Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help with infected computer


  • This topic is locked This topic is locked
16 replies to this topic

#1 hodgepodge13

hodgepodge13

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 30 October 2009 - 02:22 PM

Hi, I don't know much about computers so I can't tell you what type of infection it may be, but the problem I am currently having is that it keeps freezing. Programs are freezing for no reason and whenever I restart my computer it tries to do a diskcheck but fails (it says I hit a key to abort it, but I didn't).

I'm currently running Windows Vista (64-bit) on an HP Laptop connected through a wireless connection. If you need to know anything other than this and my hijack this log I will do my best to provide it. Oh, I use Kaspersky Internet Security 2009 and also have AVG but I downloaded that today and it won't properly update or run.

Anyways, thanks in advance and here's my log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:12:21 PM, on 10/30/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.skreemr.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files (x86)\HP\Smart Web Printing\hpswp_framework.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files (x86)\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files (x86)\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files (x86)\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - https://h20364.www2.hp.com/CSMWeb/Customer/...DataManager.CAB
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~2\KASPER~1\KASPER~1\adialhk.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
O23 - Service: Google Update Service (gupdate1c9e7952aa383cb) (gupdate1c9e7952aa383cb) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

--
End of file - 10756 bytes

BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:16 AM

Posted 06 November 2009 - 11:58 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:16 AM

Posted 11 November 2009 - 05:39 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:16 AM

Posted 12 November 2009 - 08:04 PM

Hi,

topic reopened. Please post your logs.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 hodgepodge13

hodgepodge13
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 12 November 2009 - 08:51 PM

OTL Extras logfile created on: 11/12/2009 7:55:50 PM - Run 1
OTL by OldTimer - Version 3.1.5.0 Folder = C:\Users\Jacob\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 52.37% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219.58 Gb Total Space | 108.88 Gb Free Space | 49.59% Space Free | Partition Type: NTFS
Drive D: | 13.31 Gb Total Space | 2.43 Gb Free Space | 18.26% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JACOB-PC
Current User Name: Jacob
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe ()
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe ()
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe ()
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe ()
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe ()
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe ()
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
batfile [open] -- "%1" %* File not found
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
cmdfile [open] -- "%1" %* File not found
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* ()
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 ()
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* ()
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 ()
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 ()
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* ()
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 ()
piffile [open] -- "%1" %* File not found
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" ()
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" ()
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" ()
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 ()
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* ()
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 ()
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 ()
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* ()
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 ()
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 ()
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* ()
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 ()
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* ()
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files (x86)\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Program Files (x86)\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files (x86)\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02E0EE8E-4E5C-4543-A010-3FE16E0B2E9B}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{046D4639-BAA3-4DEA-95E3-384F05CD5507}" = lport=10244 | protocol=6 | dir=in | app=system |
"{0DAF933F-2EB6-4EC3-B748-BBF398A504B1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{1046F331-63A6-443A-B48A-2D0BD36C95CC}" = lport=3390 | protocol=6 | dir=in | app=system |
"{10C8E98F-2865-4D23-9384-3E55955A7DA4}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{1A3DF173-9DA5-4696-8BD2-7B9512932526}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2F53D269-E80F-47FA-9571-DFD6DB2AB528}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{51B9BAA5-BF80-4981-869A-187CA1C29187}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{59F4F739-11F3-4E29-9A8E-94CD378FDF4A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{607A0B65-3A46-4CD9-AB9B-5AF51553C280}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6D3F011B-7017-4B4C-BB20-87EB604C6A70}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{77066EF3-8DFB-4314-B469-BAF55130BAB1}" = lport=10244 | protocol=6 | dir=in | app=system |
"{83FB68DE-11C3-4122-AC48-F24C13C83DA2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8EEB9E68-AFE2-4748-85AE-12A4C46CE9A5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{97F2C10B-2130-4C19-B100-3191E732DE13}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{98A4EC49-686B-4279-A94C-372C4856E9DA}" = lport=3390 | protocol=6 | dir=in | app=system |
"{9E27E7DD-2245-4418-9B30-7B66696B0450}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ADDB7D96-CFE6-4986-B499-17A2E794267C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B2897C5C-6845-4DEA-A378-03771BBCB870}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C2C8505A-01C1-40FF-B468-5DA957A85AD7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D7D768B0-3C69-4C4D-AE77-0932DC08F255}" = rport=10244 | protocol=6 | dir=out | app=system |
"{DC075CD9-9397-4103-8EB5-7E373CC6ED0A}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{FE92E0E7-DE5B-4CC3-9ED9-B74ABB7D5095}" = rport=10244 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00CAD0BA-AA42-4FBE-9629-B3B121270CB7}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{04670962-3598-4C87-A4BC-B50BA8002474}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{075E6FC2-861E-4AED-8D4C-30E0A65BCDC4}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{0DCBE64C-3D64-4CA7-B21E-21B35A169827}" = protocol=17 | dir=in | app=c:\users\jacob\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{0E81DB06-47E8-44AA-8E32-CCA009AC5C9F}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{1B0239C2-4EF1-4132-8276-9DA29DCD9BD4}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{1BF672A4-B473-4149-BFA5-2012BA79DE0D}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{2FE722BF-A1EE-458C-8CC7-78BF8F8085EE}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{365B973E-1ADF-444E-81F7-961001E418DB}" = protocol=6 | dir=in | app=c:\users\jacob\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{3ECCF6B7-785B-4CFE-BDF4-228FD33D679A}" = protocol=6 | dir=in | app=c:\users\jacob\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{3FC3D166-B45C-4B90-9A90-6FB8B7B7B345}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{540C6889-9972-40EF-94CE-F6B533372B1D}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{59ED09C8-BF48-4790-871F-FA9D662A3BB3}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{713A4F96-B818-4D87-9034-1967492B590D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{8826AFD2-A37B-4259-96C0-403AC656AE90}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{8E7F3E36-D5C4-4478-ADE7-E34EBC72BD26}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{9369FEF6-19F0-4CA8-9480-CE773E0080F5}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{986A6496-945E-4A80-B875-64E2F167344E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{AD6E6B94-B5DE-4C52-8AB6-3FF97A6A380F}" = dir=in | app=c:\program files (x86)\hp\quickplay\qpservice.exe |
"{B56154C3-6A54-4A39-896F-71313B7DB779}" = dir=in | app=c:\program files (x86)\hp\quickplay\qp.exe |
"{BE5FEF97-9DAF-4E33-8BF3-E4B52055012F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{C5E3B2AD-1C7E-471D-8AE5-F32B53B4E2D4}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{C83C8B2E-CE65-488F-B060-3E32F2CE5CC3}" = protocol=17 | dir=in | app=c:\users\jacob\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{D2B74F90-6126-412A-A301-96A551999846}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{DBDBAA77-5FF4-4569-8EC4-19AA7B5A8AB4}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{DD39C724-C0D3-45F0-A2B4-2F06310BD4B4}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{DF03C5D4-B9FA-4BB8-B941-4714BD8911EC}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E6C2ADAF-20BE-4BA8-AED2-A5F8A67C0EBC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{E7220ECD-FFC4-428E-88A9-D880EABF3230}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{F59EC371-E650-47D7-BB21-6005125863DF}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{F92E6B7D-EB34-4890-98D2-E46476A798FC}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"TCP Query User{3BAB26C7-D75C-4D23-81F6-3E29748F07D7}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{996C01EE-7E0B-4D83-8E5D-8BA9A99960C0}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"TCP Query User{B63D12BB-B707-48C9-9E98-FF32F1AD928D}C:\users\jacob\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\jacob\program files (x86)\dna\btdna.exe |
"UDP Query User{25392EA1-7668-402A-8EC5-887BE9DA8E2A}C:\users\jacob\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\jacob\program files (x86)\dna\btdna.exe |
"UDP Query User{281251E5-D6D6-4060-8301-B87905504EE2}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{9179DB68-512C-47FF-AB41-DE030A948A3A}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{11192F89-510C-4E23-A62A-D3BEA9139596}" = HP QuickTouch 1.00 C3
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90B5B05F-AFDA-4922-A153-45B14200BA77}" = SPBBC 64bit
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver
"{A348C751-0EFF-4B9D-8065-B5339BEFBE27}" = HP Help and Support
"{A5F59952-475D-4DCC-BEAD-C216FC68E05C}" = iTunes
"{A6A95C2E-D8F9-4A19-8C87-4A0088844396}" = DigitalPersona Personal 3.0.0
"{A9513BBC-73B4-4856-BF83-0166523ABF09}" = 64 Bit HP CIO Components Installer
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C3B6AEB1-390C-4792-8677-CD87F8B2C959}" = HP Deskjet F4200 All-In-One Driver 11.0 03
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{082F8ABA-84D5-4837-9DFC-F365D91A07D4}" = HP Smart Web Printing
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 15
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F362F06-A9A3-440F-8B19-6A01A72723C4}" = AuthenTec Fingerprint Sensor Minimum Install
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}" = Kaspersky Internet Security 2009
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B53620C0-3A83-4F50-A7AB-175DB64C1CE3}" = HP User Guides 0090
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BBC783B7-8725-3B1C-B49A-BA7F09391251}" = Google Talk Plugin
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{BE8A9C2C-8E41-445B-A746-BEB0B1F992F8}" = DJ_AIO_03_F4200_Software_Min
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{D063F201-FAC4-4D5C-B10B-615058ADE5A7}" = HP Update
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_6" = AIM 6
"Ask Toolbar_is1" = Ask Toolbar
"CentraClient" = Centra Client
"Cucusoft iPhone/iTouch/iPod to Computer Transfer_is1" = iPhone/iTouch/iPod to Computer Transfer 5.1.8
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.2
"Google Updater" = Google Updater
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallWIX_{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}" = Kaspersky Internet Security 2009
"Marvell Miniport Driver" = Marvell Miniport Driver
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"RealPlayer 6.0" = RealPlayer
"Recover My Files_is1" = Recover My Files
"Uninstall_is1" = Uninstall 1.0.0.1
"ViewpointMediaPlayer" = Viewpoint Media Player

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/6/2009 11:50:47 PM | Computer Name = Jacob-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/7/2009 12:14:54 AM | Computer Name = Jacob-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/7/2009 10:25:40 AM | Computer Name = Jacob-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/7/2009 12:40:13 PM | Computer Name = Jacob-PC | Source = Perflib | ID = 1023
Description =

Error - 11/7/2009 12:40:15 PM | Computer Name = Jacob-PC | Source = Perflib | ID = 1008
Description =

Error - 11/7/2009 12:40:15 PM | Computer Name = Jacob-PC | Source = Perflib | ID = 1023
Description =

Error - 11/9/2009 10:27:28 PM | Computer Name = Jacob-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/11/2009 12:02:24 AM | Computer Name = Jacob-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/12/2009 4:02:49 AM | Computer Name = Jacob-PC | Source = Windows Search Service | ID = 3006
Description =

Error - 11/12/2009 4:02:50 AM | Computer Name = Jacob-PC | Source = Windows Search Service | ID = 3007
Description =

[ DigitalPersona Pro Events ]
Error - 6/3/2009 10:32:33 AM | Computer Name = Jacob-PC | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

Error - 6/3/2009 10:32:44 AM | Computer Name = Jacob-PC | Source = DigitalPersona Pro | ID = 17827075
Description = Agent cannot start. Description: Found other running Agent.

Error - 6/5/2009 5:36:24 PM | Computer Name = Jacob-PC | Source = DigitalPersona Pro | ID = 17827075
Description = Agent cannot start. Description: Found other running Agent.

Error - 6/7/2009 10:22:00 AM | Computer Name = Jacob-PC | Source = DigitalPersona Pro | ID = 17827075
Description = Agent cannot start. Description: Found other running Agent.

Error - 6/11/2009 9:40:49 AM | Computer Name = Jacob-PC | Source = DigitalPersona Pro | ID = 17827075
Description = Agent cannot start. Description: Found other running Agent.

Error - 6/11/2009 10:37:50 PM | Computer Name = Jacob-PC | Source = DigitalPersona Pro | ID = 17827075
Description = Agent cannot start. Description: Found other running Agent.

Error - 6/11/2009 11:26:52 PM | Computer Name = Jacob-PC | Source = DigitalPersona Pro | ID = 17827075
Description = Agent cannot start. Description: Found other running Agent.

Error - 6/15/2009 8:39:45 AM | Computer Name = Jacob-PC | Source = DigitalPersona Pro | ID = 17827075
Description = Agent cannot start. Description: Found other running Agent.

Error - 6/15/2009 11:39:42 AM | Computer Name = Jacob-PC | Source = DigitalPersona Pro | ID = 17827075
Description = Agent cannot start. Description: Found other running Agent.

Error - 6/15/2009 12:01:47 PM | Computer Name = Jacob-PC | Source = DigitalPersona Pro | ID = 17827075
Description = Agent cannot start. Description: Found other running Agent.

[ Media Center Events ]
Error - 8/6/2009 11:47:04 AM | Computer Name = Jacob-PC | Source = Mcx2Dvcs | ID = 405
Description =

Error - 8/6/2009 11:59:47 AM | Computer Name = Jacob-PC | Source = Mcx2Dvcs | ID = 405
Description =

Error - 8/6/2009 12:03:47 PM | Computer Name = Jacob-PC | Source = Mcx2Dvcs | ID = 405
Description =

Error - 9/25/2009 7:09:08 AM | Computer Name = Jacob-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 10/11/2009 11:37:48 PM | Computer Name = Jacob-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/19/2009 6:15:23 PM | Computer Name = Jacob-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

[ System Events ]
Error - 5/14/2009 2:40:49 AM | Computer Name = Jacob-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk1\DR8, has a bad block.

Error - 5/14/2009 2:40:53 AM | Computer Name = Jacob-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk1\DR8, has a bad block.

Error - 5/14/2009 2:40:57 AM | Computer Name = Jacob-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk1\DR8, has a bad block.

Error - 5/14/2009 2:41:01 AM | Computer Name = Jacob-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk1\DR8, has a bad block.

Error - 5/14/2009 2:41:05 AM | Computer Name = Jacob-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk1\DR8, has a bad block.

Error - 5/14/2009 2:41:09 AM | Computer Name = Jacob-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk1\DR8, has a bad block.

Error - 5/14/2009 2:41:13 AM | Computer Name = Jacob-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk1\DR8, has a bad block.

Error - 5/14/2009 10:26:49 PM | Computer Name = Jacob-PC | Source = HTTP | ID = 15016
Description =

Error - 5/19/2009 8:18:24 AM | Computer Name = Jacob-PC | Source = HTTP | ID = 15016
Description =

Error - 5/20/2009 9:00:50 PM | Computer Name = Jacob-PC | Source = HTTP | ID = 15016
Description =


< End of report >




OTL logfile created on: 11/12/2009 7:55:50 PM - Run 1
OTL by OldTimer - Version 3.1.5.0 Folder = C:\Users\Jacob\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 52.37% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219.58 Gb Total Space | 108.88 Gb Free Space | 49.59% Space Free | Partition Type: NTFS
Drive D: | 13.31 Gb Total Space | 2.43 Gb Free Space | 18.26% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JACOB-PC
Current User Name: Jacob
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/12 19:55:41 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Users\Jacob\Downloads\OTL.exe
PRC - [2009/11/06 22:56:44 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/11/06 22:56:44 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/11/06 22:56:44 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/11/06 22:56:44 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/10/31 22:30:11 | 00,136,176 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.2.183.13\GoogleCrashHandler.exe
PRC - [2009/10/31 22:30:11 | 00,136,176 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.2.183.13\GoogleCrashHandler.exe
PRC - [2009/10/28 20:21:26 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
PRC - [2009/08/14 15:32:50 | 00,083,440 | ---- | M] (Google) -- C:\Users\Jacob\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2009/08/14 15:32:50 | 00,083,440 | ---- | M] (Google) -- C:\Users\Jacob\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2009/08/14 15:32:50 | 00,083,440 | ---- | M] (Google) -- C:\Users\Jacob\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2009/08/14 15:32:50 | 00,083,440 | ---- | M] (Google) -- C:\Users\Jacob\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2009/08/14 15:32:50 | 00,083,440 | ---- | M] (Google) -- C:\Users\Jacob\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2009/08/14 15:32:50 | 00,083,440 | ---- | M] (Google) -- C:\Users\Jacob\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2009/08/14 15:32:50 | 00,083,440 | ---- | M] (Google) -- C:\Users\Jacob\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2009/07/25 04:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe
PRC - [2009/07/21 06:16:39 | 00,208,616 | ---- | M] (Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
PRC - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe
PRC - [2008/05/01 15:25:56 | 00,165,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2008/05/01 15:25:56 | 00,165,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2008/05/01 15:25:56 | 00,165,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2008/05/01 15:25:56 | 00,165,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2008/05/01 15:25:56 | 00,165,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2007/12/19 21:28:34 | 00,271,760 | ---- | M] () -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
PRC - [2007/12/19 21:28:34 | 00,271,760 | ---- | M] () -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
PRC - [2007/12/19 21:28:34 | 00,271,760 | ---- | M] () -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
PRC - [2007/12/19 21:28:34 | 00,112,016 | ---- | M] () -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
PRC - [2007/12/19 21:28:34 | 00,112,016 | ---- | M] () -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
PRC - [2007/09/20 13:12:02 | 00,671,744 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
PRC - [2007/09/20 13:12:02 | 00,671,744 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
PRC - [2007/09/20 13:02:58 | 00,299,008 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
PRC - [2007/09/20 13:02:58 | 00,299,008 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
PRC - [2007/08/23 17:40:48 | 00,079,136 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
PRC - [2007/08/23 17:40:48 | 00,079,136 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
PRC - [2007/08/23 17:40:48 | 00,079,136 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
PRC - [2007/01/09 05:25:30 | 00,272,024 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
PRC - [2007/01/09 05:25:30 | 00,272,024 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe


========== Modules (SafeList) ==========

MOD - [2009/11/12 19:55:41 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Users\Jacob\Downloads\OTL.exe
MOD - [2009/07/17 09:35:11 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atl.dll
MOD - [2009/05/08 14:54:09 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll
MOD - [2008/01/20 21:52:09 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\spp.dll
MOD - [2008/01/20 21:50:01 | 00,183,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\xmllite.dll
MOD - [2008/01/20 21:49:43 | 01,076,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vssapi.dll
MOD - [2008/01/20 21:49:43 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vsstrace.dll
MOD - [2008/01/20 21:49:32 | 00,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\authz.dll
MOD - [2008/01/20 21:48:06 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/10/28 20:21:28 | 00,660,256 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV:64bit: - [2008/01/20 21:52:15 | 01,216,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV:64bit: - [2008/01/20 21:47:32 | 00,383,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/07/10 09:28:28 | 00,412,672 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV - [2009/07/21 06:16:39 | 00,208,616 | ---- | M] (Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe -- (AVP)
SRV - [2009/06/07 12:26:56 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe -- (gupdate1c9e7952aa383cb)
SRV - [2009/06/07 12:26:39 | 00,183,280 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/25 10:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/07/27 13:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/27 13:01:49 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008/06/19 20:17:12 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/06/19 20:16:53 | 00,859,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/05/01 15:25:56 | 00,165,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2008/04/03 10:33:26 | 00,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe -- (Com4QLBEx)
SRV - [2008/01/20 21:51:36 | 00,344,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2008/01/20 21:51:36 | 00,153,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched)
SRV - [2007/12/19 21:28:34 | 00,271,760 | ---- | M] () -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe -- (QPCapSvc)
SRV - [2007/12/19 21:28:34 | 00,112,016 | ---- | M] () -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe -- (QPSched)
SRV - [2007/09/20 13:02:58 | 00,299,008 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV - [2007/09/19 19:30:52 | 00,065,536 | ---- | M] (Hewlett-Packard) -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2007/08/23 17:40:48 | 00,079,136 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2007/01/09 05:25:30 | 00,272,024 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe -- (RichVideo)
SRV - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/02 10:03:48 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/11/02 08:34:14 | 00,000,000 | ---D | M] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/02 01:35:15 | 00,060,994 | ---- | M] () -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/02 01:35:15 | 00,055,846 | ---- | M] () -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)
SRV - [2006/10/26 16:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/10/20 17:05:47 | 00,247,312 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\klif.sys -- (KLIF)
DRV:64bit: - [2009/10/20 17:05:47 | 00,038,416 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\klbg.sys -- (KLBG)
DRV:64bit: - [2009/08/28 18:42:52 | 00,049,152 | ---- | M] () -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/05/18 13:17:08 | 00,034,152 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/11/17 14:50:30 | 04,751,360 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64)
DRV:64bit: - [2008/10/09 09:17:06 | 00,005,120 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\rcmirror.sys -- (rcmirror)
DRV:64bit: - [2008/07/21 16:34:42 | 00,147,984 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\kl1.sys -- (kl1)
DRV:64bit: - [2008/07/09 16:28:32 | 00,026,128 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\klim6.sys -- (KLIM6)
DRV:64bit: - [2008/03/13 17:02:50 | 00,033,296 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\klfltdev.sys -- (KLFLTDEV)
DRV:64bit: - [2008/03/04 02:32:46 | 00,222,720 | ---- | M] () -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2008/01/20 21:47:28 | 00,046,080 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 21:47:27 | 00,168,704 | ---- | M] () -- C:\Windows\SysNative\Drivers\usbvideo.sys -- (usbvideo)
DRV:64bit: - [2008/01/20 21:47:04 | 00,098,816 | ---- | M] () -- C:\Windows\SysNative\drivers\usbaudio.sys -- (usbaudio)
DRV:64bit: - [2008/01/20 21:46:57 | 00,286,720 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
DRV:64bit: - [2008/01/20 21:46:55 | 00,111,104 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/01/20 21:46:51 | 00,017,792 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2007/10/01 06:26:06 | 00,207,872 | ---- | M] () -- C:\Windows\SysNative\drivers\CHDART64.sys -- (HdAudAddService)
DRV:64bit: - [2007/08/28 17:46:46 | 00,217,088 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\ATSwpDrv.sys -- (ATSWPDRV)
DRV:64bit: - [2007/08/15 03:22:00 | 00,369,152 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2007/08/08 19:39:46 | 00,060,928 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2007/07/27 21:45:52 | 00,057,856 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007/07/26 22:33:54 | 00,055,296 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2007/07/13 00:35:44 | 00,381,976 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2007/07/11 12:30:34 | 00,009,088 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\HpqRemHid.sys -- (HpqRemHid)
DRV:64bit: - [2007/07/10 09:28:16 | 00,010,240 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:64bit: - [2007/06/28 10:09:56 | 03,148,288 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\NETw4v64.sys -- (NETw4v64)
DRV:64bit: - [2007/06/20 07:32:58 | 01,478,656 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2007/06/20 07:30:18 | 00,292,864 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2007/06/20 07:29:14 | 00,740,352 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2007/06/18 19:13:12 | 00,018,432 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2007/04/18 09:57:50 | 00,167,784 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2006/10/09 21:09:03 | 00,742,696 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys -- (NVENETFD)
DRV:64bit: - [2006/10/06 21:13:22 | 00,550,912 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XV)
DRV:64bit: - [2006/06/18 18:27:24 | 00,017,024 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV - [2006/09/18 16:36:40 | 00,003,066 | ---- | M] () -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006/09/18 16:35:23 | 00,001,088 | ---- | M] () -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2006/06/18 18:26:50 | 00,094,208 | ---- | M] (Conexant) -- C:\Windows\SysWOW64\mdmxsdk.dll -- (mdmxsdk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.skreemr.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: dvscontextmenuy@dvdvideosoft.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/06/09 09:03:50 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/23 22:30:33 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/11/06 22:56:46 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/11/06 22:56:46 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\THBExt [2009/10/20 16:52:12 | 00,000,000 | ---D | M]

[2009/05/08 18:15:34 | 00,000,000 | ---D | M] -- C:\Users\Jacob\AppData\Roaming\Mozilla\Extensions
[2009/05/08 18:15:34 | 00,000,000 | ---D | M] -- C:\Users\Jacob\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/12 09:04:49 | 00,000,000 | ---D | M] -- C:\Users\Jacob\AppData\Roaming\Mozilla\Firefox\Profiles\ed5bmdej.default\extensions
[2009/08/27 08:32:33 | 00,000,000 | ---D | M] -- C:\Users\Jacob\AppData\Roaming\Mozilla\Firefox\Profiles\ed5bmdej.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/06/21 14:16:29 | 00,000,945 | ---- | M] () -- C:\Users\Jacob\AppData\Roaming\Mozilla\Firefox\Profiles\ed5bmdej.default\searchplugins\youtube-video-search.xml
[2009/10/30 14:12:38 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/11/06 22:56:46 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/05/08 19:35:16 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/07/13 21:59:22 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/08/28 20:39:00 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/11/06 22:56:44 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/06 22:56:44 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
[2007/04/10 16:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
[2008/09/03 19:11:24 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npbittorrent.dll
[2009/10/27 15:02:24 | 00,163,840 | ---- | M] (Centra Software, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPCentraUpdater.dll
[2009/07/25 04:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeploytk.dll
[2009/11/06 22:56:44 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
[2006/10/26 22:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
[2008/10/14 20:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
[2009/09/09 19:19:56 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
[2009/09/09 19:19:56 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/09/09 19:19:57 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/09/09 19:19:57 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/09/09 19:19:57 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/09/09 19:19:57 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/09/09 19:19:57 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
[2007/04/16 12:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll
[2009/08/19 08:23:58 | 00,001,394 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/08/19 08:23:58 | 00,002,193 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\answers.xml
[2009/08/19 08:23:58 | 00,001,534 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/08/19 08:23:58 | 00,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay.xml
[2009/08/19 08:23:58 | 00,002,371 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
[2009/08/19 08:23:58 | 00,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/08/19 08:23:58 | 00,000,792 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (761 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\x64\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Print Clips) - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files (x86)\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL ()
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Users\Jacob\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8:64bit: - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files (x86)\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files (x86)\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O9:64bit: - Extra Button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\x64\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files (x86)\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h20364.www2.hp.com/CSMWeb/Customer/...DataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\x64\kloehk.dll (Kaspersky Lab)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\adialhk.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\x64\adialhk.dll (Kaspersky Lab)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll ()
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/11 10:18:54 | 00,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/10 23:09:32 | 00,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSDApi.dll
[2009/11/06 22:47:39 | 00,000,000 | -HSD | C] -- C:\found.001
[2009/11/04 09:11:12 | 05,939,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.dll
[2009/11/04 09:11:10 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.tlb
[2009/11/02 17:50:11 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/11/02 17:50:10 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/11/02 17:50:10 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2009/10/30 14:04:33 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\avg
[2009/10/30 13:41:29 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2009/10/30 11:00:14 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2009/10/28 05:43:59 | 00,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\unregmp2.exe
[2009/10/28 05:43:58 | 10,624,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2009/10/28 05:43:53 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2009/10/27 15:02:20 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Centra
[2009/10/21 14:58:11 | 11,069,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieframe.dll
[2009/10/21 14:58:10 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iertutil.dll
[2009/10/21 14:58:10 | 01,208,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\urlmon.dll
[2009/10/21 14:58:10 | 00,916,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2009/10/21 14:58:09 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2009/10/21 14:58:09 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2009/10/21 14:58:09 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2009/10/21 14:58:09 | 00,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2009/10/21 14:58:09 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2009/10/21 14:58:09 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2009/10/21 14:58:09 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2009/10/21 14:58:09 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2009/10/21 14:58:09 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2009/10/21 14:58:08 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2009/10/21 14:58:08 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2009/10/21 14:58:08 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2009/10/21 14:58:08 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2009/10/21 14:58:08 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2009/10/20 16:59:14 | 00,000,000 | -HSD | C] -- C:\found.000
[2009/10/17 08:05:32 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2009/10/15 16:35:24 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2009/10/15 16:35:24 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2009/10/15 16:35:21 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2009/10/15 16:35:21 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2009/10/15 16:35:21 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2009/10/15 16:35:09 | 00,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMSPDMOD.DLL
[2009/10/15 16:34:56 | 00,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msv1_0.dll
[2009/10/15 16:34:52 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msasn1.dll
[2009/10/14 17:23:24 | 00,000,000 | ---D | C] -- C:\Users\Jacob\AppData\Local\AIM
[2 C:\Users\Jacob\Documents\*.tmp files -> C:\Users\Jacob\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/12 19:56:44 | 00,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009/11/12 19:56:44 | 00,595,684 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009/11/12 19:56:44 | 00,101,350 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009/11/12 19:55:54 | 02,621,440 | -HS- | M] () -- C:\Users\Jacob\NTUSER.DAT
[2009/11/12 19:52:38 | 00,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2009/11/12 19:50:27 | 00,055,141 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/11/12 19:50:27 | 00,055,141 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/11/12 19:50:22 | 00,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/11/12 19:49:58 | 00,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/12 19:49:57 | 00,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/12 19:49:51 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/12 19:49:48 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/12 19:49:33 | 32,195,13344 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/12 18:45:00 | 00,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3237222369-388278101-2204809965-1000UA.job
[2009/11/12 18:45:00 | 00,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3237222369-388278101-2204809965-1000Core.job
[2009/11/12 18:34:59 | 00,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/11/12 17:57:58 | 00,876,604 | -HS- | M] () -- C:\Windows\SysNative\drivers\fidbox2.dat
[2009/11/12 17:55:19 | 00,005,556 | -HS- | M] () -- C:\Windows\SysNative\drivers\fidbox2.idx
[2009/11/12 08:53:14 | 00,407,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2009/11/12 03:01:42 | 00,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A682697D-0A82-4166-A37F-41B39069E563}.job
[2009/11/11 22:33:45 | 00,012,696 | ---- | M] () -- C:\Users\Jacob\Documents\AC 741 Case 1.9 - Qwest The Revenue Recognition Principle.docx
[2009/11/11 19:43:44 | 06,424,857 | ---- | M] () -- C:\Users\Jacob\Desktop\01 Nothing Left to Lose.mp3
[2009/11/11 19:43:41 | 05,383,131 | ---- | M] () -- C:\Users\Jacob\Desktop\09 Fans.mp3
[2009/11/10 07:57:29 | 06,315,068 | -HS- | M] () -- C:\Windows\SysNative\drivers\fidbox.dat
[2009/11/10 07:57:29 | 00,062,660 | -HS- | M] () -- C:\Windows\SysNative\drivers\fidbox.idx
[2009/11/10 07:57:28 | 00,524,288 | -HS- | M] () -- C:\Users\Jacob\NTUSER.DAT{4f1a4196-c4fd-11de-8c94-001d72666f2b}.TMContainer00000000000000000001.regtrans-ms
[2009/11/10 07:57:28 | 00,065,536 | -HS- | M] () -- C:\Users\Jacob\NTUSER.DAT{4f1a4196-c4fd-11de-8c94-001d72666f2b}.TM.blf
[2009/11/10 07:57:13 | 02,298,977 | -H-- | M] () -- C:\Users\Jacob\AppData\Local\IconCache.db
[2009/11/09 22:37:19 | 00,032,256 | ---- | M] () -- C:\Users\Jacob\Documents\Midterm Exam.doc
[2009/11/08 22:41:24 | 00,013,176 | ---- | M] () -- C:\Users\Jacob\Documents\tax research memo.docx
[2009/11/08 20:26:46 | 00,011,988 | ---- | M] () -- C:\Users\Jacob\Documents\tax planning memo.docx
[2009/11/06 22:56:30 | 00,055,141 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/11/06 22:56:30 | 00,055,141 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/11/05 13:05:58 | 28,155,840 | ---- | M] () -- C:\Windows\SysNative\mrt.exe
[2009/11/02 20:42:06 | 00,226,688 | ---- | M] () -- C:\Windows\SysNative\MpSigStub.exe
[2009/11/02 17:50:50 | 00,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/11/01 11:14:52 | 00,012,573 | ---- | M] () -- C:\Users\Jacob\Documents\AC 741 Case 1.7 - WorldCom The Matching Principle.docx
[2009/10/30 11:00:29 | 00,001,888 | ---- | M] () -- C:\Users\Jacob\Desktop\HijackThis.lnk
[2009/10/30 08:39:20 | 00,013,392 | ---- | M] () -- C:\Users\Jacob\Documents\Crowe cover letter.docx
[2009/10/30 08:38:42 | 00,000,162 | -H-- | M] () -- C:\Users\Jacob\Documents\~$owe cover letter.docx
[2009/10/30 08:25:24 | 00,029,184 | ---- | M] () -- C:\Users\Jacob\Documents\mcgladrey cover letter.doc
[2009/10/30 08:21:41 | 00,013,309 | ---- | M] () -- C:\Users\Jacob\Documents\mcgladrey cover letter.docx
[2009/10/30 07:21:38 | 00,036,352 | ---- | M] () -- C:\Users\Jacob\Documents\resume.doc
[2009/10/30 07:17:31 | 00,017,083 | ---- | M] () -- C:\Users\Jacob\Documents\resume.docx
[2009/10/29 22:44:23 | 00,524,288 | -HS- | M] () -- C:\Users\Jacob\NTUSER.DAT{4f1a4196-c4fd-11de-8c94-001d72666f2b}.TMContainer00000000000000000002.regtrans-ms
[2009/10/29 07:00:37 | 00,524,288 | -HS- | M] () -- C:\Users\Jacob\NTUSER.DAT{6d8802d7-c482-11de-aae5-001d72666f2b}.TMContainer00000000000000000002.regtrans-ms
[2009/10/29 07:00:37 | 00,524,288 | -HS- | M] () -- C:\Users\Jacob\NTUSER.DAT{6d8802d7-c482-11de-aae5-001d72666f2b}.TMContainer00000000000000000001.regtrans-ms
[2009/10/29 07:00:37 | 00,065,536 | -HS- | M] () -- C:\Users\Jacob\NTUSER.DAT{6d8802d7-c482-11de-aae5-001d72666f2b}.TM.blf
[2009/10/28 09:46:40 | 00,524,288 | -HS- | M] () -- C:\Users\Jacob\NTUSER.DAT{05792c0b-bb8c-11de-9b38-001d72666f2b}.TMContainer00000000000000000001.regtrans-ms
[2009/10/28 09:46:40 | 00,065,536 | -HS- | M] () -- C:\Users\Jacob\NTUSER.DAT{05792c0b-bb8c-11de-9b38-001d72666f2b}.TM.blf
[2009/10/28 09:39:44 | 00,001,877 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2009/10/26 14:14:15 | 00,042,229 | ---- | M] () -- C:\Users\Jacob\Documents\Case2.zip
[2009/10/21 21:14:52 | 09,236,480 | ---- | M] () -- C:\Windows\SysNative\mshtml.dll
[2009/10/21 17:36:56 | 01,638,912 | ---- | M] () -- C:\Windows\SysNative\mshtml.tlb
[2009/10/21 05:40:08 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.dll
[2009/10/21 03:19:16 | 01,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.tlb
[2009/10/20 22:09:24 | 00,013,838 | ---- | M] () -- C:\Users\Jacob\Documents\Case 2.xlsx.docx
[2009/10/20 20:43:18 | 00,036,126 | ---- | M] () -- C:\Users\Jacob\Documents\Case 2.xlsx
[2009/10/20 17:05:47 | 00,247,312 | ---- | M] () -- C:\Windows\SysNative\drivers\klif.sys
[2009/10/20 17:05:47 | 00,038,416 | ---- | M] () -- C:\Windows\SysNative\drivers\klbg.sys
[2009/10/20 17:05:46 | 00,143,387 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2009/10/20 17:05:46 | 00,104,987 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2009/10/18 22:15:24 | 00,000,165 | -H-- | M] () -- C:\Users\Jacob\Documents\~$Case 2.xlsx
[2009/10/18 22:15:20 | 00,000,162 | -H-- | M] () -- C:\Users\Jacob\Documents\~$se 2.xlsx.docx
[2009/10/17 21:22:45 | 00,027,335 | ---- | M] () -- C:\Users\Jacob\AppData\Roaming\nvModes.001
[2009/10/17 21:15:57 | 00,524,288 | -HS- | M] () -- C:\Users\Jacob\NTUSER.DAT{05792c0b-bb8c-11de-9b38-001d72666f2b}.TMContainer00000000000000000002.regtrans-ms
[2009/10/17 07:57:37 | 00,524,288 | -HS- | M] () -- C:\Users\Jacob\NTUSER.DAT{77b4892f-bb1c-11de-a51c-001d72666f2b}.TMContainer00000000000000000002.regtrans-ms
[2009/10/17 07:57:37 | 00,524,288 | -HS- | M] () -- C:\Users\Jacob\NTUSER.DAT{77b4892f-bb1c-11de-a51c-001d72666f2b}.TMContainer00000000000000000001.regtrans-ms
[2009/10/17 07:57:37 | 00,065,536 | -HS- | M] () -- C:\Users\Jacob\NTUSER.DAT{77b4892f-bb1c-11de-a51c-001d72666f2b}.TM.blf
[2009/10/16 02:50:24 | 00,524,288 | -HS- | M] () -- C:\Users\Jacob\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2009/10/16 02:50:24 | 00,065,536 | -HS- | M] () -- C:\Users\Jacob\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2009/10/13 21:39:49 | 00,018,339 | ---- | M] () -- C:\Users\Jacob\Documents\AC 750 Tax Test 1.docx
[2009/10/13 21:12:57 | 00,020,545 | ---- | M] () -- C:\Users\Jacob\Documents\CASE_2 Facts.docx
[2009/10/13 21:12:42 | 00,015,829 | ---- | M] () -- C:\Users\Jacob\Documents\Flintstones Tax Return.xlsx
[2 C:\Users\Jacob\Documents\*.tmp files -> C:\Users\Jacob\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/11 20:50:09 | 00,012,696 | ---- | C] () -- C:\Users\Jacob\Documents\AC 741 Case 1.9 - Qwest The Revenue Recognition Principle.docx
[2009/11/10 23:09:32 | 00,437,248 | ---- | C] () -- C:\Windows\SysNative\WSDApi.dll
[2009/11/10 23:09:25 | 02,749,952 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2009/11/09 22:37:19 | 00,032,256 | ---- | C] () -- C:\Users\Jacob\Documents\Midterm Exam.doc
[2009/11/08 18:02:38 | 00,011,988 | ---- | C] () -- C:\Users\Jacob\Documents\tax planning memo.docx
[2009/11/08 17:28:19 | 00,013,176 | ---- | C] () -- C:\Users\Jacob\Documents\tax research memo.docx
[2009/11/04 09:11:11 | 09,236,480 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2009/11/04 09:11:10 | 01,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2009/11/02 17:50:50 | 00,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/11/01 11:14:51 | 00,012,573 | ---- | C] () -- C:\Users\Jacob\Documents\AC 741 Case 1.7 - WorldCom The Matching Principle.docx
[2009/10/31 14:50:28 | 00,000,434 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{A682697D-0A82-4166-A37F-41B39069E563}.job
