|
|||||||
| Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
 |
|
|
Topic Tools |
|
#1
March 28th, 2012, 03:52 AM
|
|||
|
|||
|
BSOD error with iastor.sys
A week and a half ago, internet explorer was used, and a problem with host processes occurred. I restarted my pc, then after about 3 seconds on the home screen, a blue screen pops up stating it is restarting my computer to avoid harm. The error report in safe mode with networking was the following:
Problem signature: Problem Event Name: BlueScreen OS Version: 6.0.6002.2.2.0.768.3 Locale ID: 1033 Additional information about the problem: BCCode: 1000008e BCP1: C0000005 BCP2: 82A3F14A BCP3: 9C9976A8 BCP4: 00000000 OS Version: 6_0_6002 Service Pack: 2_0 Product: 768_1 I was told that the problem was with the Intel Matrix Storage Driver and it needed to be updated. I went to the manufacturer's site to get driver updates and I unzipped the files, but I don't know if the driver was downloaded or not. Well I restarted in regular mode, signed in, all was going well, then the same blue screen came back up. What is going on? What am I doing wrong? 
|
|
#2
March 28th, 2012, 09:27 PM
|
||||
|
||||
|
Did you use the Intel® Driver Update Utility - see here. If not, it would be wise to do so.
Also have you run a an antivirus check? If not, please do that too and let us know the result.
|
|
#6
March 29th, 2012, 05:41 AM
|
|||
|
|||
|
No I can't boot normally. When I do, after I have signed in and the regular screen comes up, a few seconds later the blue screen comes up. Can do a limited normal startup with system configuration however.
When I did antivirus scan, no malware was found. Last edited by mac1981; March 29th, 2012 at 05:43 AM.
|
|
#7
March 29th, 2012, 05:47 AM
|
||||
|
||||
|
It might help if I can see some logs of what is running on your computer. Go here and download DDS to your Desktop and doubleclick on DDS.scr to run it. When the scan has finished, two logs will open. Copy and paste both reports in this topic. The logs will be reasonably large so you may have to divide them into sections and make several posts to post them.
|
|
#9
March 29th, 2012, 06:17 AM
|
||||
|
||||
|
This is sounding suspiciously like an infection.
Go here and download OTL.exe to your Desktop and doubleclick on it to open it. Scroll down to Extra Registry and click on "Use Safelist" Next click on "Run Scan" When the scan has finished, two logs will open. Copy and paste both reports in this topic. The logs will be reasonably large so you may have to divide them into sections and make several posts to post them. If it turns out that your operating system is infected, I'll transfer your topic to our Malware Removal Forum for more help. We dont do malware removal in this forum.
|
|
#10
March 29th, 2012, 08:52 PM
|
|||
|
|||
|
First Report
OTL logfile created on: 3/29/2012 2:39:18 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\winter baby\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.99 Gb Total Physical Memory | 1.77 Gb Available Physical Memory | 59.33% Memory free 6.18 Gb Paging File | 5.12 Gb Available in Paging File | 82.85% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 285.79 Gb Total Space | 199.32 Gb Free Space | 69.74% Space Free | Partition Type: NTFS Drive D: | 9.77 Gb Total Space | 3.63 Gb Free Space | 37.22% Space Free | Partition Type: NTFS Computer Name: HOMELAPTOP | User Name: winter baby | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/03/29 14:38:14 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\winter baby\Downloads\OTL.exe PRC - [2012/03/27 17:10:29 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2012/01/06 12:26:06 | 000,722,616 | ---- | M] (iolo technologies, LLC) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe PRC - [2011/11/22 18:18:26 | 001,318,816 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe PRC - [2011/10/18 15:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe PRC - [2011/10/18 15:28:34 | 000,160,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe PRC - [2011/04/27 15:39:26 | 000,228,520 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe PRC - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe ========== Modules (No Company Name) ========== MOD - [2012/03/28 22:03:35 | 008,797,344 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_20 2_228.dll MOD - [2012/03/27 17:10:28 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2011/10/13 18:15:56 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\msc orlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni .dll ========== Win32 Services (SafeList) ========== SRV - [2012/03/29 14:26:23 | 000,017,408 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\rpcnetp.exe -- (rpcnetp) SRV - [2012/03/28 22:03:35 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpda teService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/03/15 23:51:33 | 000,058,288 | ---- | M] (Absolute Software Corp.) [Auto | Stopped] -- C:\Windows\System32\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC) SRV - [2012/01/13 12:21:10 | 000,095,200 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service) SRV - [2012/01/06 12:26:06 | 000,722,616 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService) SRV - [2011/11/12 12:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Stopped] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service) SRV - [2011/10/18 15:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp) SRV - [2011/10/18 15:28:34 | 000,160,608 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire) SRV - [2011/10/18 15:28:18 | 000,166,288 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV - [2011/09/09 09:00:26 | 000,315,392 | ---- | M] (Alcatel-Lucent) [Auto | Stopped] -- C:\Program Files\Common Files\Motive\McciServiceHost.exe -- (McciServiceHost) SRV - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Stopped] -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe -- (SftService) SRV - [2011/06/23 15:22:58 | 000,361,712 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS) SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv) SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service) SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy) SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc) SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc) SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc) SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009/07/21 16:06:26 | 000,554,224 | ---- | M] (Dell Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe -- (hnmsvc) SRV - [2009/07/21 16:06:26 | 000,189,680 | ---- | M] (SingleClick Systems) [Auto | Stopped] -- C:\Program Files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe -- (dsl-fs-sync) SRV - [2009/06/10 23:23:46 | 005,730,304 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Dell\MySQL\bin\mysqld.exe -- (dsl-db) SRV - [2008/12/10 00:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [Auto | Stopped] -- C:\Program Files\Common Files\Dell\apache\bin\httpd.exe -- (Apache2.2) SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2008/09/23 23:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService) SRV - [2008/08/31 12:02:04 | 001,519,168 | ---- | M] (UltraVNC) [Auto | Stopped] -- C:\ProgramData\UltraVNC\winvnc.exe -- (uvnc_service) SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/11/12 06:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\stacsv.exe -- (STacSV) SRV - [2007/11/12 06:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters) SRV - [2007/03/21 14:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2006/11/03 17:07:04 | 000,537,480 