming\???????sAppData) -- C:\Users\Ralph K\AppData\Roaming\敎潲䍄敔灭慬整sAppData

< End of report >

broni · 2012/06/13

Let me know if the issue is still present.
Click to expand...

.....

AirHead · 2012/06/13

Hi Broni,
All 5 items still show when task scheduler starts.
Sorry.

broni · 2012/06/13

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Event Viewer Tasks\2f2c5506-730c-43d5-9ba3-b2a1abe76d4e]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Event Viewer Tasks\318c32fc-9dd1-40dc-8b7f-4ca9f1121ede]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Event Viewer Tasks\687a8f8a-777a-4c89-b954-8f295b19c004]


ClearJavaCache::
3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

AirHead · 2012/06/15

Hi Broni.
Your Code in #72 only contains 3 of the 5 items. (No 32CBO898... & mcupdate)
During CF run, at stage 9 get message that PEV.EXE failed to run, checking online etc.
about 3 min later stage !0 poped up and CF continued to continue to completion.
I checked task scheduler and the 3 items in your code NO longer appear. Should I add the text and run CF again?
First CF log follows.

ComboFix 12-06-15.03 - Ralph K 06/15/2012 10:53:16.1.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1766 [GMT -7:00]
Running from: C:\Users\Ralph K\Desktop\WinBBS\Progs\ComboFix.exe
Command switches used :: C:\Users\Ralph K\Desktop\WinBBS\Progs\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

I deleted MS Security Essentials as you suggested, Why does it still show up?

broni · 2012/06/15

That's some registry leftover.
We can fix it with Combofix.

Combofix log is incomplete.
Redo.

AirHead · 2012/06/16

Apparently CF did not complete last run because of PEV.EXE error. Error did not show up this run.

ComboFix 12-06-15.06 - Ralph K 06/16/2012 14:10:34.2.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1976 [GMT -7:00]
Running from: c:\users\Ralph K\Desktop\WinBBS\Progs\ComboFix.exe
Command switches used :: c:\users\Ralph K\Desktop\WinBBS\Progs\CFScript.Txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Safe
.
---- Previous Run -------
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\hpoddt01.exe.lnk
c:\programdata\Safe
c:\programdata\Safe\TFR6891.tmp
c:\windows\msvrc20.dll
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\winhelp.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-05-16 to 2012-06-16 )))))))))))))))))))))))))))))))
.
.
2012-06-16 21:28 . 2012-06-16 21:32 -------- d-----w- c:\users\Ralph K\AppData\Local\temp
2012-06-16 21:28 . 2012-06-16 21:28 -------- d-----w- c:\users\Ralph\AppData\Local\temp
2012-06-16 21:28 . 2012-06-16 21:28 -------- d-----w- c:\users\Ralph.D4996T\AppData\Local\temp
2012-06-16 21:28 . 2012-06-16 21:28 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2012-06-16 21:28 . 2012-06-16 21:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-13 17:20 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 17:20 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 17:20 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 17:20 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 17:20 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 18:17 . 2012-06-09 18:17 -------- d-----w- c:\program files\Windows Journal
2012-06-08 22:02 . 2012-06-08 22:02 -------- d-----w- c:\program files\ESET
2012-06-07 16:56 . 2012-06-07 16:56 -------- d-----w- C:\_OTL
2012-06-06 16:34 . 2012-06-06 16:34 -------- d-----w- c:\program files\Common Files\Java
2012-06-06 16:33 . 2012-06-06 16:33 772552 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-02 21:20 . 2012-06-02 21:20 -------- d-----w- c:\users\Ralph.D4996T\AppData\Local\Temp(1550)
2012-05-31 15:54 . 2012-05-08 16:40 6737808 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{69B357E4-1669-48F2-8529-70BB6C7DD9A4}\mpengine.dll
2012-05-28 18:29 . 2012-05-28 22:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-28 18:29 . 2012-04-04 22:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-22 20:30 . 2012-05-08 16:40 6737808 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-06 16:33 . 2010-05-05 19:33 687560 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-04 18:49 . 2012-03-30 16:07 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-04 18:49 . 2011-05-14 18:07 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-03 08:16 . 2012-05-09 14:46 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16 . 2012-05-09 14:46 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 12:39 . 2012-05-09 14:45 914304 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-29 13:39 . 2012-05-09 14:45 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-03-21 03:44 . 2010-10-25 04:25 74112 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 03:44 . 2010-10-25 04:25 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-20 23:28 . 2012-05-09 14:46 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2011-08-08 17:08 . 2010-11-24 17:44 731000 ----a-w- c:\program files\autoruns.exe
2011-08-08 17:08 . 2010-11-24 17:44 595832 ----a-w- c:\program files\autorunsc.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@= "{472083B0-C522-11CF-8763-00608CC02F24} "
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather "= "c:\program files\AWS\WeatherBug\Weather.exe" [2007-08-29 1347584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VolPanel "= "c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-04-17 184320]
"SPIRunE "= "SPIRunE.dll" [2007-05-09 18432]
"SunJavaUpdateReg "= "c:\windows\system32\jureg.exe" [2007-04-07 54936]
"KBD "= "c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"hpsysdrv "= "c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"OsdMaestro "= "c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"Intuit SyncManager "= "c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-06-15 1532760]
"avast "= "c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-03-07 4241512]
"KSafeTray "= "c:\program files\Kingsoft\PCDoctor\KSafeTray.exe" [2012-04-11 1308064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher "= "c:\windows\SMINST\launcher.exe" [2007-04-03 44168]
.
c:\users\Ralph.D4996T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Windows Calendar.lnk - c:\program files\Windows Calendar\WinCal.exe [2009-6-7 967680]
.
c:\users\Ralph K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote Table Of Contents.onetoc2 [2012-6-7 3656]
WinCal.exe - Shortcut.lnk - c:\program files\Windows Calendar\WinCal.exe [2009-6-7 967680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
officejet 6100.lnk - c:\program files\HP\Digital Imaging\bin\hposol08.exe [2003-4-9 147456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@= "Service "
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Lotus SuiteStart 97.lnk]
backup=c:\windows\pss\Lotus SuiteStart 97.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk]
backup=c:\windows\pss\Snapfish Media Detector.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 17:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPMVTray]
2007-02-15 16:58 964248 ----a-w- c:\program files\Hewlett-Packard\HP Media Vault\Utilities\HPMVTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2010-09-17 22:40 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-05-28 15:27 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-01-15 18:26 4874240 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-05-23 15:00 2424192 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"HP Health Check Scheduler "=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"TkBellExe "= "c:\program files\Real\realplayer\update\realsched.exe" -osboot
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride "=dword:00000001
"AntiSpywareOverride "=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 18:49]
.
2012-01-09 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2011-07-27 22:24]
.
2012-01-09 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-07-06 20:08]
.
2012-01-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-03 16:01]
.
2012-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-25 17:56]
.
2012-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-25 17:56]
.
2012-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033927999-2936934246-3914811308-1001Core.job
- c:\users\Ralph K\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-20 21:19]
.
2012-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033927999-2936934246-3914811308-1001UA.job
- c:\users\Ralph K\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-20 21:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.foxnews.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
"MSCurrentCountry "=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4084)
c:\windows\system32\NetworkExplorer.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Kingsoft\PCDoctor\KSafeSvc.exe
c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Windows Media Player\wmpnscfg.exe
.
**************************************************************************
.
Completion time: 2012-06-16 14:41:47 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-16 21:41
ComboFix2.txt 2012-06-02 21:20
.
Pre-Run: 576,542,855,168 bytes free
Post-Run: 576,315,990,016 bytes free
.
- - End Of File - - F513FFFED841DA62611D0B5B1C16E5D1

