Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blue screen after welcome to windows screen on boot up.


  • This topic is locked This topic is locked
7 replies to this topic

#1 air1

air1

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:usa texas
  • Local time:06:43 AM

Posted 26 February 2011 - 12:17 AM

Compaq presario v6200us and Vista home premium.

I have one year experience so bear with me as I will use terms outside of their intended use. And my memory of my computers recent fiasco is all murky as I have been cramming too much new information into my brain at one time as I am trying to learn how to use computers.

One day I visited a sight called something starting with the word "Daddy's" followed by "software cupboard" I think. <_<

I downloaded the openware program PDF Creator from their site. It was loaded with other things of which I had to allow to be able to download it. Of which... I can remember was... Weathwer bug, the other stuff I can't remember. I downloaded anyways as I new I could uninstall the extra's.

During the install a warning or failure notice about locked files came up. It continued to load though...I thought I had clicked the stop button.
I recieved a warning from Winpatrol of a "NEW" Cashe daemon trying to insert itself into my startup. It had little info listed.
I crossed referenced what little info it did have on Uniblue and your Database a few others and could not find an "Exact" match.
I repeatedly told win patrol to not allow it...as it was persistant, but eventually as winpatrol thought it to be neccassary file to my Os and the date listed of when Winpatrol first encountered it was the Date I installed winpatrol last year....so I allowed it. I don't understand why Winpatrol would be notifying me of a startup that was suppossedly already there and checked out. :wacko: Unless it was modified in some way maybe????

I uninstalled Weather Bug and I think a browser tool bar that had come with it.

I was having intermitten programs not responding and shutting down. IE was having issues so I went to uninstall the PDF creator and it was not listed in add and remove programs nor Revo uninstaller.

I checked reviews from the site and others have had installation problems with the locked files and installation and uninstallation none of their problems matched mine completely. I was able to use the program but not uninstall it.

I used my system restore and rolled back to the restore point listed as Weather bug, as PDF creator restore point was not listed. Well this did not remove Pdf Creator... it seems to be invisible to my computer... yet I can still use it.

I used a file searcher program called Everything to locate all the files and delete them manually. I used the term Pdf creator and found and erased about 15 files maybe? :blink:

I then ran Mbam full scan and after 35 minutes it quit responding. I ran Super-anti SW and it removed 3 adwares.

Then I ran MSSE full scan and after 2.5 hrs it found and removed 2 or 3 trojans, and if I'm correct a bot also.

2 days later another program quit responding and I was just nervous enough to seek your help and instead I walked myself through your tutorial on HJTs and two others as I have a hard time with instructions..... due to my inexperience.

After 6 hours of carefull effort...I let HJTs fix a few things I will do my best to to describe what I did.

A couple of Ro's and an R3 and one F? Only things that the tutorials didn't list as scary like the 010's. It was entries ending in = signs with nothing after it. :crazy: I also let it fix the Missing comma at the end of the ???? :wacko:
When I did..... Scotty the barking dog from Winpatrol warned me that a new startup was trying to get into my startup log...it was this file HJTs had changed and I allowed it.

I had noted one 04 and two 09 entries to take care of in safe mode. I immediately retarted and hit F8 to go into safe mode to take care of these other entries.

Mind you these 04's and 09's were only Gooogle side wiki and somekind of sidebar which I thought to be the Desktop one whioch I don't use. I mentioning this because I went through and cross refrenced every single entry HJTS had listed on my scan report and nothing came up conclusiove as a malware. Except the one R3 entry which I could not reference on uniblue.

Ok back to safe mode escapade....... I get to a screen that has safe mode written in all 4 corners of my screen but nothing else happened... so I soft booted or manually turned off and restarted my computer...... and it started the boot sequence and I see the welcome screen by Windows. Then it goes to Blue-screen everytime just when the desktop is supposed to come on.

I have hit F8 and tried the repair computer problems selection....it tells me that my computer failed to boot due to a neccassary item that is inaccessable. It prompts me to load a vista disk and reboot...a disk which I do not have...and I have tried downloading and burning this repair disk.. but this computer I am using has no writeable dvd-rom. I copied the file to my thumb drive and passed it to my Dad who burned it for me...probably incorrectly....but he won't let anyone on his system..

I inserted the disk in my notebook and it doesn't seem to be able to read it. (probably my Dad's fault he's burned it twice and still no read on my notebook nor this computer which also is Vista.) I thought I would check first with you before I go any further and irritate my father into burning it again.

Thank you for reading this....whomever may help.

Edited by air1, 26 February 2011 - 01:40 AM.

Nooo - I'm not running multiple real time antisoftware I've evolved past that error.


My momma said I'm not too bright --but I can lift heavy things.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,092 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:43 PM

Posted 03 March 2011 - 05:16 PM

Hi, first of all, lets have a look at the BSOD code.

We Need to Diagnose Your BlueScreen
  • When you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter Safe Mode
  • Select "Disable Automatic Restart on System Failure", as shown here:
    Posted Image
  • When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not. You are looking for this:
    Posted Image
Please post me the error(s).

