Jump to content

Recommended Posts

Posted

OTL Extras logfile created on: 3/6/2010 1:41:20 PM - Run 1

OTL by OldTimer - Version 3.1.34.0 Folder = C:\Users\Judy Holsclaw\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18882)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

5.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 57.00% Memory free

10.00 Gb Paging File | 7.00 Gb Available in Paging File | 76.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 687.22 Gb Total Space | 506.84 Gb Free Space | 73.75% Space Free | Partition Type: NTFS

Drive D: | 11.41 Gb Total Space | 1.52 Gb Free Space | 13.33% Space Free | Partition Type: NTFS

Drive E: | 4.35 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: JUDYHOLSCLAW-PC

Current User Name: Judy Holsclaw

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Include 64bit Scans

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

  • Replies 122
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Posted Images

Posted

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Posted

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

Posted

========== Security Center Settings ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"UacDisableNotify" = 0

"InternetSettingsDisableNotify" = 0

"AutoUpdateDisableNotify" = 0

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

"VistaSp2" = 8D C8 73 F1 EA 4C CA 01 [binary data]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"oobe_av" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

========== Authorized Applications List ==========

 

 

========== Vista Active Open Ports Exception List ==========

Posted

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{06934412-3AEF-4F97-AB53-63C4651D6FF9}" = lport=10243 | protocol=6 | dir=in | app=system |

"{0A772C1A-3FF3-4370-9F63-6B00DD8FF51F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{2BB612B2-70A0-4ADF-9D1A-18FE43871F25}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{44C0F741-39DF-43DC-A205-DADAF8002920}" = lport=2869 | protocol=6 | dir=in | app=system |

"{55AB1C88-15B8-4DD0-A867-8B899FB963FB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{5EA7BA45-4EB7-4D85-B9B8-D5380A4AD4BD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{6DB0112B-DEA7-47D3-8C77-EEBA75B174F3}" = lport=2869 | protocol=6 | dir=in | app=system |

"{7460292D-4BA2-4BD7-A1B9-A86D4F1B9C5C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{78EDA175-38C7-4694-BC54-86459D8F5A0E}" = rport=10243 | protocol=6 | dir=out | app=system |

"{C1E34C96-316D-46D8-AA79-827FA6C4D639}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{E9B96097-0F2D-47E9-8BC6-A118665DD91E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{053898F2-E363-4074-BA8B-FC769583F6E9}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{05B14F5D-746D-4093-B3D4-CA06BCDE0475}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |

"{0D17F36B-79BD-40C7-8AAC-04873279B557}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{0F07E5C0-3BDB-4456-BDC8-2FB3434FE4CA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{1A8A7148-C885-45DF-848E-EDAEF997208E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{1C571399-158C-4E7E-BB43-9D260D5AD562}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |

"{1C898D93-5DA0-40C5-B996-0C6EDFA6CC36}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{22C5161E-BFD8-4408-B328-E59F6501C72B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |

"{341FA6AB-D990-40DA-B7F9-8FDA9BAE51F2}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |

"{3A695766-6CDC-42BC-B0BC-005765192789}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{3E49E2DF-4446-4F09-BDF6-E35C405EDBC6}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |

"{3E855EF9-5F1C-406D-B9DB-614CD4F8C873}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{40442F0F-13FE-42BE-9FD2-74763074567F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{4CC57CE9-D94B-4609-AB13-F26AF089793F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |

"{546A5462-572E-44CB-9EF3-A2F2845CF891}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |

"{5734EE99-21B2-4F84-8A88-4D8EADCD3BDE}" = dir=in | app=c:\program files (x86)\avg\avg9\avgupd.exe |

"{59E42BA2-E00E-4D42-B4D5-A9D3B38B908C}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |

"{5CF14097-52F8-4FA7-BF9A-FCC5D6976791}" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |

"{5E62C4E1-D8D7-46A5-8E80-187DF10A0D96}" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |

"{5F264FF4-D60D-428A-9340-95C658BBD97E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |

"{62965951-39C8-4DDB-A08B-FEEFD5971E0F}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |

"{62D0613E-A010-4EDE-8A85-06C29DA9C261}" = dir=in | app=c:\program files (x86)\avg\avg9\avgemc.exe |

"{6306984E-9A1D-4D08-BA49-2D514832FB89}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{6381712F-202D-46BB-9679-CF3EE9AE052D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{6848B486-5197-487E-A8C0-A29488134B17}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{6CB9B2E8-C0F6-4F20-A402-3DB18B725DCA}" = dir=in | app=c:\program files (x86)\myspace\im\myspaceim.exe |

"{70B3B8EA-8343-41E9-8DD1-80749EBBA1C0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |

"{78B2EA1E-F2D6-4CFC-B9A4-5D4A8B0991FC}" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |

"{7F2F1BED-FE06-4AFB-9B90-4686F0A93100}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{80DA051F-B96D-42AE-88B0-4763A30934F2}" = protocol=6 | dir=out | app=system |

"{903A8190-5836-4BEE-A29D-8C81D77F918F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |

"{9750E1B3-C6C4-490B-A5CE-BAFC147FF06E}" = dir=in | app=c:\program files (x86)\avg\avg9\avgnsa.exe |

"{9D698DA2-45CE-4202-B5A5-CF311B642D6E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{9FB8F8E7-5AE3-4050-BA68-D5A1688E8DB6}" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |

"{A0697D8F-0798-4D78-ACDF-1C2C61E5AA4C}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |

"{A1D15574-90BA-4720-80D3-311B09802383}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{A233EF87-A603-4CE5-8377-EDC63AD83125}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |

"{A6064472-FF35-4637-8CAD-05AAA907F0DF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{A71E6ADE-0BE0-4892-ABCC-60E298312E34}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{A9F066FE-15FC-466E-A991-494EE03E659E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |

"{AA114378-9C75-4034-99E2-AEB966F3B2A3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{AF5AEC62-678B-420B-B182-9A5CF200CE8E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{B14AA0CB-5406-44FD-A34F-902F3B93382D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{B2D0AD7A-D75F-4BC1-A782-2F7AF3526B12}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |

"{B609C569-7F2E-45A0-A23A-45E945068A89}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |

"{B6F78F6E-104C-4790-AB24-A281965988CC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |

"{CEE491DA-264E-4380-A535-20DF3936518F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |

"{D119F750-9BC3-4BDF-90BB-42A51CF47562}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |

"{D425B5D6-8B9E-4440-BE22-2436F3447337}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{D4E4FA41-A6DF-4D66-B8CE-102569DE3B78}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |

"{D83C6DAC-7E56-48E1-809C-B4C1DF09C27B}" = dir=in | app=c:\program files (x86)\myspace\im\myspaceim.exe |

"{DA1288A7-B446-470C-BBD8-4633CEA738E3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{DC02BBBA-E3B2-477C-8977-D2651D973993}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{E48911D1-5885-46CD-A517-905B638A8FEF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{E9598772-566F-4844-93D5-78751613FDE0}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{EB3168B0-8207-4394-A639-9610A9C5E471}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |

"{F0A1FB17-0596-4248-9DB9-D04CCAECF6F8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |

"{F11A332D-3D85-44C3-B3BC-5F9C6AEC098B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{F3B6EE02-8839-485F-90D4-DA47114FC625}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |

"{F725AF7C-7132-41C9-BA4B-D16A9D9FCCF7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |

"TCP Query User{109F7A15-B371-4EF9-A948-413A6818A274}C:\users\judy holsclaw\appdata\local\temp\ccug.exe" = protocol=6 | dir=in | app=c:\users\judy holsclaw\appdata\local\temp\ccug.exe |

"TCP Query User{18D11887-1A27-4974-837F-C49BD3ED8A03}C:\users\judy holsclaw\documents\my received files\teamviewer.exe" = protocol=6 | dir=in | app=c:\users\judy holsclaw\documents\my received files\teamviewer.exe |

"TCP Query User{720BAA10-77B7-4608-8A77-FC953AC08C9F}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |

"TCP Query User{82ED219D-C5D1-4158-AE55-3AF8A2FC19C1}C:\users\judy holsclaw\desktop\pictures\videos\school\bs2-20081014\burningsand2.exe" = protocol=6 | dir=in | app=c:\users\judy holsclaw\desktop\pictures\videos\school\bs2-20081014\burningsand2.exe |

"TCP Query User{95A46E36-D58C-46EE-A720-AAD5F72D5982}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |

"UDP Query User{60FAC156-58CB-4123-8E1D-F1F471F4B2D4}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |

"UDP Query User{64BDD8C1-F739-4B1D-9E2B-CFA3106CBD09}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |

"UDP Query User{908500DC-058A-4A60-BAC6-E093516C12EA}C:\users\judy holsclaw\appdata\local\temp\ccug.exe" = protocol=17 | dir=in | app=c:\users\judy holsclaw\appdata\local\temp\ccug.exe |

"UDP Query User{C55B182A-4631-48A1-90D7-301D351D454F}C:\users\judy holsclaw\documents\my received files\teamviewer.exe" = protocol=17 | dir=in | app=c:\users\judy holsclaw\documents\my received files\teamviewer.exe |

"UDP Query User{CF6FB107-B676-4139-A8C9-4F42534B202E}C:\users\judy holsclaw\desktop\pictures\videos\school\bs2-20081014\burningsand2.exe" = protocol=17 | dir=in | app=c:\users\judy holsclaw\desktop\pictures\videos\school\bs2-20081014\burningsand2.exe |

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

Posted

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{249E9ED4-1C67-4DA5-9E39-F0F09AFD93B7}" = Logitech QuickCam

"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{78F697ED-EC97-4D8D-881D-838984EA9855}" = 64 Bit HP CIO Components Installer

"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Client for Internet Explorer 1.03.02

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{C9A7340B-1EFD-42A6-9A27-243C50E57FA4}_is1" = HP Demo

"{CD0773D5-C18E-495c-B39B-21A96415EDD5}" = HP Officejet J4500 Series

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"CNXT_MODEM_PCI_HSF" = PCIe Soft Data Fax Modem with SmartCP

"CutePDF Writer Installation" = CutePDF Writer 2.7

"HP Document Manager" = HP Document Manager 1.0

"HP Imaging Device Functions" = HP Imaging Device Functions 10.0

"HP Photosmart Essential" = HP Photosmart Essential 2.5

"HP Smart Web Printing" = HP Smart Web Printing 4.60

"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0

"HPExtendedCapabilities" = HP Customer Participation Program 10.0

"HPOCR" = OCR Software by I.R.I.S. 10.0

"lvdrivers_11.80" = Logitech QuickCam Driver Package

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"NVIDIA Drivers" = NVIDIA Drivers

Posted

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status

"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5

"{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware

"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0

"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox

"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library

"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 16

"{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini

"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt

"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth

"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)

"{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler

"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE

"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup

"{398E8625-6F3A-4C54-B54C-28F0ABB89774}" = BPD_HPSU

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore

"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg

"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter

"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001

"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater

"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features

"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In

"{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help

"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan

"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA

"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2

"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail

"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext

"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc

"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7396F7C8-EDD8-4473-BF6A-2CE4996716E1}" = JavaFX 1.1 SDK

"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software

"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder

"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS

"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini

"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

Posted

"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse

"{98BAE2F8-2045-4736-BD9E-FCADD83003C5}" = DigitalPersona Privacy Manager

"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL

"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp

"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback

"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{ABE068DF-8DC4-4947-ABFC-DD2B40850225}" = SFR2

"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2

"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK

"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook

"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore

"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5

"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements

"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver

"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1

"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr

"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch

"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software

"{D49B0B95-DF54-40E9-9169-8BB6A6A1E03F}" = The Print Shop 23

"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery

"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component

"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR

"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page

"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips

"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform

"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax

"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery

"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK

"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call

"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS

"{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup

"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock

"{FDDB69BB-2F9A-4830-A579-ABBB7C5AF9A8}" = muvee autoProducer 6.1

"{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500

"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner

"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player

"AT&&T Yahoo! Messenger" = AT&T Yahoo! Messenger

"AVG9Uninstall" = AVG Free 9.0

"AVS Audio Converter 5.1_is1" = AVS Audio Converter version 5.1

"AVS Media Player_is1" = AVS Media Player 3.1

"AVS Update Manager_is1" = AVS Update Manager 1.0

"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3

"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6

"CCleaner" = CCleaner

"Coupon Printer for Windows4.0" = Coupon Printer for Windows

"ESET Online Scanner" = ESET Online Scanner v3

"Google Chrome" = Google Chrome

"Google Updater" = Google Updater

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"HotspotShield" = Hotspot Shield 1.17

"Imikimi Plugin" = Imikimi Plugin

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector

"LimeWire" = LimeWire 5.1.2

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Morpheus Photo Morpher_is1" = Morpheus Photo Morpher v3.11

"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)

"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools

"PKR" = PKR

"Pro Media Director_is1" = Pro Media Director Version 2.0.0.1

"QuickTime" = QuickTime

"Search Guard Plus" = Search Guard Plus (My Web Tattoo)

"Search Guard Plus Updater" = Search Guard Plus Updater (My Web Tattoo)

"sp41119" = sp41119

"Stamp" = Stamp ID3 Tag Editor

"TBSB07183.TBSB07183Toolbar" = Fast Browser Search (My Web Tattoo)

"ToolBox" = NCH Toolbox

"V CAST Music with Rhapsody" = V CAST Music with Rhapsody

"WavePad" = WavePad Sound Editor

"WebPost" = Microsoft Web Publishing Wizard 1.52

"WildTangent hp Master Uninstall" = My HP Games

"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner

"WinLiveSuite_Wave3" = Windows Live Essentials

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Facebook Plug-In" = Facebook Plug-In

"Move Media Player" = Move Media Player

"myPhotopipe ROES" = myPhotopipe ROES

Posted

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 10/14/2009 1:27:40 PM | Computer Name = JudyHolsclaw-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

 

Error - 10/14/2009 1:27:40 PM | Computer Name = JudyHolsclaw-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

 

Error - 10/14/2009 1:27:44 PM | Computer Name = JudyHolsclaw-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

 

Error - 10/14/2009 1:27:44 PM | Computer Name = JudyHolsclaw-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

 

Error - 10/14/2009 1:27:58 PM | Computer Name = JudyHolsclaw-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

 

Error - 10/14/2009 1:27:58 PM | Computer Name = JudyHolsclaw-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

 

Error - 10/14/2009 7:42:37 PM | Computer Name = JudyHolsclaw-PC | Source = Application Error | ID = 1000

Description = Faulting application WLXQuickTimeControlHost.exe, version 14.0.8064.206,

time stamp 0x498cf80c, faulting module QuickTime.qts, version 5.0.1.10, time stamp

0x3ad4ae99, exception code 0xc0000005, fault offset 0x002f1312, process id 0x2fd0,

application start time 0x01ca4d2800e4ccfd.

 

Error - 10/14/2009 10:04:35 PM | Computer Name = JudyHolsclaw-PC | Source = Application Error | ID = 1000

Description = Faulting application YahooMessenger.exe, version 9.0.0.2162, time

stamp 0x4a1cb91c, faulting module MSVCR80.dll, version 8.0.50727.4016, time stamp

0x49cc5361, exception code 0x40000015, fault offset 0x000046b4, process id 0x149c,

application start time 0x01ca4ceb11246c7d.

 

Error - 10/15/2009 7:24:48 AM | Computer Name = JudyHolsclaw-PC | Source = WinMgmt | ID = 10

Description =

 

Error - 10/15/2009 7:28:14 AM | Computer Name = JudyHolsclaw-PC | Source = HP AdvisorUpdate | ID = 0

Description = Could not find a part of the path 'C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd'.

at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String

path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare

share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String

msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode

mode, FileAccess access, FileShare share, Int32 bufferSize) at System.Xml.XmlDownloadManager.GetStream(Uri

uri, ICredentials credentials) at System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri,

String role, Type ofObjectToReturn) at System.Xml.XmlReader.Create(String inputUri,

XmlReaderSettings settings, XmlParserContext inputContext) at System.Xml.Schema.XmlSchemaSet.Add(String

targetNamespace, String schemaUri) at HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String

path) ValidateDocument failed Business\SearchTargets.xml

 

[ Media Center Events ]

Error - 5/6/2009 10:32:02 AM | Computer Name = JudyHolsclaw-PC | Source = Media Center Guide | ID = 0

Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError

returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

 

Error - 8/13/2009 7:31:07 PM | Computer Name = JudyHolsclaw-PC | Source = Media Center Guide | ID = 0

Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError

returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

 

[ System Events ]

Error - 3/5/2010 2:21:59 PM | Computer Name = JudyHolsclaw-PC | Source = Application Popup | ID = 1060

Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been

blocked from loading due to incompatibility with this system. Please contact your

software vendor for a compatible version of the driver.

 

Error - 3/5/2010 2:22:11 PM | Computer Name = JudyHolsclaw-PC | Source = volmgr | ID = 262190

Description = Crash dump initialization failed!

 

Error - 3/5/2010 2:22:35 PM | Computer Name = JudyHolsclaw-PC | Source = Service Control Manager | ID = 7009

Description =

 

Error - 3/5/2010 2:22:35 PM | Computer Name = JudyHolsclaw-PC | Source = Service Control Manager | ID = 7000

Description =

 

Error - 3/5/2010 2:22:35 PM | Computer Name = JudyHolsclaw-PC | Source = Service Control Manager | ID = 7003

Description =

 

Error - 3/5/2010 2:22:35 PM | Computer Name = JudyHolsclaw-PC | Source = Service Control Manager | ID = 7000

Description =

 

Error - 3/5/2010 2:24:00 PM | Computer Name = JudyHolsclaw-PC | Source = Service Control Manager | ID = 7022

Description =

 

Error - 3/5/2010 2:24:00 PM | Computer Name = JudyHolsclaw-PC | Source = Service Control Manager | ID = 7026

Description =

 

Error - 3/5/2010 4:21:01 PM | Computer Name = JudyHolsclaw-PC | Source = WMPNetworkSvc | ID = 866333

Description =

 

Error - 3/5/2010 8:50:41 PM | Computer Name = JudyHolsclaw-PC | Source = WMPNetworkSvc | ID = 866333

Description =

 

 

< End of report >

Posted

Hi Judy,

Thanks for the explanation.

I didn't want to remove anything that was actually legit.....now i know that 'Trojans' is the name of the team. http://fc06.deviantart.com/fs4/i/2004/250/7/1/ROFL_by_b4sti.gif

Back soon.

Member of:

UNITE

Posted

Hi Judy,

 

P2P Warning

Please note that as long as you're using any form of Peer-to-Peer networking (Morpheus, Ares, Limewire, Bit Torrent etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur.

Once upon a time, P2P file sharing was fairly safe. That is no longer true.

P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

 

Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use.

When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

 

You may decide to continue P2P sharing, but keep in mind that this practice may be the source of future malware infestation.

If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we may refuse to help you.

 

Step 1

Double click on OTL.exe to run it.

Copy the lines in the codebox below. (make sure that :Otl is on the first line )

:Otl
PRC - C:\Program Files (x86)\Kiwee Toolbar\2.8.167\kwtbaim.exe (AG Interactive)
FF - HKLM\software\mozilla\Firefox\Extensions\\toolbar@ kiwee.com: C:\Program Files (x86)\Kiwee Toolbar\2.8.167\firefox [2010/02/23 01:20:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr @mywebsearch.com: C:\Program Files (x86)\MyWebSearch\bar\1.bin File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Kiwee Toolbar) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files (x86)\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll (AG Interactive)
O2 - BHO: (Search Assistant) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll (MTWB)
O3 - HKLM\..\Toolbar: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Kiwee Toolbar) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files (x86)\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll (AG Interactive)
O3 - HKCU\..\Toolbar\WebBrowser: (Kiwee Toolbar) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files (x86)\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll (AG Interactive)
O4 - HKLM..\Run: [KiweeHook] C:\Program Files (x86)\Kiwee Toolbar\2.8.167\kwtbaim.exe (AG Interactive)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab  (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O33 - MountPoints2\{167c2893-2e39-11dd-ac34-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{167c2893-2e39-11dd-ac34-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autodisable.exe -- [2005/07/07 18:12:51 | 000,040,960 | R--- | M] ()
O33 - MountPoints2\{1e3ee03e-a2b4-11dd-8a73-001fc68a00cc}\Shell - "" = AutoRun
O33 - MountPoints2\{1e3ee03e-a2b4-11dd-8a73-001fc68a00cc}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -- File not found
O33 - MountPoints2\{49bd90a3-c249-11dd-9699-001fc68a00cc}\Shell - "" = AutoRun
O33 - MountPoints2\{49bd90a3-c249-11dd-9699-001fc68a00cc}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O33 - MountPoints2\M\Shell - "" = AutoRun
O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\LaunchU3.exe -- File not found
2010/02/14 22:18:32 | 000,000,000 | ---D | C] -- C:\Users\Judy Holsclaw\AppData\Local\Kiwee Toolbar
[2010/02/22 20:58:15 | 000,009,870 | -HS- | M] () -- C:\Users\Judy Holsclaw\AppData\Local\e1wnOl
[2008/11/14 23:28:13 | 000,034,304 | ---- | C] () -- C:\Users\Judy Holsclaw\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:9D718DA3

:commands
[emptytemp]
[purity]
[EMPTYFLASH]

  • Return to OTL,
  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.
     
    http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
     
  • Click the red Run Fix button.
     
    http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png
     
  • OTL will reboot your system once the fix has completed.
  • After the reboot, you may need to double click OTL to launch the program and retrieve the log.

 

Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

 

Thanks

Member of:

UNITE

Posted

All processes killed

========== OTL ==========

No active process named Program Files was found!

Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\toolbar@ kiwee.com not found.

C:\Program Files (x86)\Kiwee Toolbar\2.8.167\firefox\defaults\preferences folder moved successfully.

C:\Program Files (x86)\Kiwee Toolbar\2.8.167\firefox\defaults folder moved successfully.

C:\Program Files (x86)\Kiwee Toolbar\2.8.167\firefox\components folder moved successfully.

C:\Program Files (x86)\Kiwee Toolbar\2.8.167\firefox folder moved successfully.

Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr @mywebsearch.com not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}\ deleted successfully.

C:\Program Files (x86)\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0626A63-410B-45E2-99A1-3F2475B2D695}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0626A63-410B-45E2-99A1-3F2475B2D695}\ not found.

C:\Program Files\SGPSA\BHO.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1BB22D38-A411-4B13-A746-C2A4F4EC7344} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}\ not found.

File C:\Program Files (x86)\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}\ not found.

File C:\Program Files (x86)\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KiweeHook deleted successfully.

C:\Program Files (x86)\Kiwee Toolbar\2.8.167\kwtbaim.exe moved successfully.

Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}

C:\Windows\Downloaded Program Files\erma.inf moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.

Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}

C:\Windows\Downloaded Program Files\gp.inf not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{167c2893-2e39-11dd-ac34-806e6f6e6963}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{167c2893-2e39-11dd-ac34-806e6f6e6963}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{167c2893-2e39-11dd-ac34-806e6f6e6963}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{167c2893-2e39-11dd-ac34-806e6f6e6963}\ not found.

File move failed. E:\Autodisable.exe scheduled to be moved on reboot.

Posted

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e3ee03e-a2b4-11dd-8a73-001fc68a00cc}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1e3ee03e-a2b4-11dd-8a73-001fc68a00cc}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e3ee03e-a2b4-11dd-8a73-001fc68a00cc}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1e3ee03e-a2b4-11dd-8a73-001fc68a00cc}\ not found.

File M:\LaunchU3.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49bd90a3-c249-11dd-9699-001fc68a00cc}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49bd90a3-c249-11dd-9699-001fc68a00cc}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49bd90a3-c249-11dd-9699-001fc68a00cc}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49bd90a3-c249-11dd-9699-001fc68a00cc}\ not found.

File K:\LaunchU3.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\M\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\M\ not found.

File M:\LaunchU3.exe not found.

C:\Users\Judy Holsclaw\AppData\Local\e1wnOl moved successfully.

C:\Users\Judy Holsclaw\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.

ADS C:\ProgramData\TEMP:9D718DA3 deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33237 bytes

->Flash cache emptied: 84 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Judy Holsclaw

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 10215893 bytes

->Java cache emptied: 48480985 bytes

->FireFox cache emptied: 56798059 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 2726 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 240272 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 110.00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: Default

->Flash cache emptied: 0 bytes

 

User: Default User

->Flash cache emptied: 0 bytes

 

User: Judy Holsclaw

->Flash cache emptied: 0 bytes

 

User: Public

 

Total Flash Files Cleaned = 0.00 mb

 

 

OTL by OldTimer - Version 3.1.34.0 log created on 03072010_152736

Files\Folders moved on Reboot...

File move failed. E:\Autodisable.exe scheduled to be moved on reboot.

File\Folder C:\Users\Judy Holsclaw\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(366)\Content.IE5\YGRJX5Z1\;type=direc569;cat=confi718;qty=1;cost=19.95;u6=1;u5=99[1].90;u4=H&R%20Block%20At%20Home%2009%20Basic%20Win;u3=156614800;u2=8477160314;u1=;ord=8477160314 not found!

File\Folder C:\Users\Judy Holsclaw\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(366)\Content.IE5\CYWH9NC8\;cost=119.95;u6=1;u5=99[1].90;u4=Kaspersky%20Internet%20Security%202010%20(1-3%20PCs,%202%20Year%20Renewal);u3=173883400;u2=8477160314;u1=;ord=8477160314 not found!

C:\Users\Judy Holsclaw\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SC4AT0M9\ads[3].htm moved successfully.

C:\Users\Judy Holsclaw\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SC4AT0M9\ads[5].htm moved successfully.

C:\Users\Judy Holsclaw\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SC4AT0M9\private[2].htm moved successfully.

C:\Users\Judy Holsclaw\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SC4AT0M9\zpu[1].htm moved successfully.

C:\Users\Judy Holsclaw\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KRRATMHG\aclk[1].htm moved successfully.

C:\Users\Judy Holsclaw\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KRRATMHG\ads[2].htm moved successfully.

C:\Users\Judy Holsclaw\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KRRATMHG\city[1].htm moved successfully.

C:\Users\Judy Holsclaw\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KRRATMHG\city[2].htm moved successfully.

C:\Users\Judy Holsclaw\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KRRATMHG\index[1].html moved successfully.

C:\Users\Judy Holsclaw\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F3IIQ11C\ads[5].htm moved successfully.

C:\Users\Judy Holsclaw\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F3IIQ11C\ads[7].htm moved successfully.

C:\Users\Judy Holsclaw\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F3IIQ11C\zpu[1].htm moved successfully.

C:\Users\Judy Holsclaw\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CM4YI6AC\9319-pyagcore-search-2[1].html moved successfully.

C:\Users\Judy Holsclaw\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CM4YI6AC\ff2[1].htm moved successfully.

C:\Users\Judy Holsclaw\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CM4YI6AC\ff2[2].htm moved successfully.

C:\Users\Judy Holsclaw\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Posted
is it ok to keep the supper antispyware and the spy bot , malwarebytes on my computer to run some to keep things off of my computer?
Posted

Hi Judy,

 

is it ok to keep the supper antispyware and the spy bot , malwarebytes on my computer to run some to keep things off of my computer?
I'd keep SuperAntiSpyware and Malwarebytes Anti Malware.

SpyBot is not the program it used to be and isn't effective against the newer malware.

Whether you decide to remove it is up to you though.

If you do want to remove it, you'll have to disable the 'TeaTimer' first.

 

Open Spybot and click on 'Mode' then click 'Advanced Mode'.

Click on 'Tools' in bottom left hand corner.

Click on the 'System Startup' icon.

Uncheck 'Teatimer' box and/or uncheck 'Resident'.

Then, check next to the computer clock to see if the icon for Spybot is still there.

If it is, right click it and choose 'exit Spybot-S&D Resident'.

 

Reboot the computer.

 

Then remove Spybot.

-----------------

Let's get a fresh scan with Malwarebytes now:

 

Please update MBAM and run another scan:

Start MBAM

Click on the Update tab >> click Search for Updates

If it says that MBAM needs to close to update it... let it close and then restart.

On restart >> click the Scan button.

 

Don't forget:

  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

 

Let me have the MBAM scan report in your next reply.

 

Thanks

Member of:

UNITE

Posted

Malwarebytes' Anti-Malware 1.44

Database version: 3833

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18882

3/7/2010 8:56:35 PM

mbam-log-2010-03-07 (20-56-35).txt

Scan type: Full Scan (C:\|D:\|)

Objects scanned: 353142

Time elapsed: 1 hour(s), 9 minute(s), 58 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Posted

well i did everything right just like u said. I downloaded the msn messenger and it still will not open. i got a message it reads----

a kiwee heads up. there was an error with yahoo messenger and your kiwee toolbar needs to go bye bye for now.

would you like to send this eror message in order to help improved the toolbar?

 

i click on dont send and nothing happen so when i click on snde i got an error <NULL>

 

do i need to unistall msn again?

i click on the messenger but nothing will open up

 

the yahoo messeger is working fine. I guess its not ment for me to have mssn any more

 

see u to morrow.

judy

Posted

Starbuck do you think it would help if Judy installed the latest version of the kiwee toolbar in order to uninstall it properly? As I said when I tested it it uninstalled fairly clean and my messenger works.

 

I ask because I see a lot of kiwee entries in the logs. I also see myweb, party poker and limewire exe.

 

Just asking.

We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.

Get help with computer problems. Join Free PC Help here

 

Donations are welcome. Read Here

Posted

Randy it says my yahoo messenger kiwee toolbar, do not understand why this is affecting my msn messenger? The yahoo messenger is working ok . The sound keeps going in and out when talking sometimes.

I only install the msn live messenger and it will not open. a erro pops up when booted up computer today and when i tride to open msn messenger <NULL> that is what is poping up. that is all it is showing.

i guess i have a mess here lol sorry i am taking up all your time and starvuck time on this. But i do appreaciate it very much

Posted
I ask because I see a lot of kiwee entries in the logs. I also see myweb, party poker and limewire exe.
Yes there was a lot of entries.

The Kiwee and Web search entries were removed in post #36 and confirmed in post #37.

I deliberately didn't remove party poker because Judy had stated that she used these.

Although not stated here... Judy did PM me and say that Limewire had been removed.

 

I'd like to find out what link you are using to download msn messenger, is it this one:

Messenger - Windows Live

 

If it's not.... try the link i've provided.

 

Let's get another OTL scan done using the instructions below.

 

Double click on OTL.exe to run it.

  • Under Extra Registry section, select Use SafeList.
  • Don't check the boxes beside 'LOP Check' and 'Purity Check' this time.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply.

 

Thanks

Member of:

UNITE

Posted

OTL Extras logfile created on: 3/8/2010 6:06:33 PM - Run 2

OTL by OldTimer - Version 3.1.34.0 Folder = C:\Users\Judy Holsclaw\Desktop\OTL

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18882)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

5.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 46.00% Memory free

10.00 Gb Paging File | 7.00 Gb Available in Paging File | 71.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 687.22 Gb Total Space | 507.95 Gb Free Space | 73.91% Space Free | Partition Type: NTFS

Drive D: | 11.41 Gb Total Space | 1.52 Gb Free Space | 13.33% Space Free | Partition Type: NTFS

Drive E: | 4.35 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Posted

OTL logfile created on: 3/8/2010 7:12:04 PM - Run 3

OTL by OldTimer - Version 3.1.34.0 Folder = C:\Users\Judy Holsclaw\Desktop\OTL

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18882)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

5.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 42.00% Memory free

10.00 Gb Paging File | 7.00 Gb Available in Paging File | 69.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 687.22 Gb Total Space | 507.92 Gb Free Space | 73.91% Space Free | Partition Type: NTFS

Drive D: | 11.41 Gb Total Space | 1.52 Gb Free Space | 13.33% Space Free | Partition Type: NTFS

Drive E: | 4.35 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: JUDYHOLSCLAW-PC

Current User Name: Judy Holsclaw

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Include 64bit Scans

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 

========== Processes (SafeList) ==========

 

PRC - C:\Users\Judy Holsclaw\Desktop\OTL\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)

PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files (x86)\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)

PRC - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

PRC - C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)

PRC - C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()

PRC - C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe (Logitech Inc.)

PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)

PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Users\Judy Holsclaw\Desktop\OTL\OTL.exe (OldTimer Tools)

MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)

MOD - C:\Windows\Temp\logishrd\LVPrcInj01.dll (Logitech Inc.)

 

 

========== Win32 Services (SafeList) ==========

 

SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)

SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

SRV:64bit: - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSer64.exe (Logitech Inc.)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV:64bit: - (XAudioService) -- C:\Windows\SysNative\DRIVERS\xaudio64.exe (Conexant Systems, Inc.)

SRV - (avg9emc) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)

SRV - (avg9wd) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)

SRV - (AGWinService) -- C:\Program Files (x86)\AGI\common\win32\PythonService.exe ()

SRV - (HssTrayService) -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.exe ()

SRV - (HotspotShieldService) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe ()

SRV - (HssSrv) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)

SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006/11/02 08:34:14 | 000,000,000 | ---D | M]

SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()

SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof ()

Posted

========== Driver Services (SafeList) ==========

 

DRV:64bit: - (AvgTdiA) -- C:\Windows\SysNative\Drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (AvgLdx64) -- C:\Windows\SysNative\Drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (AvgMfx64) -- C:\Windows\SysNative\Drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)

DRV:64bit: - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\SysNative\drivers\usbaudio.sys (Microsoft Corporation)

DRV:64bit: - (LVUVC64) Logitech QuickCam S5500(UVC) -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys (Logitech Inc.)

DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)

DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\DRIVERS\lvrs64.sys (Logitech Inc.)

DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys ()

DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys ()

DRV:64bit: - (CAXHWBS3) -- C:\Windows\SysNative\DRIVERS\CAXHWBS3.sys (Conexant Systems, Inc.)

DRV:64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys (Conexant Systems, Inc.)

DRV:64bit: - (HSF_DP) -- C:\Windows\SysNative\DRIVERS\CAX_DP.sys (Conexant Systems, Inc.)

DRV:64bit: - (XAudio) -- C:\Windows\SysNative\DRIVERS\xaudio64.sys (Conexant Systems, Inc.)

DRV:64bit: - (USBModem) -- C:\Windows\SysNative\DRIVERS\lgx64modem.sys (LG Electronics Inc.)

DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\DRIVERS\lgx64diag.sys (LG Electronics Inc.)

DRV:64bit: - (usbbus) -- C:\Windows\SysNative\DRIVERS\lgx64bus.sys (LG Electronics Inc.)

DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys (Conexant)

DRV - (SASDIFSV) -- C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASKUTIL) -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASENUM) -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()

DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()

DRV - (mdmxsdk) -- C:\Windows\SysWOW64\mdmxsdk.dll (Conexant)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo!

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo!

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = AOL.com - Welcome to AOL

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, Unterhaltung, Nachrichten, Sport, Jobs, Immobilien und mehr bei MSN AT

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Bing [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Bing [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Bing Start

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files (x86)\AGI\common\agcutils.dll (TODO: <Company name>)

IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...