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\System32\dlcxcoms.exe -- (dlcx_device) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | Disabled | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5) DRV - File not found [Kernel | Disabled | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64) DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6DCC4004-A756-479F-8CF0-86653B93442A}\MpKsl35a74887.sys -- (MpKsl35a74887) DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012/03/22 14:02:05 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\DellBIOS.Sys -- (DellBIOS) DRV - [2011/11/12 12:18:10 | 000,033,792 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btblan.sys -- (Leapfrog-USBLAN) DRV - [2011/10/15 14:16:16 | 000,464,176 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk) DRV - [2011/10/15 14:16:16 | 000,338,176 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek) DRV - [2011/10/15 14:16:16 | 000,180,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2011/10/15 14:16:16 | 000,165,680 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk) DRV - [2011/10/15 14:16:16 | 000,121,256 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk) DRV - [2011/10/15 14:16:16 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet) DRV - [2011/10/15 14:16:16 | 000,064,880 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk) DRV - [2011/10/15 14:16:16 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk) DRV - [2011/10/15 14:16:16 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids) DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon) DRV - [2010/04/26 21:25:20 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2010/04/26 21:25:20 | 000,110,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM) DRV - [2010/04/26 21:25:20 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV - [2010/04/26 21:25:20 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2009/06/10 16:21:26 | 000,027,472 | ---- | M] (SingleClick Systems) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\packet.sys -- (Packet) DRV - [2008/12/09 10:59:30 | 000,020,392 | ---- | M] (EldoS Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\elrawdsk.sys -- (ElRawDisk) DRV - [2008/09/23 09:45:32 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50) DRV - [2008/09/23 09:45:31 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50) DRV - [2008/07/03 08:41:54 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY) DRV - [2008/06/23 07:45:44 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2008/05/04 04:25:24 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2008/03/06 02:58:44 | 000,111,616 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R) DRV - [2008/03/04 00:05:34 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx) DRV - [2008/03/04 00:05:18 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev) DRV - [2008/01/20 21:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R) DRV - [2007/11/12 06:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2007/09/06 11:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007/09/06 11:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007/09/06 11:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2007/07/27 19:27:16 | 000,351,232 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73) DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2006/11/01 18:50:00 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch IE - HKLM\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0} IE - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZUxdm265YDUS&fl=0&ptb=uxKD1elEa. NhuVmlTQ6eAQ&url=http://search.mywebsearch.com/mywebsearch/GGmain.jhtml&st=sb&searchfor={searchTerms}&si=5222 &n=77cf8b53 IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language }:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7&rlz=1I7DKUS IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {620D322B-DA17-4909-87F6-72F1A4345B24} IE - HKCU\..\SearchScopes\{620D322B-DA17-4909-87F6-72F1A4345B24}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7DKUS_en&ie={inputEnc oding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{AED66147-715A-4004-AF2D-C1EB4538CB46}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,105,0_0,Search,20090416,0,0,0 ,0 IE - HKCU\..\SearchScopes\{FE4C2C37-EDC8-4C00-B864-3C38CF3BA834}: "URL" = http://search.wish-search.com/?sid=20101014100&s={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = 64.136.44.66;64.136.52.66;64.136.52.70;searchap.un td.com;127.0.0.1;localhost;*microsoft.com;*windows update.com;*wustat.windows.com;*.pogo.com;*test-speed.com;liveupdate.symantecliveupdate.com;*syman tec.com;*.nai.com;*.networkassociates.com;*.dir.un td.com;cf.netzero.net;qs.netzero.net;*.aolcdn.com; <local> ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Secure Search" FF - prefs.js..browser.startup.homepage: "http://www.att.net/" FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p=" FF - prefs.js..network.proxy.no_proxies_on: "64.136.44.66,64.136.52.66,64.136.52.70,searchap.u ntd.com,127.0.0.1,localhost,*microsoft.com,*window supdate.com,*wustat.windows.com,*.pogo.com,*test-speed.com,liveupdate.symantecliveupdate.com,*syman tec.com,*.nai.com,*.networkassociates.com,*.dir.un td.com,cf.netzero.net,qs.netzero.net,*.aolcdn.com, localhost,127.0.0.1" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_20 2_228.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll () FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent) FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.103: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.) FF - HKLM\Software\MozillaPlugins\@realarcade.com/RAClient: C:\ProgramData\RealArcade\npraclient.dll (RealNetworks) FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: File not found FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\winter baby\AppData\Local\Facebook\Video\Skype\npFacebook VideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\winter baby\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugin s\npybrowserplus_2.9.8.dll (Yahoo! Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/13 17:46:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/02/24 21:34:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/03/21 23:20:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/27 17:10:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/15 20:50:11 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensi ons\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/13 17:46:16 | 000,000,000 | ---D | M] [2011/10/03 22:44:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\winter baby\AppData\Roaming\Mozilla\Extensions [2012/03/26 16:29:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\winter baby\AppData\Roaming\Mozilla\Firefox\Profiles\bvfd r2vc.default\extensions [2012/03/25 23:05:12 | 000,000,000 | ---D | M] (ShopToWin19) -- C:\Users\winter baby\AppData\Roaming\Mozilla\Firefox\Profiles\bvfd r2vc.default\extensions\{1c772e68-28fd-41cd-91d4-ac0895836c70} [2011/11/10 23:33:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/03/21 23:20:36 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES\COMMON FILES\MCAFEE\SYSTEMCORE [2012/02/24 21:34:49 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR [2012/03/27 17:10:29 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll [2009/03/30 18:13:54 | 000,098,304 | ---- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npraclient.dll [2012/02/01 11:07:54 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011/10/05 21:08:04 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml [2012/02/01 11:07:54 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Yahoo! (Enabled) CHR - default_search_provider: search_url = http://search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms} CHR - default_search_provider: suggest_url = http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\ppGoog leNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\pdf.dl l CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\gcswf3 2.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\winter baby\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepao oicaho\3.40.135.1_0\McChPlg.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: RealArcade NPAPI Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npraclient.dll CHR - plugin: getPlusPlus for Adobe 162103 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: McAfee Virtual Technician (Enabled) = C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\winter baby\AppData\Local\Facebook\Video\Skype\npFacebook VideoCalling.dll CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\winter baby\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugin s\npybrowserplus_2.9.8.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\winter baby\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo\4.2_0\ CHR - Extension: Google Search = C:\Users\winter baby\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf\0.0.0.14_0\ CHR - Extension: SiteAdvisor = C:\Users\winter baby\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepao oicaho\3.40.135.1_0\ CHR - Extension: Gmail = C:\Users\winter baby\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia\6.1.3_0\ O1 HOSTS File: ([2008/12/19 23:00:13 | 000,000,781 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found. O2 - BHO: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111220144715.dl l (McAfee, Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T) O3 - HKLM\..\Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [(default)] File not found O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\McciTrayApp.exe (Alcatel-Lucent) O4 - HKLM..\Run: [Conime] C:\Windows\System32\conime.exe (Microsoft Corporation) O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe () O4 - HKLM..\Run: [Dell PC TuneUp Startup] C:\Program Files\iolo\Common\Lib\ioloLManager.exe (iolo technologies, LLC) O4 - HKLM..\Run: [dlcxmon.exe] C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe () O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Dell PC Fax\fm3032.exe () O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [iolo Startup] C:\Program Files\iolo\Common\Lib\ioloLManager.exe (iolo technologies, LLC) O4 - HKLM..\Run: [ISW.exe] C:\Program Files\AT&T\Internet Security Wizard\ISW.exe (AT&T) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 926\memcard.exe () O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.) O4 - HKLM..\RunOnce: [SMRequiresRestart] File not found O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil11g_Pl ugin.exe -update plugin File not found O4 - Startup: C:\Users\winter baby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoControlPanel = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: DisableTaskMgr = 1 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites) O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites) O15 - HKCU\..Trusted Domains: netzero.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: netzero.net ([]* in Trusted sites) O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/noc...tup1.0.1.1.cab (Reg Error: Key error.) O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/S...in/AvSniff.cab (Reg Error: Key error.) O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/S.../bin/cabsa.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (Reg Error: Key error.) O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.microsoft.com/mats/DiagWebControl.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh/games/web_games...ploader_v6.cab (Reg Error: Key error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://jport.uscourts.gov/dana-cach...etupClient.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{4A825FF9-F9A0-4939-8BE3-236C814F597B}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{EFDC805A-A14B-4178-B541-C25851991440}: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\winter baby\Downloads\1011112046b.jpg O24 - Desktop BackupWallPaper: C:\Users\winter baby\Downloads\1011112046b.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2004/04/30 17:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ] O33 - MountPoints2\{a0c374fd-91db-11e0-be72-0023ae0d6854}\Shell - "" = AutoRun O33 - MountPoints2\{a0c374fd-91db-11e0-be72-0023ae0d6854}\Shell\AutoRun\command - "" = G:\TLBootstrap_WPP.exe O33 - MountPoints2\{c9df76e8-3227-11e1-9c73-0023ae0d6854}\Shell - "" = AutoRun O33 - MountPoints2\{c9df76e8-3227-11e1-9c73-0023ae0d6854}\Shell\AutoRun\command - "" = F:\TL_Bootstrap.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found ========== Files/Folders - Created Within 30 Days ========== [2012/03/29 14:33:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2012/03/28 22:03:35 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012/03/25 23:01:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium [2012/03/25 23:01:15 | 000,000,000 | ---D | C] -- C:\Users\winter baby\AppData\Local\Babylon [2012/03/25 23:01:14 | 000,000,000 | ---D | C] -- C:\Users\winter baby\AppData\Roaming\Babylon [2012/03/25 23:01:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2012/03/25 23:01:05 | 000,000,000 | ---D | C] -- C:\Users\winter baby\Documents\ShopToWin [2012/03/25 22:59:44 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate [2012/03/23 22:28:08 | 000,000,000 | ---D | C] -- C:\Program Files\ReImageCompanion [2012/03/22 13:44:17 | 000,000,000 | ---D | C] -- C:\Intel [2012/03/22 10:41:01 | 000,000,000 | ---D | C] -- C:\Users\winter baby\Documents\Windows7_Vista_jcgriff2 [2012/03/22 10:39:46 | 000,638,784 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\winter baby\Documents\autoruns.exe [2012/03/21 22:03:20 | 000,000,000 | ---D | C] -- C:\Users\winter baby\AppData\Roaming\Template [2012/03/18 21:22:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2012/03/18 21:20:49 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2012/03/18 15:16:03 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2012/03/16 21:55:54 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012/03/13 15:15:28 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012/03/13 15:15:26 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2012/03/13 15:15:26 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2012/03/13 15:15:26 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2012/03/13 15:15:26 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2012/03/13 15:15:26 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2012/03/13 15:14:56 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll [2012/03/12 21:18:28 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan [2012/03/12 21:18:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2012/03/12 21:18:23 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan [2012/03/08 18:55:37 | 000,000,000 | ---D | C] -- C:\Users\winter baby\AppData\Local\Eastman_Kodak_Company [2012/03/08 18:54:01 | 000,000,000 | ---D | C] -- C:\Users\winter baby\AppData\Local\Eastman Kodak Company [2012/03/08 18:52:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\kodak [2012/03/08 18:48:59 | 000,000,000 | ---D | C] -- C:\Program Files\Kodak [2012/03/08 18:45:35 | 000,000,000 | ---D | C] -- C:\Users\winter baby\AppData\Roaming\Temp [2012/03/08 18:45:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Kodak [2010/10/05 00:05:33 | 000,456,184 | ---- | C] (MyWebSearch.com) -- C:\Program Files\Uninstall Fun Web Products.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/03/29 14:33:54 | 000,001,737 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk [2012/03/29 14:32:26 | 000,608,520 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/03/29 14:32:26 | 000,105,430 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/03/29 14:26:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/03/29 14:26:23 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe [2012/03/29 00:06:56 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2012/03/29 00:06:56 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2012/03/29 00:04:13 | 000,607,260 | ---- | M] () -- C:\Users\winter baby\Desktop\dds(1).scr [2012/03/28 22:03:36 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/03/28 22:03:35 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012/03/28 22:03:35 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012/03/27 20:34:16 | 000,006,648 | ---- | M] () -- C:\Users\winter baby\AppData\Local\d3d9caps.dat [2012/03/25 23:01:23 | 000,000,237 | ---- | M] () -- C:\user.js [2012/03/25 22:49:22 | 000,000,272 | ---- | M] () -- C:\Windows\tasks\WebReg HP Deskjet F4400 series.job [2012/03/25 20:11:38 | 250,792,252 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012/03/25 20:09:26 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.dll [2012/03/25 20:09:24 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll [2012/03/25 20:08:51 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/03/25 20:08:50 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/03/23 22:30:17 | 000,000,286 | ---- | M] () -- C:\Windows\reimage.ini [2012/03/22 14:02:05 | 000,007,168 | ---- | M] () -- C:\Windows\DellBIOS.Sys [2012/03/22 13:52:03 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2012/03/22 11:09:16 | 001,939,625 | ---- | M] () -- C:\Users\winter baby\Documents\Windows7_Vista_jcgriff2.zip [2012/03/22 10:36:11 | 000,055,296 | ---- | M] () -- C:\Users\winter baby\Documents\BSOD_Windows7_Vista_v2.64_jcgriff2_ .exe [2012/03/22 10:35:37 | 000,638,784 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\winter baby\Documents\autoruns.exe [2012/03/21 22:03:21 | 000,000,134 | ---- | M] () -- C:\Users\winter baby\AppData\Roaming\wklnhst.dat [2012/03/15 23:51:33 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe [2012/03/15 20:30:01 | 000,000,952 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2349259064-3804554855-2337022464-1000UA.job [2012/03/15 20:30:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2349259064-3804554855-2337022464-1000Core.job [2012/03/13 23:08:08 | 000,383,088 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012/03/12 21:18:25 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2012/02/29 00:30:25 | 000,001,913 | ---- | M] () -- C:\Users\winter baby\Desktop\System Mechanic.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/03/29 00:06:56 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS [2012/03/29 00:06:56 | 000,000,000 | RHS- | C] () -- C:\IO.SYS [2012/03/29 00:04:13 | 000,607,260 | ---- | C] () -- C:\Users\winter baby\Desktop\dds(1).scr [2012/03/28 22:03:36 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/03/25 23:01:23 | 000,000,237 | ---- | C] () -- C:\user.js [2012/03/25 22:49:22 | 000,000,272 | ---- | C] () -- C:\Windows\tasks\WebReg HP Deskjet F4400 series.job [2012/03/23 22:30:02 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini [2012/03/22 14:02:05 | 000,007,168 | ---- | C] () -- C:\Windows\DellBIOS.Sys [2012/03/22 11:08:11 | 001,939,625 | ---- | C] () -- C:\Users\winter baby\Documents\Windows7_Vista_jcgriff2.zip [2012/03/22 10:39:52 | 000,055,296 | ---- | C] () -- C:\Users\winter baby\Documents\BSOD_Windows7_Vista_v2.64_jcgriff2_ .exe [2012/03/21 23:22:53 | 000,001,974 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012/03/21 23:22:53 | 000,001,815 | ---- | C] () -- C:\Users\winter baby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2012/03/21 23:22:53 | 000,001,748 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk [2012/03/21 22:03:19 | 000,000,134 | ---- | C] () -- C:\Users\winter baby\AppData\Roaming\wklnhst.dat [2012/03/19 18:04:42 | 250,792,252 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012/03/12 21:18:25 | 000,001,719 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2012/01/02 15:09:35 | 000,000,581 | ---- | C] () -- C:\Users\winter baby\AppData\Local\cookies.ini [2011/10/17 00:27:51 | 000,000,269 | ---- | C] () -- C:\Windows\SysMech.INI [2011/07/25 23:13:53 | 000,000,413 | ---- | C] () -- C:\Users\winter baby\AppData\Local\RAExpertHistory.xml [2011/07/25 23:04:03 | 000,000,179 | ---- | C] () -- C:\Users\winter baby\AppData\Local\rahistory.xml [2011/07/16 23:05:10 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll [2011/07/16 23:04:30 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.exe [2010/10/29 18:20:43 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlcxcoin.dll [2010/10/29 18:16:31 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlcxinpa.dll [2010/10/29 18:16:31 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\dlcxhcp.dll [2010/10/29 18:16:31 | 000,274,432 | ---- | C] () -- C:\Windows\System32\dlcxinst.dll [2010/10/29 18:16:30 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\dlcxusb1.dll [2010/10/29 18:16:30 | 000,454,656 | ---- | C] () -- C:\Windows\System32\dlcxutil.dll [2010/10/29 18:16:30 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlcxiesc.dll [2010/10/29 18:16:29 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlcxserv.dll [2010/10/29 18:16:29 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlcxprox.dll [2010/10/29 18:16:28 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlcxpmui.dll [2010/10/29 18:16:28 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlcxlmpm.dll [2010/10/29 18:16:28 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlcxpplc.dll [2010/10/29 18:16:27 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlcxinsb.dll [2010/10/29 18:16:27 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlcxins.dll [2010/10/29 18:16:27 | 000,139,264 | ---- | C] () -- C:\Windows\System32\dlcxjswr.dll [2010/10/29 18:16:27 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dlcxinsr.dll [2010/10/29 18:16:26 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlcxhbn3.dll [2010/10/29 18:16:25 | 000,188,416 | ---- | C] () -- C:\Windows\System32\dlcxgrd.dll [2010/10/29 18:16:24 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlcxcub.dll [2010/10/29 18:16:24 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcxcu.dll [2010/10/29 18:16:24 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dlcxcur.dll [2010/10/29 18:16:23 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlcxcomc.dll [2010/10/29 18:16:23 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlcxcomm.dll [2010/10/29 18:16:22 | 000,381,832 | ---- | C] ( ) -- C:\Windows\System32\dlcxcfg.exe [2010/04/13 17:32:53 | 000,168,059 | ---- | C] () -- C:\Windows\hpoins37.dat ========== Alternate Data Streams ========== @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:B623B5B8 @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:5D432CE3 < End of report >
|
|
#11
March 29th, 2012, 08:55 PM
|
|||
|
|||
|
Second Report
TL Extras logfile created on: 3/29/2012 2:39:18 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\winter baby\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.99 Gb Total Physical Memory | 1.77 Gb Available Physical Memory | 59.33% Memory free 6.18 Gb Paging File | 5.12 Gb Available in Paging File | 82.85% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 285.79 Gb Total Space | 199.32 Gb Free Space | 69.74% Space Free | Partition Type: NTFS Drive D: | 9.77 Gb Total Space | 3.63 Gb Free Space | 37.22% Space Free | Partition Type: NTFS Computer Name: HOMELAPTOP | User Name: winter baby | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .exe [@ = exefile] -- Reg Error: Key error. File not found .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules] "{0494E644-4C06-4B8D-9EAF-C575679D65BA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) | "{1EC520F8-BD15-4D74-A8EC-08713A35937C}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery | "{26804AB1-F18E-4F7C-8474-250CB131196C}" = lport=5900 | protocol=6 | dir=in | name=ultravnc server | "{2D16343F-8AE4-4921-8775-F25A09731634}" = lport=40090 | protocol=6 | dir=in | name=streaming web cam | "{2ED8F1FE-02C3-43AE-82DB-D5B622F4298E}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 | "{3C92C0B0-84C9-4CA4-97A3-30A9871BC90D}" = lport=40094 | protocol=6 | dir=in | name=streaming web cam | "{4064B0D9-AB81-4FF5-AAA0-08F85DD95105}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe | "{55E6CB20-69B9-4C8E-8C63-B7807A35371D}" = lport=445 | protocol=6 | dir=in | app=system | "{57048218-F858-4C7A-A9B1-D554C9A12AE2}" = rport=137 | protocol=17 | dir=out | app=system | "{58107A4F-7EE0-4EAD-BF48-7BE6BC526963}" = lport=40080 | protocol=6 | dir=in | name=remote access media server | "{58CA0861-9D4B-4194-9794-4F1C8C8E8501}" = rport=445 | protocol=6 | dir=out | app=system | "{5A621E11-D3F3-435B-88EF-3D8E4D4E9F30}" = lport=138 | protocol=17 | dir=in | app=system | "{63BD264A-C721-418D-9C7A-061FDFAD0A0D}" = lport=40091 | protocol=6 | dir=in | name=streaming web cam | "{707BD661-9D03-45D7-8ADE-0D6418611E9E}" = rport=138 | protocol=17 | dir=out | app=system | "{75B9FDFF-9335-4FE9-BFB8-52167D2ABD52}" = lport=40080 | protocol=6 | dir=in | name=remote access media server | "{7788D750-E8A6-4838-8DA4-FF6CCED41B22}" = lport=40091 | protocol=6 | dir=in | name=streaming web cam | "{7F43B077-3DF5-4D35-9C13-839436184750}" = lport=40094 | protocol=6 | dir=in | name=streaming web cam | "{8C6B42FB-048F-4611-9E0B-9B397E852B92}" = rport=139 | protocol=6 | dir=out | app=system | "{91F74251-748B-4F80-9B7A-943FBEEEA2FE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{9D1EAC2A-1D60-41C6-A883-6F4A0DCD7ED3}" = lport=139 | protocol=6 | dir=in | app=system | "{AA7AEFBE-02EA-47E8-B28A-D47623940CCD}" = lport=40090 | protocol=6 | dir=in | name=streaming web cam | "{BD19DCB9-204D-4C52-BD9C-F59E74FB0BCF}" = lport=40093 | protocol=6 | dir=in | name=streaming web cam | "{C45139F2-6125-4C82-B033-EB0894D4CA79}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 | "{D269A234-5622-43ED-960A-28D3793FC450}" = lport=40093 | protocol=6 | dir=in | name=streaming web cam | "{F0BC8B33-3E9F-459A-95CF-E495E3B9FF0A}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery | "{F16C8EDC-A8B1-4DAC-89FF-712AAB678714}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{F204D045-EC3C-4326-80AA-B3C631602E97}" = lport=40092 | protocol=6 | dir=in | name=streaming web cam | "{F51A8DCF-FC48-46FB-A377-87F8DB8EB5A2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{F8871AA8-15D7-41CF-9BD8-8A2CD49E94B5}" = lport=40092 | protocol=6 | dir=in | name=streaming web cam | "{FBC66CF1-C1F7-4077-BFE5-BE0B20D2C97A}" = lport=137 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules] "{004ACBC6-6645-4C09-A206-CEA8160ACEEE}" = protocol=17 | dir=in | app=c:\program files\common files\dell\remote access file sync service\dsl_fs_sync.exe | "{0097D00E-23BF-4FE2-B5D9-C495C81A7B33}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | "{046A917A-78BE-42B8-BF45-9E85E96A751C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | "{06930DC6-8C49-43A4-821F-9220190627FB}" = protocol=17 | dir=in | app=c:\program files\common files\dell\mysql\bin\mysql.exe | "{0B8C11FB-134B-435D-8BB6-5A20F6B8589C}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{0CF3BEAF-AA8C-481A-BDF4-D5A8F3E867FF}" = dir=in | app=c:\program files\leapfrog\leapfrog connect\leapfrogconnect.exe | "{103E5831-01B6-4375-ABB7-33E5217EC272}" = protocol=17 | dir=in | app=c:\programdata\singleclick systems\advanced networking service\hnm_svc.exe | "{10DDF085-4D03-4E99-A3B6-8360E4371536}" = protocol=17 | dir=in | app=c:\programdata\singleclick systems\mysql\bin\mysql.exe | "{131AE0C9-B3B6-490D-A518-1B0628A1167A}" = protocol=6 | dir=in | app=c:\program files\veetle\player\veetlenet.exe | "{16EECB55-1202-4F45-9622-FA86F0BA1D08}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | "{17BEA3C2-7360-4F84-8DEF-A4747355059E}" = protocol=17 | dir=in | app=c:\program files\common files\motive\mcciservicehost.exe | "{17ECCE8F-AE14-4F5E-8A0B-56B2234CC01B}" = protocol=6 | dir=in | app=c:\program files\dell remote access\ezi_ra.exe | "{195A4E07-E8FA-4BC0-A140-696C27CC909A}" = protocol=6 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxmon.exe | "{19786F8F-8608-4A1D-8957-39C0D3070C67}" = protocol=6 | dir=in | app=c:\programdata\singleclick systems\apache\php.exe | "{1B6B8E0B-4D99-48A6-BAAE-2D9FFBA38C31}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{1BAC9850-5623-4FFB-8967-6A7C3E625592}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe | "{1C3C2817-9225-4B48-9D01-AEA1CC6C95F5}" = protocol=17 | dir=in | app=c:\program files\common files\dell\mysql\bin\mysqld.exe | "{1E43431D-171E-41FA-997C-1B0745D7E4C7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{1FAF7F64-FC5A-455B-ABAD-F3A0B37986EB}" = protocol=17 | dir=in | app=c:\programdata\singleclick systems\remote access file sync service\dsl_fs_sync.exe | "{20F10057-D533-481D-AAF7-739FEC589FFC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | "{2CB24332-2ACD-4ADB-B62A-DAE78289436D}" = protocol=17 | dir=in | app=c:\programdata\singleclick systems\vlc\vlc.exe | "{2E33D000-7AF5-41B6-A127-ABEA51A47CB3}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | "{33BE6A42-D66D-43A0-B8C3-11A3B4744175}" = protocol=17 | dir=in | app=c:\programdata\ultravnc\winvnc.exe | "{3467CCE1-815D-4312-8339-FF14110DFE5E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{36A25380-E86F-41C5-A2C0-359083C11F64}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{37EBA12B-90B5-4A17-AADF-4ED1CC7A752C}" = protocol=17 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxaiox.exe | "{3A3EDAD2-C9E1-4950-90F8-9D1DFC48EB0E}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{3D786628-12C5-46FE-877F-D094FCC51B9E}" = protocol=6 | dir=in | app=c:\windows\system32\dlcxcoms.exe | "{406C9BB3-488A-48EC-B76D-8711CEBED0AE}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) | "{483E2D67-4B7C-4916-8819-243B0911F02D}" = protocol=6 | dir=in | app=c:\program files\att-hsi\mccibrowser.exe | "{4C426327-030F-4E3B-B6C1-44DAC46B4A6D}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{50339D7F-1D28-45DE-B37B-3AC88CD28679}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | "{54D4BF2F-7C5B-41C0-BF23-AA56CCA9DD8E}" = protocol=6 | dir=in | app=c:\windows\system32\dlcxcoms.exe | "{57B12272-9CC2-4331-8EB3-3EA53EAD6D96}" = protocol=6 | dir=in | app=c:\program files\common files\dell\apache\bin\httpd.exe | "{580DD431-C890-47CF-AEC7-A7E284BC6DF8}" = protocol=17 | dir=in | app=c:\programdata\singleclick systems\mysql\bin\mysqld.exe | "{5A0D29E8-04B8-4344-BA8D-DAA4AE5F1AFC}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{5C089969-B8E7-48EC-8A91-F938FCCD5816}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | "{5E530073-3F33-4592-8EB0-04D30EEEA619}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | "{610DF479-7422-4C0A-8A5A-57A6C6E7764D}" = protocol=6 | dir=in | app=c:\program files\common files\dell\vlc\vlc.exe | "{62616966-105E-423B-8D22-94173D6CD8B3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | "{687B7950-3038-49AC-A249-AD839B1D7147}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe | "{7046AB44-F9F9-4988-8B4B-F338677F513D}" = protocol=6 | dir=in | app=c:\programdata\ultravnc\winvnc.exe | "{77339D9A-4515-4A6F-8DF5-C58560EC3B5C}" = protocol=6 | dir=in | app=c:\programdata\singleclick systems\mysql\bin\mysql.exe | "{77E0FFD0-8806-4322-B653-385C747BA2D6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | "{799384B1-8E9B-4248-B882-D3C9BD950B62}" = protocol=6 | dir=in | app=c:\program files\common files\dell\remote access file sync service\dsl_fs_sync.exe | "{7AC3F453-4E03-4973-8377-C49A0559A886}" = protocol=6 | dir=in | app=c:\programdata\singleclick systems\mysql\bin\mysqld.exe | "{804EB9B2-74C0-4DEE-8762-16AD61393832}" = protocol=6 | dir=in | app=c:\program files\common files\dell\apache\php.exe | "{81D0AF43-560E-4D3F-96D4-AC15FF234722}" = protocol=6 | dir=in | app=c:\program files\common files\motive\mcciservicehost.exe | "{836C9800-5E69-4E8C-8100-A8ABF7C48512}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) | "{8A574A19-5E86-4FAC-A2B0-C99545B218CD}" = protocol=17 | dir=in | app=c:\programdata\singleclick systems\apache\php.exe | "{8BD32FC4-53ED-4B9B-BD77-34972A51EB0D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | "{8CD07B8C-FDA6-4CB7-A9DD-C7A54F54C698}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{954AF7A5-637A-40CF-8DA0-18C53C0DEDB4}" = protocol=17 | dir=in | app=c:\program files\common files\dell\vlc\vlc.exe | "{961ECD75-12B2-4CA0-B5A3-295E9A52753E}" = protocol=17 | dir=in | app=c:\program files\common files\dell\apache\php.exe | "{9706CA76-A355-4E13-BD19-4C1DEF3FE4F8}" = protocol=6 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxaiox.exe | "{9709BB6B-65CD-4E88-84DC-F6D46E8368AC}" = protocol=6 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxaiox.exe | "{9DCE4F91-9008-4A14-9D45-379C5F19D36C}" = dir=in | app=c:\users\winter baby\appdata\local\facebook\video\skype\facebookvi deocalling.exe | "{A14F45EB-D2D1-458A-B002-29E11D2B0C1C}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | "{A34B750B-1B7D-4DCC-9526-4C4A161E0232}" = protocol=6 | dir=in | app=c:\program files\common files\dell\mysql\bin\mysql.exe | "{A47C05F5-FB61-4B1C-A336-672A882B2A80}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{A8E19E41-89E4-4174-A0DF-4B991A975117}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) | "{ABFCF039-497A-4DEC-BAEC-2C6F757DF968}" = protocol=17 | dir=in | app=c:\program files\att-hsi\mccibrowser.exe | "{B239D789-22BF-4AAD-9965-D272AF173C64}" = protocol=6 | dir=in | app=c:\programdata\singleclick systems\vlc\vlc.exe | "{B307CCB9-8522-48B1-95DE-47A04F71DCAB}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{B36EC97C-1C00-44CB-B1A1-01575ADD0B95}" = protocol=17 | dir=in | app=c:\windows\system32\dlcxcoms.exe | "{B6EC7BDF-F55E-4B31-9D59-F351A5558C16}" = protocol=17 | dir=in | app=c:\windows\system32\dlcxcoms.exe | "{B964A05C-B5FC-48FF-BEEB-7E1BCFE3AE99}" = protocol=17 | dir=in | app=c:\program files\common files\motive\mcciservicehost.exe | "{B9925B97-5E21-4039-ADF0-BF28442F7EEF}" = protocol=17 | dir=in | app=c:\program files\att-hsi\mccibrowser.exe | "{BC7B37F9-1FE0-4B82-9185-F7F2EA0EDC89}" = protocol=6 | dir=in | app=c:\programdata\singleclick systems\remote access file sync service\dsl_fs_sync.exe | "{BE012001-3C17-4E0D-94E8-614C7B627D9C}" = protocol=6 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxmon.exe | "{C030AC1C-7EAA-4330-8AFA-40D8DC24AF49}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine. exe | "{C2AC1D82-9A75-4AE4-B7C6-7E6130DFA98E}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) | "{C3AF7656-6EB2-4F19-9FE2-14D86A133119}" = protocol=17 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxmon.exe | "{C45767CA-C907-4493-AC72-AC672A24B725}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | "{CC5AD9F5-27E3-4E4C-9804-14BAF0DE1824}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe | "{CF8EA355-B4A3-438E-8B58-92FB180B7BB2}" = protocol=6 | dir=in | app=c:\program files\att-hsi\mccibrowser.exe | "{D06EBA63-CE5E-4DCD-AFA1-FAEB87599AB9}" = protocol=17 | dir=in | app=c:\program files\dell remote access\ezi_ra.exe | "{D3978AB4-0876-420E-97DC-62827E7DB815}" = protocol=17 | dir=in | app=c:\program files\dell remote access\ezi_ra.exe | "{D3C147DF-1ABF-4E55-B269-C47D4EC10AD6}" = protocol=17 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxmon.exe | "{D4A7E03F-6AAF-4CED-A365-512069A29CDF}" = protocol=17 | dir=in | app=c:\program files\common files\dell\apache\bin\httpd.exe | "{D5C2F769-C561-4F6D-B7EF-F86CC2941F58}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | "{D6B7D0AA-8BB5-4622-A27A-9CF26EE2BC2F}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe | "{D6F277AD-2B93-4741-B3FA-D099C5DDA49A}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{D8E4433C-F4B9-40FA-B412-471951840E53}" = protocol=17 | dir=in | app=c:\programdata\singleclick systems\apache\bin\httpd.exe | "{DA40E67A-60EF-447B-8A62-74576783B546}" = protocol=6 | dir=in | app=c:\program files\common files\motive\mcciservicehost.exe | "{E03416CA-11E0-483E-9CCE-7EA2C0371BD3}" = protocol=6 | dir=in | app=c:\program files\common files\dell\advanced networking service\hnm_svc.exe | "{E199EAC1-D92A-469A-8164-0F9710777C3C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{E5554E81-4845-4C87-A01A-39D056EBAFCB}" = protocol=6 | dir=in | app=c:\programdata\singleclick systems\apache\bin\httpd.exe | "{E971458A-8CD7-47AD-86E4-91EF398EA56B}" = protocol=6 | dir=in | app=c:\program files\dell remote access\ezi_ra.exe | "{EE92925B-60F4-4D2E-AE18-554637E7FC3C}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe | "{EEDA801A-2790-40DC-9207-6958C0921255}" = protocol=6 | dir=in | app=c:\program files\common files\dell\mysql\bin\mysqld.exe | "{F0678110-2A13-45DA-8534-121C2FEC4BB9}" = protocol=6 | dir=in | app=c:\programdata\singleclick systems\advanced networking service\hnm_svc.exe | "{F9BD84F5-E534-4CF0-B7F1-DAD4861D9F96}" = protocol=17 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxaiox.exe | "{FBCB16B7-0173-4B49-AEAB-BBD0E7018500}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{FDCA829E-4F86-4CF0-A578-DFA23DBAC012}" = protocol=17 | dir=in | app=c:\program files\common files\dell\advanced networking service\hnm_svc.exe | "TCP Query User{1093D3A6-BD42-4201-B611-047D0ADC645C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{2897D6EE-2AFA-4407-A456-D7AC8588D010}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall] "{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center "{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware "{067F36D7-A47F-15A9-6163-425ACC2F59F3}" = Amazon MP3 Uploader "{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan "{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{166E180E-9A3F-41AE-8B40-22D8FFF4AF87}" = McAfee Virtual Technician "{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0 "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service "{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer "{28DFA10C-2588-4CF2-9275-E0EFF1E9BB0C}" = Complete Care Consumer Service Agreement "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety "{294EAADF-E50F-4DD8-AD8D-19587EA10512}" = Modem Diagnostic Tool "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D8F9830-D6A3-413A-9A54-993827A73E47}" = DELL0604 "{3E9E68FB-49FA-410A-8787-424F2A506E0F}" = Business Plan Pro 15th Anniversary Edition "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting "{40C4903E-EDFB-4CAE-A611-41FEBA585921}" = VTech Download Agent Library "{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources "{497072FE-0A75-4E5C-A5B7-EB1FA67F66F1}" = DJ_AIO_05_F4400_Software_Min "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion "{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client "{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1" = iolo technologies' System Mechanic "{56BA241F-580C-43D2-8403-947241AAE633}" = center "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 "{5AEBB4A3-6878-4CEE-AD34-0F6958A983F0}" = HP Deskjet F4400 Printer Driver Software 13.0 Rel .5 "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant "{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector "{624E54D0-E4F4-434F-9EF6-D4D066EE4348}" = Facebook Video Calling 1.1.1.1 "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply "{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{6D3963B0-E13B-4FC3-B0FF-506A304BB043}" = Cisco EAP-FAST Module "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8EAD600D-1912-4DEF-92B5-0C7525E17ED2}" = F4400 "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager "{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007 "{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{94055A4F-6F4D-4F6D-85DB-893070B0BE7F}" = Verizon Wireless Software Upgrade Assistant - Samsung "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{98B6FB8A-8638-4037-AD44-CF7D0EEAB875}_is1" = TypingMaster Pro "{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175 "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0 "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials "{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr "{C39A4E1F-9AF1-4FE1-A80E-A5B867FABB42}" = Dell Best of Web "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D19C4BCB-FAAE-48C1-A423-3DA40C3B7F42}" = LeapFrog Leapster Explorer Plugin "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq "{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE "{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F42F3704-4CA7-4D28-9F5B-FDBF2E589EB2}" = Verizon Wireless Software Upgrade Assistant - SAMSUNG (TL-PC) "{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety "{F66A31D9-7831-4FBA-BA02-C411C0047CC5}" = Dell Remote Access "{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock "{F9D59E62-845F-49A2-8B75-DDB00661673C}" = LeapFrog Connect "{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner "8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11 "Advanced Audio FX Engine" = Advanced Audio FX Engine "Advanced Video FX Engine" = Advanced Video FX Engine "Aleks 3.12" = Aleks 3.12 "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12 "ATT-HSI" = ATT-HSI "ATT-SST" = AT&T Troubleshoot & Resolve Tool "ATTToolbar" = AT&T Toolbar "BN_DesktopReader" = Barnes & Noble Desktop Reader "Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F10 00F" = Conexant HDA D330 MDC V.92 Modem "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B3204 85DF8CE.1" = Acrobat.com "com.amazon.music.uploader" = Amazon MP3 Uploader "Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011) "Dell PC Fax" = Dell PC Fax "Dell Photo AIO Printer 926" = Dell Photo AIO Printer 926 "Dell Support Center" = Dell Support Center "Dell Webcam Center" = Dell Webcam Center "Dell Webcam Manager" = Dell Webcam Manager "Digital Editions" = Adobe Digital Editions "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Print Projects" = HP Print Projects 1.0 "HP Smart Web Printing" = HP Smart Web Printing 4.5 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 13.0 "LeapsterExplorerPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin) "McAfee Security Scan" = McAfee Security Scan Plus "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Security Client" = Microsoft Security Essentials "Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US) "MSC" = McAfee Total Protection "PROR" = Microsoft Office Professional 2007 "RadialpointClientGateway_is1" = AT&T Internet Security Wizard 1.5.11 "Shop for HP Supplies" = Shop for HP Supplies "UPCShell" = LeapFrog Connect "Veetle TV" = Veetle TV "VTechDownloadManager" = Learning Lodge Navigator "WinLiveSuite" = Windows Live Essentials "Yahoo! Messenger" = Yahoo! Messenger "Yahoo! Software Update" = Yahoo! Software Update ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall] "Juniper_Networks_Cache_Cleaner 6.3.0" = Juniper Networks Cache Cleaner 6.3.0 "Juniper_Setup_Client" = Juniper Networks Setup Client "Juniper_Term_Services" = Juniper Terminal Services Client "Neoteris_Host_Checker" = Juniper Networks Host Checker "Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 3/28/2012 10:31:37 PM | Computer Name = Homelaptop | Source = WinMgmt | ID = 10 Description = Error - 3/28/2012 10:33:08 PM | Computer Name = Homelaptop | Source = EventSystem | ID = 4609 Description = Error - 3/28/2012 10:46:49 PM | Computer Name = Homelaptop | Source = Application Error | ID = 1000 Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47918b89, faulting module MSHTML.dll, version 9.0.8112.16441, time stamp 0x4ee81830, exception code 0xc0000005, fault offset 0x001d9686, process id 0x478, application start time 0x01cd0d53dd5988aa. Error - 3/28/2012 10:50:30 PM | Computer Name = Homelaptop | Source = WinMgmt | ID = 10 Description = Error - 3/28/2012 11:03:55 PM | Computer Name = Homelaptop | Source = Application Error | ID = 1000 Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47918b89, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x0683d6e8, process id 0xd7c, application start time 0x01cd0d569032a9c5. Error - 3/28/2012 11:07:28 PM | Computer Name = Homelaptop | Source = WinMgmt | ID = 10 Description = Error - 3/28/2012 11:50:47 PM | Computer Name = Homelaptop | Source = Application Error | ID = 1000 Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47918b89, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x15b1a238, process id 0x980, application start time 0x01cd0d58eed212c5. Error - 3/28/2012 11:54:03 PM | Computer Name = Homelaptop | Source = WinMgmt | ID = 10 Description = Error - 3/29/2012 3:28:25 PM | Computer Name = Homelaptop | Source = WinMgmt | ID = 10 Description = Error - 3/29/2012 3:29:57 PM | Computer Name = Homelaptop | Source = EventSystem | ID = 4609 Description = [ Broadcom Wireless LAN Events ] Error - 10/29/2011 11:53:23 PM | Computer Name = Homelaptop | Source = WLAN-Tray | ID = 0 Description = 22:53:23, Sat, Oct 29, 11 Error - User "" does not have administrative privileges on this system Error - 11/4/2011 10:15:59 AM | Computer Name = Homelaptop | Source = WLAN-Tray | ID = 0 Description = 09:15:59, Fri, Nov 04, 11 Error - User "" does not have administrative privileges on this system Error - 11/5/2011 1:36:53 AM | Computer Name = Homelaptop | Source = WLAN-Tray | ID = 0 Description = 00:36:53, Sat, Nov 05, 11 Error - User "" does not have administrative privileges on this system Error - 11/5/2011 2:27:07 PM | Computer Name = Homelaptop | Source = WLAN-Tray | ID = 0 Description = 13:27:07, Sat, Nov 05, 11 Error - User "" does not have administrative privileges on this system Error - 11/7/2011 12:01:49 PM | Computer Name = Homelaptop | Source = WLAN-Tray | ID = 0 Description = 10:01:49, Mon, Nov 07, 11 Error - User "" does not have administrative privileges on this system Error - 12/2/2011 3:31:00 PM | Computer Name = Homelaptop | Source = WLAN-Tray | ID = 0 Description = 13:31:00, Fri, Dec 02, 11 Error - User "" does not have administrative privileges on this system Error - 12/9/2011 12:55:21 PM | Computer Name = Homelaptop | Source = WLAN-Tray | ID = 0 Description = 10:55:21, Fri, Dec 09, 11 Error - User "" does not have