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 air1

air1
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:usa texas
  • Local time:06:43 AM

Posted 05 March 2011 - 12:13 AM

Thank you elise for your replying. I took my computer to a friend. He typed in run exp. to start explorer from the task manager. Turns out the Blue screen was not a blue screen after all. It was blueish Turquoise. I suspect you were on that same trail. He then restored my computer from the system restore point before I used HJTS.

Now I'm back to the point where I feel i might still be infected and I'm curious to why my task bar keeps splashing my screen every ten seconds.

It wasn't splashing my screen after I had used HJTS but it wouldn't boot correctly either. :lmao:

When he looked into system error reporting it said several important system files were missing. Obviously I had erased them with HJTS. :huh:

So may I humbly request someone who is qualified to read my HJTs report and let me know if I am infected? :whistle:

Nooo - I'm not running multiple real time antisoftware I've evolved past that error.


My momma said I'm not too bright --but I can lift heavy things.


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,092 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:43 PM

Posted 05 March 2011 - 05:20 AM

I that case lets do a more thorough scan. I will move this topic to the right forum.

OTL
-----
Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 air1

air1
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:usa texas
  • Local time:06:43 AM

Posted 05 March 2011 - 08:27 PM

Thank you once again Elise.
Holy mother of a report to read. You must be a genious. :mellow:
I know nothing of the sports scuedule report listed in the errors. Must of been my old roomate's doing over a year ago.


OTL logfile created on: 3/5/2011 7:11:40 PM - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\Ariel\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.62 Gb Total Space | 82.04 Gb Free Space | 58.34% Space Free | Partition Type: NTFS
Drive D: | 8.43 Gb Total Space | 2.19 Gb Free Space | 25.96% Space Free | Partition Type: NTFS

Computer Name: JAY-PC | User Name: Ariel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/05 19:09:56 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Ariel\Desktop\OTL.exe
PRC - [2011/02/18 00:12:53 | 000,234,656 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10m_ActiveX.exe
PRC - [2011/02/13 14:20:14 | 000,325,000 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2011/01/25 17:42:10 | 000,083,440 | ---- | M] (Google) -- C:\Users\Ariel\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 12:26:42 | 000,226,984 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
PRC - [2010/11/11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/09/08 10:10:20 | 000,450,560 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
PRC - [2008/09/08 10:09:40 | 000,184,320 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
PRC - [2006/01/09 12:56:04 | 000,049,152 | ---- | M] () -- C:\Windows\System32\LxrSII1s.exe


========== Modules (SafeList) ==========

MOD - [2011/03/05 19:09:56 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Ariel\Desktop\OTL.exe
MOD - [2010/08/31 09:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (stllssvr)
SRV - [2010/11/11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/08/24 21:16:36 | 000,406,016 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe -- (DfSdkS)
SRV - [2008/09/08 10:10:20 | 000,450,560 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2008/09/08 10:09:40 | 000,184,320 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2008/01/19 01:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/04/23 17:11:44 | 000,106,593 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2007/04/23 17:11:42 | 000,262,243 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2006/01/09 12:56:04 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\Windows\System32\LxrSII1s.exe -- (LxrSII1s)


========== Driver Services (SafeList) ==========

DRV - [2011/03/05 01:55:45 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7E1E1452-FF65-4AAD-BA03-5BBB37685D5E}\MpKsla365ff04.sys -- (MpKsla365ff04)
DRV - [2010/10/24 21:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 21:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/09/08 10:58:51 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2009/10/07 07:49:40 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 9000(UVC)
DRV - [2009/06/25 15:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/25 15:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009/06/25 10:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/24 04:08:00 | 007,542,208 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/04/10 23:06:26 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009/04/10 22:46:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2009/03/29 20:03:16 | 000,152,192 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTHDRVSP.sys -- (PTHDRVSP)
DRV - [2009/03/29 20:02:18 | 000,152,064 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTHDRMDM.sys -- (PTHDRMDM)
DRV - [2009/03/29 20:01:16 | 000,041,984 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTHDRBUS.sys -- (PTHDRBUS)
DRV - [2008/08/25 02:22:00 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/08/01 17:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/03/03 10:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/01/19 00:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/11/21 19:03:55 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2007/07/10 04:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/04/11 20:30:52 | 000,160,768 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/03/27 17:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2007/03/22 11:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\elagopro.sys -- (elagopro)
DRV - [2007/03/22 11:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\elaunidr.sys -- (elaunidr)
DRV - [2006/12/14 08:37:40 | 000,072,672 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\LxrSII1d.sys -- (LxrSII1d)
DRV - [2006/11/30 11:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/06/28 10:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-3811219389-4089082538-2103765479-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
IE - HKU\S-1-5-21-3811219389-4089082538-2103765479-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?hl=en&source=iglk
IE - HKU\S-1-5-21-3811219389-4089082538-2103765479-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-3811219389-4089082538-2103765479-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3811219389-4089082538-2103765479-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7D F0 E8 B3 49 E2 CA 01 [binary data]
IE - HKU\S-1-5-21-3811219389-4089082538-2103765479-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://bing.zugo.com/?cfg=2-80-0-VmLB
IE - HKU\S-1-5-21-3811219389-4089082538-2103765479-1002\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3811219389-4089082538-2103765479-1002\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3811219389-4089082538-2103765479-1002\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3811219389-4089082538-2103765479-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2006/09/18 15:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found.
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {BC0E8AD7-13AA-4694-8EDD-0246BC47A35F} - No CLSID value found.
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (no name) - {E1BACF55-35E1-4E47-9247-2D48660E5545} - No CLSID value found.
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-3811219389-4089082538-2103765479-1002\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKU\S-1-5-21-3811219389-4089082538-2103765479-1002\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Ariel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Ariel\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3811219389-4089082538-2103765479-1002\..Trusted Domains: dropbox.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3811219389-4089082538-2103765479-1002\..Trusted Domains: dropbox.com ([dl] * in Trusted sites)
O15 - HKU\S-1-5-21-3811219389-4089082538-2103765479-1002\..Trusted Domains: dropbox.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-3811219389-4089082538-2103765479-1002\..Trusted Domains: flonga.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-3811219389-4089082538-2103765479-1002\..Trusted Domains: imdb.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-3811219389-4089082538-2103765479-1002\..Trusted Domains: netflix.com ([]* in Trusted sites)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img25.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img25.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/04 19:59:48 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/05 19:09:46 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Ariel\Desktop\OTL.exe
[2011/02/23 00:34:28 | 000,000,000 | ---D | C] -- C:\Users\Ariel\Documents\HostsXpert[1]
[2011/02/20 22:47:22 | 000,000,000 | ---D | C] -- C:\Users\Ariel\AppData\Roaming\Mozilla
[2011/02/20 14:27:45 | 000,000,000 | ---D | C] -- C:\Users\Ariel\AppData\Roaming\WeatherBug
[2011/02/20 14:26:34 | 000,000,000 | ---D | C] -- C:\Program Files\Bing Bar Installer
[2011/02/18 17:39:04 | 000,000,000 | ---D | C] -- C:\Users\Ariel\AppData\Roaming\Spesoft Image Converter
[2011/02/18 17:36:56 | 000,000,000 | ---D | C] -- C:\Program Files\gs
[2011/02/18 17:36:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spesoft Image Converter
[2011/02/18 17:36:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SIC
[2011/02/18 17:36:40 | 000,000,000 | ---D | C] -- C:\Program Files\Spesoft Image Converter
[2011/02/18 17:25:59 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2011/02/18 17:13:14 | 000,000,000 | ---D | C] -- C:\Users\Ariel\Documents\Downloads
[2011/02/10 14:10:42 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan
[2011/02/09 12:08:37 | 000,000,000 | ---D | C] -- C:\Users\Ariel\AppData\Roaming\Canon
[2011/02/09 11:41:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon IJ Network Utilities
[2011/02/09 11:38:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX340 series User Registration
[2011/02/09 11:27:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2011/02/09 11:27:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX340 series
[2011/02/09 11:26:10 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2011/02/09 11:05:34 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEGV
[2011/02/09 11:04:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX340 series Manual
[2011/02/09 11:04:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\STRING
[2011/02/09 11:04:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\CHM
[2011/02/09 11:03:10 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2007/03/12 10:41:52 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll
[2005/11/23 11:55:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/05 19:15:00 | 000,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9D7127DD-B70C-421F-BD16-BEA7353FEF46}.job
[2011/03/05 19:15:00 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{53900B47-A2A8-4031-9546-645CD296238C}.job
[2011/03/05 19:11:11 | 000,000,680 | ---- | M] () -- C:\Users\Ariel\AppData\Local\d3d9caps.dat
[2011/03/05 19:09:56 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Ariel\Desktop\OTL.exe
[2011/03/05 18:47:03 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3811219389-4089082538-2103765479-1002UA.job
[2011/03/05 18:44:04 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/05 18:44:04 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/05 18:23:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/05 15:23:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/05 09:47:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3811219389-4089082538-2103765479-1002Core.job
[2011/03/05 08:30:23 | 000,077,291 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/03/05 08:30:23 | 000,077,291 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/03/05 06:39:22 | 000,606,602 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/05 06:39:22 | 000,105,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/05 02:00:02 | 000,000,436 | ---- | M] () -- C:\Windows\tasks\SyncBack onenotebackup.job
[2011/03/04 22:44:11 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\AWC AutoSweep.job
[2011/03/04 22:43:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/04 22:43:45 | 2616,012,800 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/04 22:33:45 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/02/22 01:30:08 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\Wise Disk Cleaner Schedule Task.job
[2011/02/21 13:07:28 | 024,601,219 | ---- | M] () -- C:\Users\Ariel\Desktop\shakespearehisworldv1.pdf
[2011/02/20 22:39:37 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job
[2011/02/18 17:36:55 | 000,000,960 | ---- | M] () -- C:\Users\Ariel\Desktop\Spesoft Image Converter.lnk
[2011/02/16 04:00:59 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\AWC AutoCare.job
[2011/02/12 19:09:45 | 000,023,552 | ---- | M] () -- C:\Users\Ariel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/09 18:45:43 | 000,321,160 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/02/09 11:41:05 | 000,001,774 | ---- | M] () -- C:\Users\Public\Desktop\Canon IJ Network Tool.lnk
[2011/02/09 11:28:19 | 000,001,844 | ---- | M] () -- C:\Users\Public\Desktop\Canon MP Navigator EX 3.1.lnk
[2011/02/09 11:27:45 | 000,001,752 | ---- | M] () -- C:\Users\Public\Desktop\Canon My Printer.lnk
[2011/02/09 11:05:07 | 000,002,099 | ---- | M] () -- C:\Users\Public\Desktop\Canon MX340 series On-screen Manual.lnk
[2011/02/08 10:51:55 | 008,428,412 | ---- | M] () -- C:\Users\Ariel\Documents\cannon instuctions.PDF
[2011/02/08 10:46:26 | 002,890,157 | ---- | M] () -- C:\Users\Ariel\Documents\cannon mx340 networking.PDF
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/05 03:01:05 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/03/05 03:01:05 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/03/05 03:01:05 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/02/26 19:20:01 | 2616,012,800 | -HS- | C] () -- C:\hiberfil.sys
[2011/02/21 02:00:41 | 024,601,219 | ---- | C] () -- C:\Users\Ariel\Desktop\shakespearehisworldv1.pdf
[2011/02/20 14:26:53 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011/02/18 17:36:55 | 000,000,960 | ---- | C] () -- C:\Users\Ariel\Desktop\Spesoft Image Converter.lnk
[2011/02/09 11:41:05 | 000,001,774 | ---- | C] () -- C:\Users\Public\Desktop\Canon IJ Network Tool.lnk
[2011/02/09 11:40:48 | 000,014,592 | ---- | C] () -- C:\Windows\System32\CNC1741D.TBL
[2011/02/09 11:28:19 | 000,001,844 | ---- | C] () -- C:\Users\Public\Desktop\Canon MP Navigator EX 3.1.lnk
[2011/02/09 11:27:45 | 000,001,752 | ---- | C] () -- C:\Users\Public\Desktop\Canon My Printer.lnk
[2011/02/09 11:05:07 | 000,002,099 | ---- | C] () -- C:\Users\Public\Desktop\Canon MX340 series On-screen Manual.lnk
[2011/02/08 11:47:05 | 008,428,412 | ---- | C] () -- C:\Users\Ariel\Documents\cannon instuctions.PDF
[2011/02/08 10:49:31 | 002,890,157 | ---- | C] () -- C:\Users\Ariel\Documents\cannon mx340 networking.PDF
[2010/10/01 16:06:32 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2010/09/30 20:37:27 | 003,566,434 | ---- | C] () -- C:\Windows\System32\fun_avcodec.dll
[2010/09/30 20:37:27 | 000,827,392 | ---- | C] () -- C:\Windows\System32\Mpeg4System.dll
[2010/09/30 20:37:27 | 000,167,936 | ---- | C] () -- C:\Windows\System32\Mpeg4Tools.dll
[2010/09/30 20:37:27 | 000,122,880 | ---- | C] () -- C:\Windows\System32\Mpeg4DSF.dll
[2010/09/30 20:37:27 | 000,042,108 | ---- | C] () -- C:\Windows\System32\fun_avutil.dll
[2010/09/30 20:37:26 | 000,241,664 | ---- | C] () -- C:\Windows\System32\AMR.dll
[2010/09/30 20:37:26 | 000,057,344 | ---- | C] () -- C:\Windows\System32\EvrcDecDll.dll
[2010/09/30 20:37:26 | 000,057,344 | ---- | C] () -- C:\Windows\System32\AMRDSF.dll
[2010/09/30 10:19:13 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/08/03 02:59:45 | 000,000,036 | ---- | C] () -- C:\Windows\hdd.ini
[2010/07/06 10:52:54 | 000,000,036 | ---- | C] () -- C:\Users\Ariel\AppData\Local\housecall.guid.cache
[2010/05/20 23:31:20 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2009/10/07 07:24:22 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009/09/16 19:52:02 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/16 19:52:02 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/31 13:00:22 | 000,021,504 | ---- | C] () -- C:\Windows\System32\WBCustomizer.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/02/20 15:24:40 | 000,077,291 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/02/20 15:24:40 | 000,077,291 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/01/10 13:26:48 | 000,000,680 | ---- | C] () -- C:\Users\Ariel\AppData\Local\d3d9caps.dat
[2009/01/04 01:29:16 | 000,001,412 | ---- | C] () -- C:\Users\Ariel\AppData\Roaming\wklnhst.dat
[2008/11/26 19:31:40 | 000,023,552 | ---- | C] () -- C:\Users\Ariel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/19 21:46:43 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/11/19 20:40:44 | 000,007,207 | R--- | C] () -- C:\Windows\Disktool.INI
[2008/11/19 20:40:44 | 000,003,677 | R--- | C] () -- C:\Windows\PlaySnd.INI
[2008/11/13 12:10:15 | 000,027,839 | ---- | C] () -- C:\Users\Ariel\AppData\Roaming\nvModes.001
[2008/11/13 11:23:19 | 000,027,839 | ---- | C] () -- C:\Users\Ariel\AppData\Roaming\nvModes.dat
[2008/11/11 23:19:09 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/02/18 23:05:33 | 000,072,672 | ---- | C] () -- C:\Windows\System32\drivers\LxrSII1d.sys
[2008/02/18 23:05:33 | 000,049,152 | ---- | C] () -- C:\Windows\System32\LxrSII1s.exe
[2008/01/05 22:01:26 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/01/05 22:01:04 | 000,000,000 | ---- | C] () -- C:\Windows\Pool.INI
[2007/08/04 19:44:33 | 000,103,437 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/08/04 18:29:38 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 000,321,160 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,606,602 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,105,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/19 08:07:28 | 000,827,392 | ---- | C] () -- C:\Windows\vsnpstd3.exe
[2004/11/04 02:19:14 | 000,006,399 | R--- | C] () -- C:\Windows\fwupgrade.ini
[2004/02/27 15:36:18 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini

========== LOP Check ==========

[2010/09/23 19:34:49 | 000,000,000 | ---D | M] -- C:\Users\Ariel\AppData\Roaming\Ashampoo
[2010/06/13 19:45:24 | 000,000,000 | ---D | M] -- C:\Users\Ariel\AppData\Roaming\Audacity
[2010/05/24 15:48:16 | 000,000,000 | ---D | M] -- C:\Users\Ariel\AppData\Roaming\Auslogics
[2009/06/02 18:47:38 | 000,000,000 | ---D | M] -- C:\Users\Ariel\AppData\Roaming\Bullzip
[2011/02/10 14:10:42 | 000,000,000 | ---D | M] -- C:\Users\Ariel\AppData\Roaming\Canon
[2010/07/06 08:02:09 | 000,000,000 | ---D | M] -- C:\Users\Ariel\AppData\Roaming\CBS Interactive
[2010/05/02 03:01:51 | 000,000,000 | ---D | M] -- C:\Users\Ariel\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/05/01 16:16:37 | 000,000,000 | ---D | M] -- C:\Users\Ariel\AppData\Roaming\DriverCure
[2011/03/04 22:44:50 | 000,000,000 | ---D | M] -- C:\Users\Ariel\AppData\Roaming\Dropbox
[2010/05/20 22:49:39 | 000,000,000 | ---D | M] -- C:\Users\Ariel\AppData\Roaming\Easeware
[2010/06/30 04:14:23 | 000,000,000 | ---D | M] -- C:\Users\Ariel\AppData\Roaming\GetRightToGo
[2010/07/08 14:35:30 | 000,000,000 | ---D | M] -- C:\Users\Ariel\AppData\Roaming\gtk-2.0
[2010/06/23 16:18:00 | 000,000,000 | ---D | M] -- C:\Users\Ariel\AppData\Roaming\IObit
[2010/04/26 00:53:09 | 000,000,000 | ---D | M] -- C:\Users\Ariel\AppData\Roaming\JGoodies
[2010/05/30 00:11:59 | 000,000,000 | ---D | M] -- C:\Users\Ariel\AppData\Roaming\KeePass
[2010/06/07 03:19:49 | 000,000,000 | ---D | M] -- C:\Users\Ariel\AppData\Roaming\Launchy
[2009/08/26 22:10:41 | 000,000,000 | ---D | M] -- C:\Users\Ariel\AppData\Roaming\MSNInstaller
[2008/12/18 10:10:55 | 000,000,000 | ---D | M] -- C:\Users\Ariel\AppData\Roaming\muvee Technologies
[2010/10/01 17:04:05 | 000,000,000 | ---D | M] -- C:\Users\Ariel\AppData\Roaming\Pantech
[2010/04/10 17:02:45 | 000,000,000 | ---D | M] -- C:\Users\Ariel\AppData\Roaming\PingPlotter
[2010/08/03 03:00:52 | 000,000,000 | ---D | M] -- C:\Users\Ariel\AppData\Roaming\R-Wipe&Clean
[2010/07/26 18:48:27 | 000,000,000 | ---D | M] -- C:\Users\Ariel\AppData\Roaming\Softland
[2011/02/20 22:51:47 | 000,000,000 | ---D | M] -- C:\Users\Ariel\AppData\Roaming\Spesoft Image Converter
[2010/06/07 02:47:49 | 000,000,000 | ---D | M] -- C:\Users\Ariel\AppData\Roaming\Stellarium
[2010/08/15 01:31:49 | 000,000,000 | ---D | M] -- C:\Users\Ariel\AppData\Roaming\TeamViewer
[2009/01/04 01:30:39 | 000,000,000 | ---D | M] -- C:\Users\Ariel\AppData\Roaming\Template
[2010/06/13 18:42:35 | 000,000,000 | ---D | M] -- C:\Users\Ariel\AppData\Roaming\TeraCopy
[2011/02/20 14:27:45 | 000,000,000 | ---D | M] -- C:\Users\Ariel\AppData\Roaming\WeatherBug
[2011/01/10 14:31:18 | 000,000,000 | ---D | M] -- C:\Users\Ariel\AppData\Roaming\Windows Live Writer
[2010/09/23 16:46:50 | 000,000,000 | ---D | M] -- C:\Users\Ariel\AppData\Roaming\WinPatrol
[2011/02/16 04:00:59 | 000,000,382 | ---- | M] () -- C:\Windows\Tasks\AWC AutoCare.job
[2011/03/04 22:44:11 | 000,000,376 | ---- | M] () -- C:\Windows\Tasks\AWC AutoSweep.job
[2011/03/04 22:33:45 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/02/20 22:39:37 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\SmartDefrag.job
[2011/03/05 02:00:02 | 000,000,436 | ---- | M] () -- C:\Windows\Tasks\SyncBack onenotebackup.job
[2011/03/05 19:15:00 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{53900B47-A2A8-4031-9546-645CD296238C}.job
[2011/03/05 19:15:00 | 000,000,432 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{9D7127DD-B70C-421F-BD16-BEA7353FEF46}.job
[2011/02/22 01:30:08 | 000,000,406 | ---- | M] () -- C:\Windows\Tasks\Wise Disk Cleaner Schedule Task.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:0CFF5F08
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:A6CD15C3
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:538DC028
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:6B803FAA
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:77248999

< End of report >


OTL Extras logfile created on: 3/5/2011 7:11:40 PM - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\Ariel\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.62 Gb Total Space | 82.04 Gb Free Space | 58.34% Space Free | Partition Type: NTFS
Drive D: | 8.43 Gb Total Space | 2.19 Gb Free Space | 25.96% Space Free | Partition Type: NTFS

Computer Name: JAY-PC | User Name: Ariel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 1
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"" =

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"" =
"C:\Program Files\Vongo\VongoService.exe" = C:\Program Files\Vongo\VongoService.exe:*:enabled:VongoService

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C6F9605-544B-49AC-BF47-44D56CBE8A3C}" = lport=139 | protocol=6 | dir=in | app=system |
"{0DDCCE92-B863-45B2-89C4-BF47C4DDE063}" = rport=138 | protocol=17 | dir=out | app=system |
"{0EE959C9-4F8C-427F-90D1-A10D78AF9BFF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{11194F64-E6D6-4200-9A89-E811FF052D55}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{12CEFB01-9EF1-4D8E-A4D1-D0D909DDF175}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{1DF9C1BB-AA29-4843-816E-DF29C8E58434}" = rport=139 | protocol=6 | dir=out | app=system |
"{34D3B12A-9648-47D2-8C21-52EED911AF89}" = lport=445 | protocol=6 | dir=in | app=system |
"{3C3207B2-7CB5-47EB-BBA8-DB98FB97A04D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{52AFF0FB-3628-43E3-A573-4DE944F40FBE}" = lport=138 | protocol=17 | dir=in | app=system |
"{5ACBB972-FA6E-495A-9FD3-E51369AE9C02}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{66EEEC77-2A99-4F3D-8E46-2078F1424ABD}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{6F87A14E-9278-46FE-AA03-D12E1B66FB11}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{70519791-D245-4879-A708-3A1B15F7B49E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{70ADCF34-9F37-4E33-BA79-4458C02381B3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7AB2949E-B84F-4495-A0E0-CFDF293B4700}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7CF23E7F-3B9C-410C-846D-B5285745BA4C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B0834F9D-E9B7-43D6-B604-C4BB35416495}" = rport=10243 | protocol=6 | dir=out | app=system |
"{BF3BCCCD-6376-4559-9D0C-8CE44801B493}" = rport=445 | protocol=6 | dir=out | app=system |
"{CDC2C574-5EC9-4715-AC16-BBDBAE7E829F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D673DC08-E8B3-46D5-A3CC-95FC0A6749F9}" = lport=137 | protocol=17 | dir=in | app=system |
"{FADD2C2B-B5AF-44E0-8688-9B622A0407BB}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07A15658-1F48-40D0-A28A-1D60D7D5E3FD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{14E4C6F5-519A-4C7D-99C7-AE3DE5C51149}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1CF0FA9C-AE23-4C2F-9039-598A4E3343F2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2AC42B38-5369-45F4-B70E-6850DE31C68B}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{2D38BBB6-46F1-4FBE-A02E-FC90C0302680}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{316F7994-EA79-44AC-B6C5-E451226B799C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3772F8BD-C82A-49BA-A5DA-EAC03FBFCC8D}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{3FB1FA38-88A1-41BD-A613-34B27BA2F67B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{431EE99F-F731-473F-A15B-4032F0E88DD5}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{4544AC3C-8E1E-49F1-8D14-79B909AA7F88}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{51D857C9-709E-42D0-AE20-086AAAF44B36}" = protocol=6 | dir=out | app=system |
"{56E4D852-AFE3-4F2D-BCAF-DC67972DC6FB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{58EFD2FA-676C-4300-9CD9-6F0B7D6DD6DD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5C31E7D0-D89D-4BA8-BBC1-791E55433615}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{5F6CF662-30B0-4A7F-8227-430B7A4FF80E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7AB30F00-BFE2-41CA-9948-3F9DE3FC1841}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{8594A244-76FE-4BDD-A000-D1F145FE8830}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A2469DF8-AE24-45FA-9639-30697A747D16}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{A3F87F4D-289B-4E7F-9B15-49E1EC97E98C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A92B581D-9DAF-4B78-9400-6ECC3C4CAF60}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{A9CDCA96-DB47-4AD5-BB4B-967DCB4EA8BE}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{AA12C9EF-6032-4A99-A6F1-DB59A8B2875D}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{B543EB89-80E4-47EE-A978-311BF0592292}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B91F474A-715E-44A5-8B87-DDC260FC9AF2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C044B3BA-4FEA-4B01-B4B4-029888F33C8C}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{C0B7C11F-C57A-4ACB-9365-DB3CC5896EC9}" = protocol=17 | dir=in | app=c:\users\ariel\appdata\roaming\dropbox\bin\dropbox.exe |
"{C2708D1C-8E3F-4AC6-AB67-9CB79F39E144}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{C81F79AD-13FC-4833-8448-5F11DF9E2FC9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CD765C8A-348E-435A-A7A3-25A2316C3ADF}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{D0611259-2A55-4055-9213-09895B0E1A72}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{D65AF0D0-8187-4E83-B39D-B13BE19FA755}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D6AF656E-E863-40B5-8EA5-3BD6DB78E90A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D83EACF2-666A-4C1F-AE6C-15DF4E48A039}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E16F9B99-84A3-472C-9122-4AE34FF72743}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{E6A178EB-5789-4B0A-8692-FE3E7AFF2CBA}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{E8527556-A674-4324-BD14-F08F1084DA2B}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{EA41381E-6583-4484-8E1B-16B1D755A4B0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{EBDE08B9-4AE6-4C29-86A1-FC562646EAC3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{EE59828E-F8AF-42B8-A1B1-2644976D5910}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{F9DCD1DB-D86B-4BB9-838B-F4E2C4E38462}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{FBE41002-DD4A-4A89-8C62-C36F4482E099}" = protocol=6 | dir=in | app=c:\users\ariel\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{41A7B2EB-5159-4345-A035-77E297B2EBD6}C:\users\ariel\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\ariel\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{B7A27AF6-A2C0-4CC0-A6AE-1C30AF37C57D}C:\program files\hp games\wheel of fortune\wheel of fortune.exe" = protocol=6 | dir=in | app=c:\program files\hp games\wheel of fortune\wheel of fortune.exe |