broni · 2012/06/16

How are things now?

AirHead · 2012/06/20

Hi Broni,
I know you are busy. Should I just reinstall the OS. That would take the pressure off you.
Let me know, what you want me to do.
R.

broni · 2012/06/20

I'm not sure what to tell you since you didn't answer my question.

AirHead · 2012/06/21

I'm Sorry, I did not see your post #76. page changed from 5 to 6 and I did not notice it.
TM still shows the two files as corrupt. Also now I cannot activate the mail shield in Avast.
Havent had time to check it out yet.
Do you think I had an infection or is this just a random snafu?

broni · 2012/06/21

I don't think you have to worry about any infection. Your computer is clean.

Can you post CSLID of those two remaining files?
I'm talking about those alphanumeric characters like {3DA82DB9-F34C-4EC5-A7DD-257FF3E832E4} (<----this is just an example).
Make sure you don't create any typo. Check it twice.

Log in or Sign up

Solved Task Scheduler - shows corrupt files

broni Moderator Malware Analyst

AirHead Well-Known Member Thread Starter

AirHead Well-Known Member Thread Starter

broni Moderator Malware Analyst

AirHead Well-Known Member Thread Starter

AirHead Well-Known Member Thread Starter

broni Moderator Malware Analyst

AirHead Well-Known Member Thread Starter

AirHead Well-Known Member Thread Starter

broni Moderator Malware Analyst

AirHead Well-Known Member Thread Starter

broni Moderator Malware Analyst

AirHead Well-Known Member Thread Starter

broni Moderator Malware Analyst

AirHead Well-Known Member Thread Starter

broni Moderator Malware Analyst

AirHead Well-Known Member Thread Starter

broni Moderator Malware Analyst

AirHead Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Task Scheduler - shows corrupt files

broni Moderator Malware Analyst

AirHead Well-Known Member Thread Starter

AirHead Well-Known Member Thread Starter

broni Moderator Malware Analyst

AirHead Well-Known Member Thread Starter

AirHead Well-Known Member Thread Starter

broni Moderator Malware Analyst

AirHead Well-Known Member Thread Starter

AirHead Well-Known Member Thread Starter

broni Moderator Malware Analyst

AirHead Well-Known Member Thread Starter

broni Moderator Malware Analyst

AirHead Well-Known Member Thread Starter

broni Moderator Malware Analyst

AirHead Well-Known Member Thread Starter

broni Moderator Malware Analyst

AirHead Well-Known Member Thread Starter

broni Moderator Malware Analyst

AirHead Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches