Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Unknown/ Vista Unable to Update/ Slow Preformance [Solved]


  • This topic is locked This topic is locked

#31
Niki McKnight

Niki McKnight

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
OTL logfile created on: 3/5/2010 7:21:08 AM - Run 5
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Users\Nichole\Downloads\HELP
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16609)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 64.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.52 Gb Total Space | 163.85 Gb Free Space | 56.79% Space Free | Partition Type: NTFS
Drive D: | 9.57 Gb Total Space | 1.30 Gb Free Space | 13.61% Space Free | Partition Type: NTFS
Drive E: | 298.09 Gb Total Space | 146.26 Gb Free Space | 49.07% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 981.05 Mb Total Space | 973.89 Mb Free Space | 99.27% Space Free | Partition Type: FAT

Computer Name: FAITH
Current User Name: Nichole
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/22 17:52:01 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Nichole\Downloads\HELP\OTL(2).exe
PRC - [2010/02/08 11:02:10 | 002,343,632 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2010/01/15 22:09:37 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/01/20 03:04:37 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/12/02 08:20:20 | 001,183,744 | ---- | M] (JC&MB) -- C:\Program Files\Quicknote\quicknote.exe
PRC - [2006/11/10 07:12:08 | 000,054,832 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.0\shellmon.exe
PRC - [2006/11/10 07:11:58 | 000,039,472 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.0\waol.exe
PRC - [2006/10/23 07:50:35 | 000,046,640 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2006/09/25 19:52:48 | 000,050,736 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1200618788\ee\aolsoftware.exe
PRC - [2003/05/15 19:36:40 | 000,446,464 | ---- | M] (Provtech Limited) -- C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe


========== Modules (SafeList) ==========

MOD - [2010/02/22 17:52:01 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Nichole\Downloads\HELP\OTL(2).exe
MOD - [2006/11/02 04:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/01/11 22:18:00 | 000,129,640 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/10/19 20:27:49 | 000,000,024 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\iptools.INI -- (IPTools)
SRV - [2007/11/23 11:16:22 | 001,245,064 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/11/23 10:04:39 | 000,265,912 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/25 14:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 15:37:04 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) [Disabled | Stopped] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2007/09/19 20:30:52 | 000,065,536 | ---- | M] (Hewlett-Packard) [Disabled | Stopped] -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2006/11/02 07:35:29 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/23 07:50:35 | 000,046,640 | ---- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.11.2
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.1


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/21 20:20:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2007/01/01 00:38:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/21 20:20:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2007/01/01 00:38:21 | 000,000,000 | ---D | M]

[2009/07/08 08:16:32 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Mozilla\Extensions
[2009/07/08 08:16:32 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/03/04 12:19:31 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Mozilla\Firefox\Profiles\8fmkogpr.default\extensions
[2010/02/09 06:42:40 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Nichole\AppData\Roaming\Mozilla\Firefox\Profiles\8fmkogpr.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/02/05 07:18:55 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Nichole\AppData\Roaming\Mozilla\Firefox\Profiles\8fmkogpr.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/02/05 07:18:55 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Nichole\AppData\Roaming\Mozilla\Firefox\Profiles\8fmkogpr.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2009/08/17 19:42:28 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Nichole\AppData\Roaming\Mozilla\Firefox\Profiles\8fmkogpr.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}(2370)
[2009/07/22 02:55:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nichole\AppData\Roaming\Mozilla\Firefox\Profiles\8fmkogpr.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/04/19 14:50:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nichole\AppData\Roaming\Mozilla\Firefox\Profiles\8fmkogpr.default\extensions\{e1170235-2845-420c-acc3-42261a29dd46}
[2010/02/05 07:18:54 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Nichole\AppData\Roaming\Mozilla\Firefox\Profiles\8fmkogpr.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/02/02 10:03:02 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Mozilla\Firefox\Profiles\8fmkogpr.default\extensions\[email protected]
[2010/02/09 06:42:40 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Mozilla\Firefox\Profiles\8fmkogpr.default\extensions\[email protected]
[2010/02/05 07:18:55 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Mozilla\Firefox\Profiles\8fmkogpr.default\extensions\[email protected]
[2010/03/04 12:19:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/08/24 08:52:00 | 000,300,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Mozilla Firefox\components\coFFPlgn.dll
[2008/11/11 02:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2008/10/15 04:53:11 | 001,140,200 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPFxViewer.dll

O1 HOSTS File: ([2010/02/27 03:00:51 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - Reg Error: Value error. File not found
O2 - BHO: (FDMIECookiesBHO Class) - {7A780B7B-DCF1-4ec4-BB13-2DF92CAD27DB} - C:\Program Files\Light Downloader\ldmie2.dll ()
O2 - BHO: (CatcherBHO Class) - {9B4DF450-DCC7-4B07-935D-0CD757A64583} - C:\Program Files\Moyea\YouTube FLV Downloader\MoyeaCatcher.dll (Moyea Software Co., Ltd.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe (Provtech Limited)
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files\AOL 9.0\AOL.EXE (AOL, LLC.)
O4 - HKCU..\Run: [Quicknote] C:\Program Files\Quicknote\quicknote.exe (JC&MB)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Download all with Light Downloader - C:\Program Files\Light Downloader\dlall.htm ()
O8 - Extra context menu item: Download selected with Light Downloader - C:\Program Files\Light Downloader\dlselected.htm ()
O8 - Extra context menu item: Download with Light Downloader - C:\Program Files\Light Downloader\dllink.htm ()
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll File not found
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1262300281720 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.micr...44/igdtoolx.cab (IGDTester Class)
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.micro...gWebControl.cab (Diagnostics ActiveX WebControl)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 67.142.167.10 67.142.167.11
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Nichole\Pictures\Desktop\smiley7_1024x768.jpg
O24 - Desktop BackupWallPaper: C:\Users\Nichole\Pictures\Desktop\smiley7_1024x768.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/23 10:58:41 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/05/06 07:26:23 | 000,000,309 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/03/05 06:54:25 | 000,068,200 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2010/03/05 02:22:24 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2010/02/28 15:22:29 | 000,000,000 | ---D | C] -- C:\Program Files\Emsa DLL Register Tool
[2010/02/28 14:50:50 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2010/02/27 03:08:14 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/02/27 03:00:53 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2010/02/27 03:00:53 | 000,000,000 | ---D | C] -- \$RECYCLE.BIN
[2010/02/27 02:36:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/02/27 02:36:47 | 000,000,000 | ---D | C] -- \_OTL
[2010/02/22 17:49:31 | 000,096,104 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/02/22 17:49:31 | 000,056,816 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/02/22 17:49:30 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010/02/22 17:49:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/02/22 17:49:28 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/02/22 03:47:25 | 000,000,000 | ---D | C] -- C:\Users\Nichole\DoctorWeb
[2010/02/22 02:44:34 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/02/22 02:44:34 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/02/22 02:44:34 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/02/22 02:44:34 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/02/21 22:43:49 | 000,000,000 | ---D | C] -- C:\Program Files\ProcessExplorer
[2010/02/21 18:58:28 | 000,000,000 | ---D | C] -- C:\Users\Nichole\Documents\My PSP8 Files
[2010/02/21 10:39:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\pt-BR
[2010/02/21 08:21:31 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/02/21 08:04:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/21 08:04:40 | 000,000,000 | ---D | C] -- \Qoobox
[2010/02/21 06:43:48 | 000,000,000 | ---D | C] -- C:\Avenger
[2010/02/21 06:43:48 | 000,000,000 | ---D | C] -- \Avenger
[2010/02/20 08:59:57 | 000,000,000 | ---D | C] -- C:\Users\Nichole\Documents\cp1_0218001717
[2008/01/20 21:45:01 | 000,824,216 | ---- | C] (PC Pitstop LLC ) -- C:\Program Files\diskmd-setup-1052.exe
[2008/01/20 21:44:26 | 000,846,008 | ---- | C] (Duality Software ) -- C:\Program Files\alarm clocksetupdsc160r.exe
[2008/01/20 21:44:03 | 004,279,120 | ---- | C] (Lime Wire LLC) -- C:\Program Files\LimeWire PRO 4.12.6.exe
[2008/01/20 21:43:55 | 006,113,439 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\pci_filerecovery.exe
[2008/01/20 05:45:35 | 000,703,122 | R--- | C] (JAM Software ) -- C:\Program Files\TreeSizeSetup.exe
[2008/01/20 00:38:09 | 000,773,497 | ---- | C] (Cro-Code Software ) -- C:\Program Files\tls_setup.exe
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/03/05 07:23:27 | 006,815,744 | -HS- | M] () -- C:\Users\Nichole\ntuser.dat
[2010/03/05 07:22:54 | 000,000,290 | ---- | M] () -- C:\Windows\win.ini
[2010/03/05 07:19:34 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010/03/05 07:19:27 | 000,003,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/05 07:19:27 | 000,003,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/05 07:19:25 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2010/03/05 07:19:24 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/05 07:19:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/05 07:17:55 | 002,800,111 | -H-- | M] () -- C:\Users\Nichole\AppData\Local\IconCache.db
[2010/03/05 06:59:46 | 000,716,774 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/05 06:59:46 | 000,618,410 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/05 06:59:46 | 000,103,818 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/05 01:36:20 | 000,069,632 | ---- | M] () -- C:\Users\Nichole\Documents\jasc events.evtx
[2010/03/04 23:46:19 | 000,208,080 | ---- | M] () -- C:\Users\Nichole\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/03/01 11:11:57 | 000,524,288 | -HS- | M] () -- C:\Users\Nichole\ntuser.dat{d9aa8252-2541-11df-aa9e-00038a000015}.TMContainer00000000000000000002.regtrans-ms
[2010/03/01 11:11:57 | 000,524,288 | -HS- | M] () -- C:\Users\Nichole\ntuser.dat{d9aa8252-2541-11df-aa9e-00038a000015}.TMContainer00000000000000000001.regtrans-ms
[2010/03/01 11:11:57 | 000,065,536 | -HS- | M] () -- C:\Users\Nichole\ntuser.dat{d9aa8252-2541-11df-aa9e-00038a000015}.TM.blf
[2010/03/01 08:52:23 | 000,851,968 | ---- | M] () -- C:\Windows\SPInstall.etl
[2010/03/01 00:49:19 | 000,007,620 | ---- | M] () -- C:\Users\Nichole\AppData\Roaming\mainhst.zgh
[2010/02/28 21:46:28 | 000,069,632 | ---- | M] () -- C:\Users\Nichole\Documents\wusa.evtx
[2010/02/28 15:47:49 | 000,035,085 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/02/28 15:47:48 | 000,035,085 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/02/28 11:30:23 | 000,000,000 | -H-- | M] () -- C:\Windows\wusa.lock
[2010/02/28 10:22:16 | 000,011,827 | ---- | M] () -- C:\Users\Nichole\Documents\errors.rtf
[2010/02/27 23:50:50 | 000,000,258 | ---- | M] () -- C:\Windows\system.ini
[2010/02/27 21:40:28 | 000,003,732 | ---- | M] () -- C:\Users\Nichole\Documents\katie.rtf
[2010/02/27 03:40:51 | 000,002,631 | ---- | M] () -- C:\Users\Public\Desktop\Jasc Paint Shop Pro 8.lnk
[2010/02/27 03:00:51 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/02/27 00:32:23 | 000,008,473 | ---- | M] () -- C:\Users\Nichole\Documents\piecrust dad.rtf
[2010/02/23 19:39:22 | 000,006,594 | ---- | M] () -- C:\Users\Nichole\Documents\pie crust.rtf
[2010/02/23 17:51:12 | 000,056,816 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/02/22 17:49:35 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/02/22 17:36:16 | 000,000,739 | ---- | M] () -- C:\Users\Nichole\Documents\DrWeb.csv
[2010/02/22 14:17:03 | 000,000,147 | ---- | M] () -- C:\Windows\System32\tmp.files0
[2010/02/22 03:28:14 | 000,082,813 | ---- | M] () -- C:\Users\Nichole\Documents\Baddies.zip
[2010/02/21 21:30:14 | 000,000,038 | ---- | M] () -- C:\Windows\avisplitter.INI
[2010/02/20 09:04:54 | 000,076,433 | ---- | M] () -- C:\Users\Nichole\Documents\0514091931.jpg
[2010/02/20 09:04:37 | 000,061,300 | ---- | M] () -- C:\Users\Nichole\Documents\Pink.jpg
[2010/02/20 09:04:22 | 000,013,259 | ---- | M] () -- C:\Users\Nichole\Documents\0126001819a.jpg
[2010/02/20 09:04:04 | 000,086,636 | ---- | M] () -- C:\Users\Nichole\Documents\0219000747.jpg
[2010/02/20 08:59:57 | 000,052,302 | ---- | M] () -- C:\Users\Nichole\Documents\cp1_0218001717.zip
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/05 06:54:25 | 000,007,437 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2010/03/05 01:36:18 | 000,069,632 | ---- | C] () -- C:\Users\Nichole\Documents\jasc events.evtx
[2010/03/01 10:08:27 | 000,524,288 | -HS- | C] () -- C:\Users\Nichole\ntuser.dat{d9aa8252-2541-11df-aa9e-00038a000015}.TMContainer00000000000000000002.regtrans-ms
[2010/03/01 10:08:27 | 000,524,288 | -HS- | C] () -- C:\Users\Nichole\ntuser.dat{d9aa8252-2541-11df-aa9e-00038a000015}.TMContainer00000000000000000001.regtrans-ms
[2010/03/01 10:08:27 | 000,065,536 | -HS- | C] () -- C:\Users\Nichole\ntuser.dat{d9aa8252-2541-11df-aa9e-00038a000015}.TM.blf
[2010/02/28 21:46:15 | 000,069,632 | ---- | C] () -- C:\Users\Nichole\Documents\wusa.evtx
[2010/02/28 16:50:43 | 000,000,802 | ---- | C] () -- C:\Users\Nichole\WuPackages.xml
[2010/02/28 11:30:23 | 000,000,000 | -H-- | C] () -- C:\Windows\wusa.lock
[2010/02/28 10:22:16 | 000,011,827 | ---- | C] () -- C:\Users\Nichole\Documents\errors.rtf
[2010/02/28 08:16:24 | 000,000,016 | ---- | C] () -- \RootRepeal report 02-28-10 (08-16-24).txt
[2010/02/27 21:40:28 | 000,003,732 | ---- | C] () -- C:\Users\Nichole\Documents\katie.rtf
[2010/02/27 03:08:12 | 000,033,608 | ---- | C] () -- \ComboFix.txt
[2010/02/27 00:32:22 | 000,008,473 | ---- | C] () -- C:\Users\Nichole\Documents\piecrust dad.rtf
[2010/02/23 19:39:22 | 000,006,594 | ---- | C] () -- C:\Users\Nichole\Documents\pie crust.rtf
[2010/02/22 17:49:35 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/02/22 17:34:58 | 000,000,739 | ---- | C] () -- C:\Users\Nichole\Documents\DrWeb.csv
[2010/02/22 04:14:18 | 000,000,147 | ---- | C] () -- C:\Windows\System32\tmp.files0
[2010/02/22 03:28:13 | 000,082,813 | ---- | C] () -- C:\Users\Nichole\Documents\Baddies.zip
[2010/02/22 02:44:34 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/02/22 02:44:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/02/22 02:44:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/02/22 02:44:34 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/02/22 02:44:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/02/22 02:35:38 | 000,001,053 | ---- | C] () -- \CFScript.txt
[2010/02/21 22:43:34 | 001,615,732 | ---- | C] () -- C:\Program Files\ProcessExplorer.zip
[2010/02/21 14:27:40 | 000,029,555 | ---- | C] () -- \LOG 2010.txt
[2010/02/21 14:07:27 | 000,008,710 | ---- | C] () -- \avenger.txt
[2010/02/21 08:49:11 | 000,032,260 | ---- | C] () -- \log 2-21-2010.txt
[2010/02/21 06:54:21 | 000,015,514 | ---- | C] () -- \avenger2.txt
[2010/02/20 09:04:49 | 000,076,433 | ---- | C] () -- C:\Users\Nichole\Documents\0514091931.jpg
[2010/02/20 09:04:34 | 000,061,300 | ---- | C] () -- C:\Users\Nichole\Documents\Pink.jpg
[2010/02/20 09:04:18 | 000,013,259 | ---- | C] () -- C:\Users\Nichole\Documents\0126001819a.jpg
[2010/02/20 09:03:59 | 000,086,636 | ---- | C] () -- C:\Users\Nichole\Documents\0219000747.jpg
[2010/02/20 08:59:53 | 000,052,302 | ---- | C] () -- C:\Users\Nichole\Documents\cp1_0218001717.zip
[2010/02/12 03:01:26 | 000,071,168 | ---- | C] () -- C:\Windows\System32\drivers\kernel.sys
[2010/02/05 03:01:07 | 000,025,641 | ---- | C] () -- C:\Windows\Q-Dir.ini
[2010/01/09 00:42:28 | 000,002,131 | ---- | C] () -- \aaw7boot.log
[2009/12/29 05:23:18 | 000,000,036 | ---- | C] () -- C:\Users\Nichole\AppData\Local\housecall.guid.cache
[2009/12/24 17:01:35 | 001,703,968 | ---- | C] () -- C:\Program Files\VirtualDub-1.9.7.zip
[2009/11/24 21:54:35 | 000,000,028 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/09/27 14:41:07 | 000,002,560 | ---- | C] () -- \stub.log
[2009/08/04 04:37:19 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009/08/04 04:36:53 | 000,006,211 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009/05/10 07:08:44 | 004,376,305 | ---- | C] () -- \MWAV.LOG
[2009/05/10 06:02:00 | 000,000,074 | ---- | C] () -- \23990098.$$$
[2009/03/24 00:57:54 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.INI
[2009/03/14 12:16:55 | 000,230,454 | ---- | C] () -- \cam0000.bmp
[2009/03/13 16:26:45 | 000,057,654 | ---- | C] () -- \img.BMP
[2008/10/28 12:04:15 | 000,010,920 | ---- | C] () -- \aolconnfix.exe
[2008/10/28 12:04:15 | 000,001,039 | ---- | C] () -- \aolconnfix.txt
[2008/10/19 20:27:49 | 000,000,024 | ---- | C] () -- C:\Windows\System32\iptools.INI
[2008/10/15 04:26:38 | 000,067,334 | ---- | C] () -- \ProcessList.txt
[2008/08/07 17:57:20 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2008/08/07 17:57:19 | 002,041,363 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2008/08/07 17:57:19 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/08/07 17:57:19 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/08/07 17:57:18 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/08/07 17:57:18 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/08/07 17:57:18 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2008/05/07 06:00:05 | 000,000,146 | ---- | C] () -- \YServer.txt
[2008/05/04 10:08:55 | 000,020,480 | ---- | C] () -- C:\Windows\System32\CPUINFO2.DLL
[2008/02/15 05:21:44 | 000,000,178 | ---- | C] () -- C:\Windows\wininit.ini
[2008/01/30 03:54:52 | 000,000,458 | ---- | C] () -- C:\Windows\justnote.ini
[2008/01/26 08:56:55 | 001,474,385 | ---- | C] () -- C:\Program Files\sprint32v2.zip
[2008/01/26 00:43:06 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2008/01/20 21:47:26 | 000,048,489 | ---- | C] () -- C:\Program Files\ipnetinfo.zip
[2008/01/20 21:02:25 | 000,049,152 | ---- | C] () -- C:\Windows\System32\OctaneARM.dll
[2008/01/20 20:50:10 | 000,000,164 | ---- | C] () -- C:\Windows\RECMGRUN.INI
[2008/01/20 20:49:59 | 000,003,455 | ---- | C] () -- C:\Windows\RECVCALL.INI
[2008/01/20 19:59:51 | 000,065,024 | ---- | C] () -- C:\Users\Nichole\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/20 17:50:52 | 000,007,620 | ---- | C] () -- C:\Users\Nichole\AppData\Roaming\mainhst.zgh
[2008/01/20 06:03:25 | 000,011,114 | ---- | C] () -- C:\Users\Nichole\AppData\Roaming\wklnhst.dat
[2008/01/20 05:45:48 | 192,152,327 | R--- | C] () -- C:\Program Files\AllProgramFilesZipped.zip
[2008/01/20 05:45:35 | 000,905,216 | ---- | C] () -- C:\Program Files\iview398.exe
[2008/01/20 05:00:15 | 001,680,921 | ---- | C] () -- C:\Program Files\lingvosoft-dictionary-pkpc-engbul-f.zip
[2008/01/20 05:00:14 | 003,155,350 | ---- | C] () -- C:\Program Files\lingvosoft-dictionary-pkpc-engspa-f.exe
[2008/01/20 01:40:31 | 000,043,352 | ---- | C] () -- C:\Windows\System32\wups2.dll
[2008/01/20 00:38:43 | 003,154,009 | ---- | C] () -- C:\Program Files\audacity-win-1.2.6.zip
[2008/01/20 00:38:19 | 000,000,011 | ---- | C] () -- C:\Program Files\productid.txt
[2008/01/20 00:38:02 | 001,363,968 | ---- | C] () -- C:\Program Files\stickerlite.exe
[2008/01/20 00:37:36 | 000,687,733 | ---- | C] () -- C:\Program Files\notes170.exe
[2008/01/20 00:33:19 | 000,000,000 | ---- | C] () -- \MSDOS.SYS
[2008/01/20 00:33:19 | 000,000,000 | ---- | C] () -- \IO.SYS
[2008/01/17 20:25:33 | 000,007,944 | ---- | C] () -- C:\Users\Nichole\AppData\Local\d3d9caps.dat
[2007/11/23 10:30:00 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2007/11/23 10:30:00 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007/11/23 10:19:20 | 2325,676,032 | -HS- | C] () --
[2007/11/23 10:02:45 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK
[2007/11/23 10:02:44 | 000,438,840 | RHS- | C] () -- \bootmgr
[2007/03/27 09:45:22 | 000,004,096 | ---- | C] () -- C:\Windows\System32\sysres.dll
[2007/01/01 01:48:46 | 001,603,760 | ---- | C] () -- C:\Program Files\Paint.NET.3.36.zip
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:23:09 | 000,000,074 | ---- | C] () -- \autoexec.bat
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:08 | 000,000,010 | ---- | C] () -- \config.sys
[2006/06/18 00:17:26 | 000,000,212 | ---- | C] () -- C:\Windows\cr8type2lightins.ini
[2002/06/28 04:43:44 | 000,438,272 | ---- | C] () -- C:\Windows\System32\xvid.dll
[2002/05/15 18:38:40 | 000,091,136 | ---- | C] () -- C:\Windows\System32\mp4fil32.dll
[2002/05/04 08:19:00 | 000,049,152 | ---- | C] () -- C:\Windows\System32\avisynthEx.dll
[1998/03/14 12:16:04 | 000,000,136 | ---- | C] () -- C:\Windows\System32\mssrina.dll

========== LOP Check ==========

[2008/11/30 17:46:47 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\AMPSoft
[2009/04/20 22:32:38 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\ArmorSurf
[2009/12/28 19:39:51 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Ashampoo
[2008/12/16 11:07:10 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Auslogics
[2009/05/08 03:32:57 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Bearshare Premium P2P
[2008/08/02 19:20:45 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\BPK
[2009/07/21 03:19:35 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\BRAVIS
[2010/02/01 13:55:44 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\CBS Interactive
[2009/08/03 02:00:35 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Digital Support
[2008/12/01 05:41:10 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\FontCreator
[2006/12/31 23:36:00 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Free&Easy Font Viewer
[2006/12/31 23:36:00 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\GetRightToGo
[2009/05/08 03:07:50 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\GlarySoft
[2009/05/10 09:04:07 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\HouseCall 6.6
[2010/01/16 17:35:26 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\ImgBurn
[2009/12/20 03:09:58 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Improved Software
[2010/01/16 20:40:38 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\InfraRecorder
[2009/05/22 22:22:27 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\IObit
[2009/09/17 13:03:18 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\JAM Software
[2010/02/21 06:22:52 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Light Downloader
[2010/03/04 21:39:19 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\LimeWire
[2009/08/04 04:38:09 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\MAGIX
[2008/12/01 03:35:40 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\MainType
[2009/05/10 00:51:22 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\minimem
[2009/12/20 03:07:53 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Moyea
[2009/12/20 04:51:53 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\NeoDownloader
[2008/01/26 07:54:45 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\NoteTab Light
[2010/02/18 07:37:45 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Orbit
[2010/02/10 00:24:53 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Power Sound Editor Free
[2010/02/05 03:18:53 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Q-Dir
[2010/02/16 18:29:16 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Screaming Bee
[2008/10/17 23:28:52 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Se Analyzer Tool SA
[2010/01/18 14:16:26 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\SystemRequirementsLab
[2009/07/29 17:26:19 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\TamoSoft
[2008/01/20 06:03:26 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Template
[2007/01/01 00:38:22 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\UltraExplorer
[2009/12/23 20:38:30 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\UltraGet
[2009/05/06 05:43:22 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Uniblue
[2007/01/01 00:38:22 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\uTorrent
[2008/12/16 09:59:33 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\WinBatch
[2008/01/21 03:41:36 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\ZipGenius
[2010/03/05 07:19:25 | 000,000,374 | ---- | M] () -- C:\Windows\Tasks\AWC Startup.job
[2010/03/05 07:18:05 | 000,032,544 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:0CE7F3C9
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 12 bytes -> C:\Users\Nichole\My Documents:{726B6F7C-E889-4EFE-8CA3-AEF4943DBD38}
@Alternate Data Stream - 12 bytes -> C:\Users\Nichole\Documents:{726B6F7C-E889-4EFE-8CA3-AEF4943DBD38}
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:8423A1CF
< End of report >
  • 0

Advertisements


#32
Niki McKnight

Niki McKnight

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Log Name: Application
Source: Application Error
Date: 2/19/2010 12:50:33 AM
Event ID: 1000
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A
Computer: Faith
Description:
Faulting application Paint Shop Pro.exe, version 8.0.0.0, time stamp 0x3e9f67b9, faulting module JascWorkspace.dll, version 8.0.0.0, time stamp 0x3e9f5c69, exception code 0xc0000005, fault offset 0x00023543, process id 0xe60, application start time 0x01cab1276df2ccb0.
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Application Error" />
<EventID Qualifiers="0">1000</EventID>
<Level>2</Level>
<Task>100</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-02-19T05:50:33.000Z" />
<EventRecordID>43370</EventRecordID>
<Channel>Application</Channel>
<Computer>Faith</Computer>
<Security />
</System>
<EventData>
<Data>Paint Shop Pro.exe</Data>
<Data>8.0.0.0</Data>
<Data>3e9f67b9</Data>
<Data>JascWorkspace.dll</Data>
<Data>8.0.0.0</Data>
<Data>3e9f5c69</Data>
<Data>c0000005</Data>
<Data>00023543</Data>
<Data>e60</Data>
<Data>01cab1276df2ccb0</Data>
</EventData>
</Event>

~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~

Log Name: Application
Source: Application Error
Date: 2/19/2010 12:26:01 AM
Event ID: 1000
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A
Computer: Faith
Description:
Faulting application Paint Shop Pro.exe, version 8.0.0.0, time stamp 0x3e9f67b9, faulting module JascWorkspace.dll, version 8.0.0.0, time stamp 0x3e9f5c69, exception code 0xc0000005, fault offset 0x00023543, process id 0xda0, application start time 0x01cab1240161f1e0.
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Application Error" />
<EventID Qualifiers="0">1000</EventID>
<Level>2</Level>
<Task>100</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-02-19T05:26:01.000Z" />
<EventRecordID>43338</EventRecordID>
<Channel>Application</Channel>
<Computer>Faith</Computer>
<Security />
</System>
<EventData>
<Data>Paint Shop Pro.exe</Data>
<Data>8.0.0.0</Data>
<Data>3e9f67b9</Data>
<Data>JascWorkspace.dll</Data>
<Data>8.0.0.0</Data>
<Data>3e9f5c69</Data>
<Data>c0000005</Data>
<Data>00023543</Data>
<Data>da0</Data>
<Data>01cab1240161f1e0</Data>
</EventData>
</Event>