[2009/10/30 11:00:14 | 00,001,888 | ---- | C] () -- C:\Users\Jacob\Desktop\HijackThis.lnk
[2009/10/30 08:38:42 | 00,000,162 | -H-- | C] () -- C:\Users\Jacob\Documents\~$owe cover letter.docx
[2009/10/30 08:38:41 | 00,013,392 | ---- | C] () -- C:\Users\Jacob\Documents\Crowe cover letter.docx
[2009/10/30 08:19:49 | 00,029,184 | ---- | C] () -- C:\Users\Jacob\Documents\mcgladrey cover letter.doc
[2009/10/30 07:49:57 | 00,013,309 | ---- | C] () -- C:\Users\Jacob\Documents\mcgladrey cover letter.docx
[2009/10/30 07:21:37 | 00,036,352 | ---- | C] () -- C:\Users\Jacob\Documents\resume.doc
[2009/10/29 21:39:31 | 00,524,288 | -HS- | C] () -- C:\Users\Jacob\NTUSER.DAT{4f1a4196-c4fd-11de-8c94-001d72666f2b}.TMContainer00000000000000000002.regtrans-ms
[2009/10/29 21:39:31 | 00,524,288 | -HS- | C] () -- C:\Users\Jacob\NTUSER.DAT{4f1a4196-c4fd-11de-8c94-001d72666f2b}.TMContainer00000000000000000001.regtrans-ms
[2009/10/29 21:39:31 | 00,065,536 | -HS- | C] () -- C:\Users\Jacob\NTUSER.DAT{4f1a4196-c4fd-11de-8c94-001d72666f2b}.TM.blf
[2009/10/29 07:00:37 | 00,524,288 | -HS- | C] () -- C:\Users\Jacob\NTUSER.DAT{6d8802d7-c482-11de-aae5-001d72666f2b}.TMContainer00000000000000000002.regtrans-ms
[2009/10/29 07:00:37 | 00,524,288 | -HS- | C] () -- C:\Users\Jacob\NTUSER.DAT{6d8802d7-c482-11de-aae5-001d72666f2b}.TMContainer00000000000000000001.regtrans-ms
[2009/10/29 07:00:37 | 00,065,536 | -HS- | C] () -- C:\Users\Jacob\NTUSER.DAT{6d8802d7-c482-11de-aae5-001d72666f2b}.TM.blf
[2009/10/28 09:51:21 | 00,055,141 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/10/28 09:51:19 | 00,055,141 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/10/28 05:44:00 | 00,372,736 | ---- | C] () -- C:\Windows\SysNative\unregmp2.exe
[2009/10/28 05:43:59 | 13,426,176 | ---- | C] () -- C:\Windows\SysNative\wmp.dll
[2009/10/28 05:43:53 | 08,147,968 | ---- | C] () -- C:\Windows\SysNative\wmploc.DLL
[2009/10/26 14:14:15 | 00,042,229 | ---- | C] () -- C:\Users\Jacob\Documents\Case2.zip
[2009/10/21 14:58:13 | 12,461,568 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2009/10/21 14:58:10 | 02,334,208 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2009/10/21 14:58:10 | 01,484,288 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2009/10/21 14:58:09 | 01,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2009/10/21 14:58:09 | 01,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2009/10/21 14:58:09 | 00,700,928 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2009/10/21 14:58:09 | 00,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2009/10/21 14:58:09 | 00,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2009/10/21 14:58:09 | 00,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2009/10/21 14:58:09 | 00,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2009/10/21 14:58:08 | 00,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2009/10/21 14:58:08 | 00,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2009/10/21 14:58:08 | 00,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2009/10/21 14:58:08 | 00,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2009/10/21 14:58:08 | 00,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2009/10/21 14:58:08 | 00,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2009/10/21 14:58:08 | 00,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2009/10/21 14:58:08 | 00,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2009/10/18 22:15:24 | 00,000,165 | -H-- | C] () -- C:\Users\Jacob\Documents\~$Case 2.xlsx
[2009/10/18 22:15:20 | 00,000,162 | -H-- | C] () -- C:\Users\Jacob\Documents\~$se 2.xlsx.docx
[2009/10/17 21:15:57 | 00,524,288 | -HS- | C] () -- C:\Users\Jacob\NTUSER.DAT{05792c0b-bb8c-11de-9b38-001d72666f2b}.TMContainer00000000000000000002.regtrans-ms
[2009/10/17 21:15:57 | 00,524,288 | -HS- | C] () -- C:\Users\Jacob\NTUSER.DAT{05792c0b-bb8c-11de-9b38-001d72666f2b}.TMContainer00000000000000000001.regtrans-ms
[2009/10/17 21:15:57 | 00,065,536 | -HS- | C] () -- C:\Users\Jacob\NTUSER.DAT{05792c0b-bb8c-11de-9b38-001d72666f2b}.TM.blf
[2009/10/17 15:17:55 | 00,013,838 | ---- | C] () -- C:\Users\Jacob\Documents\Case 2.xlsx.docx
[2009/10/17 08:05:39 | 00,001,877 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2009/10/17 07:57:37 | 00,524,288 | -HS- | C] () -- C:\Users\Jacob\NTUSER.DAT{77b4892f-bb1c-11de-a51c-001d72666f2b}.TMContainer00000000000000000002.regtrans-ms
[2009/10/17 07:57:37 | 00,524,288 | -HS- | C] () -- C:\Users\Jacob\NTUSER.DAT{77b4892f-bb1c-11de-a51c-001d72666f2b}.TMContainer00000000000000000001.regtrans-ms
[2009/10/17 07:57:37 | 00,065,536 | -HS- | C] () -- C:\Users\Jacob\NTUSER.DAT{77b4892f-bb1c-11de-a51c-001d72666f2b}.TM.blf
[2009/10/15 16:35:38 | 04,691,016 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2009/10/15 16:35:25 | 00,558,592 | ---- | C] () -- C:\Windows\SysNative\EncDec.dll
[2009/10/15 16:35:25 | 00,289,792 | ---- | C] () -- C:\Windows\SysNative\psisrndr.ax
[2009/10/15 16:35:22 | 00,375,808 | ---- | C] () -- C:\Windows\SysNative\psisdecd.dll
[2009/10/15 16:35:21 | 00,227,328 | ---- | C] () -- C:\Windows\SysNative\mpg2splt.ax
[2009/10/15 16:35:21 | 00,101,376 | ---- | C] () -- C:\Windows\SysNative\MSNP.ax
[2009/10/15 16:35:09 | 00,818,688 | ---- | C] () -- C:\Windows\SysNative\WMSPDMOD.DLL
[2009/10/15 16:34:56 | 00,268,800 | ---- | C] () -- C:\Windows\SysNative\msv1_0.dll
[2009/10/15 16:34:54 | 00,174,592 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2009/10/15 16:34:52 | 00,082,944 | ---- | C] () -- C:\Windows\SysNative\msasn1.dll
[2009/10/13 21:35:32 | 00,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3237222369-388278101-2204809965-1000UA.job
[2009/10/13 21:35:29 | 00,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3237222369-388278101-2204809965-1000Core.job
[2009/10/13 21:12:56 | 00,020,545 | ---- | C] () -- C:\Users\Jacob\Documents\CASE_2 Facts.docx
[2009/10/13 21:12:42 | 00,015,829 | ---- | C] () -- C:\Users\Jacob\Documents\Flintstones Tax Return.xlsx
[2009/10/13 21:12:23 | 00,036,126 | ---- | C] () -- C:\Users\Jacob\Documents\Case 2.xlsx
[2009/06/15 11:20:48 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/06/11 21:13:54 | 00,018,944 | ---- | C] () -- C:\Users\Jacob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/11 02:09:36 | 02,298,977 | -H-- | C] () -- C:\Users\Jacob\AppData\Local\IconCache.db
[2009/05/20 20:01:39 | 00,007,592 | ---- | C] () -- C:\Users\Jacob\AppData\Local\d3d9caps.dat
[2009/05/16 22:40:03 | 00,027,335 | ---- | C] () -- C:\Users\Jacob\AppData\Roaming\nvModes.001
[2009/05/15 12:39:39 | 00,027,335 | ---- | C] () -- C:\Users\Jacob\AppData\Roaming\nvModes.dat
[2009/05/10 13:19:33 | 00,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/05/10 13:19:33 | 00,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2009/05/08 19:07:35 | 01,101,136 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate
[2009/05/08 18:10:55 | 00,112,440 | ---- | C] () -- C:\Users\Jacob\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/05/08 18:10:44 | 00,000,000 | ---- | C] () -- C:\Users\Jacob\AppData\Local\QSwitch.txt
[2009/05/08 18:10:44 | 00,000,000 | ---- | C] () -- C:\Users\Jacob\AppData\Local\DSwitch.txt
[2009/05/08 18:10:44 | 00,000,000 | ---- | C] () -- C:\Users\Jacob\AppData\Local\AtStart.txt
[2009/05/08 16:18:59 | 00,001,035 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/01/20 21:50:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 21:49:49 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/01/14 16:47:06 | 00,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
[2006/11/02 10:25:49 | 00,000,174 | -HS- | C] () -- C:\Program Files (x86)\desktop.ini
[2006/11/02 10:07:25 | 00,030,808 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2006/11/02 10:07:25 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 10:07:25 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 10:07:25 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 07:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 174 bytes -> C:\ProgramData\TEMP:0CE7F3C9
< End of report >