"TCP Query User{DDFE9F6B-DE04-431E-8181-2EBB788B25F4}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{F5FC45E7-DF21-4494-AF53-07656F11BD68}C:\program files\everything\everything-1.2.1.371.exe" = protocol=6 | dir=in | app=c:\program files\everything\everything-1.2.1.371.exe |
"UDP Query User{1FA71FAC-3F18-4B24-B8D9-F1E6265166C0}C:\users\ariel\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\ariel\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{622BDB3A-A63A-46C8-8BBB-FFB5D3CF46D6}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{E74BE11C-5C40-401A-957E-4DC21BAFA382}C:\program files\everything\everything-1.2.1.371.exe" = protocol=17 | dir=in | app=c:\program files\everything\everything-1.2.1.371.exe |
"UDP Query User{F6BE583B-F36F-490F-9BB3-A4BAD8A40E53}C:\program files\hp games\wheel of fortune\wheel of fortune.exe" = protocol=17 | dir=in | app=c:\program files\hp games\wheel of fortune\wheel of fortune.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{005F78AF-110D-398A-8430-BE98950A1E22}" = Google Talk Plugin
"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol
"{0345CF70-FA00-4F4E-A218-0FA494F465A4}" = LightScribe Template Designs - Business Pack 1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series" = Canon MX340 series MP Drivers
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2206ECD6-F6FF-42DF-A251-CB330586D467}" = Pantech PCSuite
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 20
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{42620353-DE5E-415D-9011-81D661BB5E2C}" = Pantech PCSuite
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.2
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{54F7A791-38DE-4439-AB3F-B3F7DDA89C75}" = ESU for Microsoft Vista
"{5C474A83-A45F-470C-9AC8-2BD1C251BF9A}" = Skype™ 4.2
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{639159C2-B27B-4208-8965-D8A0AEDBDED2}" = Microsoft .NET Framework 2.0 SDK - ENU
"{648AF8B5-9F79-4ABA-8D59-83998F7E3E3F}" = Foxit Reader
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{725F0ABA-808A-4256-885C-1E60245521D0}" = LightScribe Template Designs - Sports Pack 1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A1960A82-DB70-474D-A86B-FA74466103C6}" = Drivers Install For Linksys Easylink Advisor
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F1CA85-C713-4B1F-B3B4-B2B7A6824146}" = LightScribe System Software
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AF36CE1D-FD2C-4BA0-93FA-1196785DD610}" = Adobe Flash Player 10 Plugin
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6C766E9-B26D-4D54-A22B-A52B069C6C14}" = LightScribe Template Designs - Special Occasion Pack 1
"{B9676D15-E0EC-42c2-8C16-F3D9648C44AF}" = PANTECH Handset USB Driver
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{DB0BB9FA-1B60-4036-8E29-3D56D8085256}" = WOT for Internet Explorer
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DDFD9BA2-8E26-4E49-92AE-882424DAB1BC}" = HP User Guides 0057
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Applian Director2.0" = Applian Director
"Ashampoo Burning Studio 2010 Advanced_is1" = Ashampoo Burning Studio 2010 Advanced
"Ashampoo Photo Commander 7_is1" = Ashampoo Photo Commander 7.60
"Ashampoo Snap 3_is1" = Ashampoo Snap 3.50
"Ashampoo WinOptimizer 6_is1" = Ashampoo WinOptimizer 6.60
"Belarc Advisor" = Belarc Advisor 8.1
"Bible Seeker: Darby Version Bible_is1" = Bible Seeker: Darby Version Bible
"Bible Seeker: Douay-Rheims Bible_is1" = Bible Seeker: Douay-Rheims Bible
"Bible Seeker: Jamieson-Fausset-Brown Commentary_is1" = Bible Seeker: Jamieson-Fausset-Brown Commentary
"Bible Seeker: Matthew Henry Commentary on the Whole Bible_is1" = Bible Seeker: Matthew Henry Commentary on the Whole Bible
"Bible Seeker: Updated King James Version Bible_is1" = Bible Seeker: Updated King James Version Bible
"Bible Seeker: Webster Bible_is1" = Bible Seeker: Webster Bible
"Bible Seeker: World English Bible(Hebrew Names Version)_is1" = Bible Seeker: World English Bible(Hebrew Names Version)
"Bible Seeker: Young Literal Translation Bible_is1" = Bible Seeker: Young Literal Translation Bible
"Bible Seeker_is1" = Bible Seeker 2.03
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Canon MX340 series User Registration" = Canon MX340 series User Registration
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.6 (0032)
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"FastStone Capture" = FastStone Capture 5.3
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"KeeForm2KP1_is1" = KeeForm 2.02
"Microsoft .NET Framework 2.0 SDK - ENU" = Microsoft .NET Framework 2.0 SDK - ENU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"MP Navigator EX 3.1" = Canon MP Navigator EX 3.1
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Recuva" = Recuva
"Replay Video Capture4.2" = Replay Video Capture
"Revo Uninstaller" = Revo Uninstaller 1.89
"Smart Defrag_is1" = Smart Defrag
"Speccy" = Speccy
"Spesoft Image Converter_is1" = Spesoft Image Converter 2.60
"SyncBack_is1" = SyncBack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"WinPatrol" = WinPatrol
"Wise Disk Cleaner_is1" = Wise Disk Cleaner 5.5