administrative privileges on this system Error - 12/25/2011 7:46:49 PM | Computer Name = Homelaptop | Source = WLAN-Tray | ID = 0 Description = 17:46:49, Sun, Dec 25, 11 Error - User "" does not have administrative privileges on this system Error - 12/28/2011 2:26:07 AM | Computer Name = Homelaptop | Source = WLAN-Tray | ID = 0 Description = 00:26:07, Wed, Dec 28, 11 Error - User "" does not have administrative privileges on this system Error - 3/6/2012 1:57:30 AM | Computer Name = Homelaptop | Source = WLAN-Tray | ID = 0 Description = 23:57:30, Mon, Mar 05, 12 Error - User "" does not have administrative privileges on this system [ Dell Events ] Error - 7/13/2011 11:32:36 PM | Computer Name = Homelaptop | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 7/13/2011 11:32:36 PM | Computer Name = Homelaptop | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 7/13/2011 11:55:08 PM | Computer Name = Homelaptop | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 7/13/2011 11:55:08 PM | Computer Name = Homelaptop | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 8/6/2011 9:33:15 PM | Computer Name = Homelaptop | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 8/6/2011 9:33:15 PM | Computer Name = Homelaptop | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 9/17/2011 11:10:25 AM | Computer Name = Homelaptop | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. [ OSession Events ] Error - 4/23/2009 11:26:05 AM | Computer Name = Homelaptop | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1286 seconds with 840 seconds of active time. This session ended with a crash. Error - 7/27/2010 1:03:40 AM | Computer Name = Homelaptop | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7022 seconds with 180 seconds of active time. This session ended with a crash. Error - 10/30/2010 12:12:05 AM | Computer Name = Homelaptop | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 3/29/2012 3:29:44 PM | Computer Name = Homelaptop | Source = Service Control Manager | ID = 7022 Description = Error - 3/29/2012 3:29:44 PM | Computer Name = Homelaptop | Source = DCOM | ID = 10005 Description = Error - 3/29/2012 3:29:44 PM | Computer Name = Homelaptop | Source = Service Control Manager | ID = 7026 Description = Error - 3/29/2012 3:29:57 PM | Computer Name = Homelaptop | Source = DCOM | ID = 10005 Description = Error - 3/29/2012 3:29:59 PM | Computer Name = Homelaptop | Source = DCOM | ID = 10005 Description = Error - 3/29/2012 3:30:03 PM | Computer Name = Homelaptop | Source = DCOM | ID = 10005 Description = Error - 3/29/2012 3:30:51 PM | Computer Name = Homelaptop | Source = DCOM | ID = 10005 Description = Error - 3/29/2012 3:31:47 PM | Computer Name = Homelaptop | Source = DCOM | ID = 10005 Description = Error - 3/29/2012 3:38:36 PM | Computer Name = Homelaptop | Source = DCOM | ID = 10005 Description = Error - 3/29/2012 3:38:36 PM | Computer Name = Homelaptop | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.518.0 Update Source: %%859 Update Stage: %%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode < End of report >
|
|
#12
March 29th, 2012, 11:25 PM
|
||||
|
||||
|
There is enough showing in your logs to warrant moving your topic to our Malware Removal Forum for checking. They are very busy there so please be patient.
You also have two antivirus programs installed (McAfee and Microsoft Security Essentials). This is not a good idea. Not only are unnecessary resources consumed but the potential for conflicts is greatly increased. Neither of those programs play well with others and MSE advise you to that effect before you install it. Quote:
|
|
#13
March 30th, 2012, 01:48 AM
|
||||
|
||||
|
Welcome to CTH mac1981,
The logs show these installed: iolo technologies' System Mechanic Microsoft Security Essentials "RadialpointClientGateway_is1" = AT&T Internet Security Wizard 1.5.11 McAfee Total Protection Other than the fact that ISP's, like ATT, always provide the security software that costs them the least, RadialPoint was very likely the very bottom of the barrel, and was truly a disaster. Fortunately they, and Verizon and Virgin and others have ceased to distribute that. And it has been my experience that Iolo's softwares aren't very far behind RadialPoint in causing system problems. And along with those, the logs show you have two other antivirus programs installed, with both McAfee and MS Security Essentials. Your system must have been running terrible with all that installed. Go ahead and run in Safe Mode for now, but don't use that msconfig method please. If something goes wrong when booting to Safe Mode using that, your system may be stuck in a reboot loop, msconfig mandated Safe Mode, failed access, and right back to msconfig mandated Safe Mode, over and over. Instead, At startup tap the F8 key about once per half-second, then select Safe Mode with Networking from the menu that will appear. In Safe Mode with Networking, Go here and download Cédric GEORGEOT's CAT – Crisis Aversion Tool, then click that cat.exe to run the tool. (For the download link, scroll down and click "ici" in: Bref, un must have à télécharger d’urgence ici. <------) When CAT opens, click the left-side Adjustments tab. Place a check next to: Enable Windows Installer in Safe Mode Then click Apply Checked Fixes, and agree to start the installer service. When it completes it's changes, click the upper left X and agree to close CAT. It will also open a log file - just close that for now. ------------ Go to Start - Control Panel - Programs - Programs and Features, then click on each of the following programs, if they show there, and click "Uninstall/Change", in the following order please. AT&T Internet Security Wizard 1.5.11 iolo technologies' System Mechanic McAfee Total Protection Microsoft Security Essentials Even if you plan on using one of those as your ongoing antivirus program, for now all of them have been damaged by all the others, so needs to be uninstalled. See if you can just go ahead and uninstall all of them, declining any suggestion of rebooting uninstall all are uninstalled. If any force a reboot, reboot right back to Safe Mode and finish pout that uninstall list. Then reboot to normal mode, and run and post a new OTL log please.
|
|
#14
March 30th, 2012, 03:22 AM
|
|||
|
|||
|
Did all the steps shown, but can't uninstall Microsoft Security Essentials. Says can't install in Safe Mode.
And I didn't know about the security software. I feel like wow and not very smart with that move. Learned something good today.
|
|
#15
March 30th, 2012, 04:01 AM
|
||||
|
||||
|
May be able to reboot to normal mode now, and the go ahead and uninstall Security Essentials. Assuming that went okay, Go here and follow the steps under:
Step 2 - Download and run MCPR.exe Be sure to reboot after running that as well. Then run a new OTL scan and post that log please. Please refrain from installing any new security software until I can check that log. Just please minimize your computer use, as much as possible (though things will likely be fine anyway).
|
|
| Bookmarks |
«
Previous Topic
|
Next Topic
»
| Topic Tools | |
|
|
Similar Topics
|
||||
| Topic | Topic Starter | Forum | Replies | Last Post |
| BSOD iastor.sys | Dimitry | Windows 7 | 0 | January 20th, 2013 08:01 PM |
| Need Fast Help, BSOD Stop Error 0x8E and iastor.sys | Frotch11 | Windows Vista | 3 | November 17th, 2012 05:48 PM |
| BSOD stop error KERNEL-DATA-INPAGE-ERROR | GretaLovejoy | Windows XP | 5 | November 5th, 2012 04:33 AM |
| Event ID 9: iastor error, results in system hang | jsmartin22 | Hardware | 9 | June 17th, 2009 05:54 PM |
All times are GMT +1. The time now is 10:24 PM.