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:16 AM

Posted 13 November 2009 - 08:09 AM

Hi,

first of all you should never have more than one anti virus program on your system.
I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either AVG or Kaspersky.

Then I would like to ask you to run a scan with Malwarebytes:

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

Please also try to run a chkdsk from CD:
Booting into the Windows Vista WinRE Environment using Windows Vista disk

Please insert your Windows Vista installation media into your CD-Rom/DVD drive and reboot your computer. During the reboot and at boot up you should see Press Any key to Boot from CD/DVD.... If you see that please press any key to continue and continue and follow the next set of instructions on "Using the Vista CD Disk to Access the Vista WinRE Environment". If not, please follow the next set of instructions on "How to Configure the System to Boot from CD/DVD" and then follow the steps to "Using the Vista CD Disk to Access the Vista WinRE Environment ".

How to Configure the system to boot from CD/DVD

Some machines will automatically attempt boot from the CD if a CD is inserted, if that is the case, please skip the instructions below...
  • Please reboot your machine or turn it on (Without the CD)
  • As soon as the BIOS is loaded begin tapping tapping the F2 or F12 or perhaps F9, F10 or F11 (try all of them if unsure, starting with F2)
  • Different Machines have different keys.
  • This will bring up the configuration options, please use your arrow keys to go to the Boot Tab.
  • In the Boot tab, there should be instructions on your right-hand side on how to move your CD/DVD as the top or First Priority
  • After you have moved CD/DVD at the top/first priority, please make sure you SAVE AND EXIT <- Important
  • It will now exit with Configuration settings saved.
Using the Vista CD Disk to Access the Vista WinRE Environment
  • Insert the Windows Vista disk in your computer.
  • Restart your computer so you are booting off of the CD.
  • During the reboot and boot up you will get a message saying: "Press any key to boot from CD", press Enter on your keyboard.
  • Select your language options, Time and Keyboard and press Next
  • At the next prompt press Posted Image
  • Select your Operating System (Windows Vista; the main one) from the list, and then press Next
  • Now press the Command Prompt option.
  • Enter the following code line by line one at a time and pressing enter on your keyboard on each line.
  • Wait for each command to be completed before continuing with the next one.
    chkdsk /r
  • Press the Restart button Posted Image and remove your Windows Vista disk from the DVD drive. Windows should now begin to load.
Let me know if it finds something or if it reboots suddenly.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 hodgepodge13

hodgepodge13
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 13 November 2009 - 08:21 AM

Hi, here is the log of the malwarebytes scan. I don't know where my CD is for the chkdisk process but I will double check everything I have for it.

Malwarebytes' Anti-Malware 1.41
Database version: 3159
Windows 6.0.6001 Service Pack 1

11/13/2009 8:20:21 AM
mbam-log-2009-11-13 (08-20-21).txt

Scan type: Quick Scan
Objects scanned: 92516
Time elapsed: 3 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:16 AM

Posted 13 November 2009 - 09:07 AM

Hi,

please try the following commands to remove the chkdsk running on startup:

1. click on your start menu and open the run dialog.
2. type "cmd" and return (note: dont enter quotes)
3. Next type "fsutil dirty query X:"
4. If the return message indicates that the volume is dirty go to step 5
5. Next type "chkdsk X: /f /x"
6. After that finshes repeat step 3.
7. If it is no longer dirty then reboot and you should notice no more
ckdisk.

Replace X with the letter of the drive being scanned.

regards myrti

Edited by myrti, 13 November 2009 - 09:07 AM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 hodgepodge13

hodgepodge13
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 13 November 2009 - 09:15 AM

The chkdisk ran successfully the last couple of reboots. Each time finding things (though I can't recall what they were, it goes so fast. Next time I'll try and write down anything I see). However, it still runs each startup

As far as the latest set of instructions, for some reason when I enter that in the command prompt it says I need administrative privileges. However, I am the administrator and the only user of this computer. I checked my user account type just to be sure and it does say "administrator." Any suggestions?

#10 hodgepodge13

hodgepodge13
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 13 November 2009 - 09:19 AM

Nevermind figured it out. Says I need to restart. Will note any things fixed.

#11 hodgepodge13

hodgepodge13
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 13 November 2009 - 09:30 AM

OK, so in stage 1 it deleted some corrupt attribute records (128, "") and orphan file record segments

In stage 2 it recovered some orphan files

In stage 3 it inserted data attributes.

So i re-did the fsutil dirty query and it says it is not dirty!

Is that probably it and I shouldn't have these freeze-ups and random shutdowns or is there probably more?

Either way, thanks so much!

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:16 AM

Posted 13 November 2009 - 06:41 PM

Hi,

I haven't seen indications for malware so far, so I would check other options, such as defective hardware or a configuration/software problem.

Did the scan on reboot stop?

Just to be safe I would also like to ask for an online scan with Eset:
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 hodgepodge13

hodgepodge13
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 14 November 2009 - 01:12 PM

It didn't find anything and my computer seems to be running a lot better now. I'm definitely still open to running more scans/tests if you think it's a good idea though.

If not and you think everything is OK. I just want to say thanks again. I really appreciate it.

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:16 AM

Posted 15 November 2009 - 07:35 PM

Hi,

your logs are clean, so I guess your PC should be clean as well. :( I would like to ask you to update your software next, unless you have any remaining problems?

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 17.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u17-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.
Your Adobe Reader is also out of date. Please uninstall it and download the latest version from Adobe: Download
Please untick all proposed toolbars unless you really want them.

Please post back with any problems you might have.
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 hodgepodge13

hodgepodge13
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 15 November 2009 - 10:32 PM

So I updated my java, thanks for the heads up on that. And everything seems to be working well now. So thanks!

Really, thanks for the patience and reopening the topic and all your help. I really appreciate it.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users