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3811219389-4089082538-2103765479-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CNET TechTracker" = CNET TechTracker
"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/22/2010 10:23:29 PM | Computer Name = Jay-PC | Source = VSS | ID = 8194
Description =

Error - 9/22/2010 10:24:12 PM | Computer Name = Jay-PC | Source = VSS | ID = 8194
Description =

Error - 9/22/2010 10:26:14 PM | Computer Name = Jay-PC | Source = VSS | ID = 8194
Description =

Error - 9/22/2010 10:51:24 PM | Computer Name = Jay-PC | Source = VSS | ID = 8194
Description =

Error - 9/23/2010 9:34:46 PM | Computer Name = Jay-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 9/23/2010 9:34:46 PM | Computer Name = Jay-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 9/24/2010 1:05:29 AM | Computer Name = Jay-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 9/24/2010 1:05:29 AM | Computer Name = Jay-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 9/24/2010 1:05:29 AM | Computer Name = Jay-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 9/24/2010 1:05:29 AM | Computer Name = Jay-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ Media Center Events ]
Error - 4/13/2009 3:36:37 PM | Computer Name = Jay-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 4/29/2009 3:36:54 PM | Computer Name = Jay-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/4/2009 10:40:25 PM | Computer Name = Jay-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 6/15/2010 3:32:27 PM | Computer Name = Jay-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/26/2010 9:42:23 AM | Computer Name = Jay-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 1 seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/11/2010 7:33:08 PM | Computer Name = Jay-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 13, Application Name: Microsoft Office OneNote, Application Version:
12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11620
seconds with 120 seconds of active time. This session ended with a crash.

Error - 9/3/2010 11:05:45 PM | Computer Name = Jay-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 13, Application Name: Microsoft Office OneNote, Application Version:
12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 99639
seconds with 5040 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 3/5/2011 12:25:28 AM | Computer Name = Jay-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 3/5/2011 12:25:42 AM | Computer Name = Jay-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 3/5/2011 12:26:17 AM | Computer Name = Jay-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/5/2011 12:26:59 AM | Computer Name = Jay-PC | Source = DCOM | ID = 10016
Description =

Error - 3/5/2011 12:27:06 AM | Computer Name = Jay-PC | Source = DCOM | ID = 10016
Description =

Error - 3/5/2011 12:43:28 AM | Computer Name = Jay-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 3/5/2011 12:43:43 AM | Computer Name = Jay-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 3/5/2011 12:44:15 AM | Computer Name = Jay-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/5/2011 12:45:13 AM | Computer Name = Jay-PC | Source = DCOM | ID = 10016
Description =

Error - 3/5/2011 12:45:16 AM | Computer Name = Jay-PC | Source = DCOM | ID = 10016
Description =


< End of report >

Nooo - I'm not running multiple real time antisoftware I've evolved past that error.


My momma said I'm not too bright --but I can lift heavy things.


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,092 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:43 PM

Posted 06 March 2011 - 06:05 AM

Hi, thats looking pretty good! :)

UPDATE JAVA
------------------
Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 24 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u24-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.



MALWAREBYTES ANTIMALWARE
-------------------------------------------
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,092 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:43 PM

Posted 16 March 2011 - 12:50 PM

Hi, are you still there?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,092 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:43 PM

Posted 27 March 2011 - 04:58 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users