~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~
Log Name: Application
Source: Application Error
Date: 2/19/2010 12:24:13 AM
Event ID: 1000
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A
Computer: Faith
Description:
Faulting application Paint Shop Pro.exe, version 8.0.0.0, time stamp 0x3e9f67b9, faulting module JascWorkspace.dll, version 8.0.0.0, time stamp 0x3e9f5c69, exception code 0xc0000005, fault offset 0x00023543, process id 0xa54, application start time 0x01cab123c1328490.
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Application Error" />
<EventID Qualifiers="0">1000</EventID>
<Level>2</Level>
<Task>100</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-02-19T05:24:13.000Z" />
<EventRecordID>43335</EventRecordID>
<Channel>Application</Channel>
<Computer>Faith</Computer>
<Security />
</System>
<EventData>
<Data>Paint Shop Pro.exe</Data>
<Data>8.0.0.0</Data>
<Data>3e9f67b9</Data>
<Data>JascWorkspace.dll</Data>
<Data>8.0.0.0</Data>
<Data>3e9f5c69</Data>
<Data>c0000005</Data>
<Data>00023543</Data>
<Data>a54</Data>
<Data>01cab123c1328490</Data>
</EventData>
</Event>


~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~

Log Name: Application
Source: Application Error
Date: 2/9/2010 2:59:00 AM
Event ID: 1000
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A
Computer: Faith
Description:
Faulting application Paint Shop Pro.exe, version 8.0.0.0, time stamp 0x3e9f67b9, faulting module JascCmdProc.dll, version 8.0.0.0, time stamp 0x3e9f5d97, exception code 0xc0000005, fault offset 0x0001b3f7, process id 0xc80, application start time 0x01caa8f7b5000aba.
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Application Error" />
<EventID Qualifiers="0">1000</EventID>
<Level>2</Level>
<Task>100</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-02-09T07:59:00.000Z" />
<EventRecordID>42014</EventRecordID>
<Channel>Application</Channel>
<Computer>Faith</Computer>
<Security />
</System>
<EventData>
<Data>Paint Shop Pro.exe</Data>
<Data>8.0.0.0</Data>
<Data>3e9f67b9</Data>
<Data>JascCmdProc.dll</Data>
<Data>8.0.0.0</Data>
<Data>3e9f5d97</Data>
<Data>c0000005</Data>
<Data>0001b3f7</Data>
<Data>c80</Data>
<Data>01caa8f7b5000aba</Data>
</EventData>
</Event>

~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~

Log Name: Application
Source: Windows Error Reporting
Date: 3/5/2010 6:43:49 AM
Event ID: 1001
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Faith
Description:
Fault bucket 856956094, type 1
Event Name: APPCRASH
Response: None
Cab Id: 0

Problem signature:
P1: Paint Shop Pro.exe
P2: 8.0.0.0
P3: 3e9f67b9
P4: JascWorkspace.dll
P5: 8.0.0.0
P6: 3e9f5c69
P7: c0000005
P8: 00023543
P9:
P10:

Attached files:
C:\Users\Nichole\AppData\Local\Temp\WER62D8.tmp.version.txt

These files may be available here:
C:\Users\Nichole\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report02efda49
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Windows Error Reporting" />
<EventID Qualifiers="0">1001</EventID>
<Level>4</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-03-05T11:43:49.000Z" />
<EventRecordID>44964</EventRecordID>
<Channel>Application</Channel>
<Computer>Faith</Computer>
<Security />
</System>
<EventData>
<Data>856956094</Data>
<Data>1</Data>
<Data>APPCRASH</Data>
<Data>None</Data>
<Data>0</Data>
<Data>Paint Shop Pro.exe</Data>
<Data>8.0.0.0</Data>
<Data>3e9f67b9</Data>
<Data>JascWorkspace.dll</Data>
<Data>8.0.0.0</Data>
<Data>3e9f5c69</Data>
<Data>c0000005</Data>
<Data>00023543</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
C:\Users\Nichole\AppData\Local\Temp\WER62D8.tmp.version.txt</Data>
<Data>C:\Users\Nichole\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report02efda49</Data>
</EventData>
</Event>

~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~
Log Name: Application
Source: Application Error
Date: 3/3/2010 2:51:37 PM
Event ID: 1000
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A
Computer: Faith
Description:
Faulting application Paint Shop Pro.exe, version 8.1.0.0, time stamp 0x3f7cca99, faulting module JascWorkspace.dll, version 8.1.0.0, time stamp 0x3f7cbfc6, exception code 0xc0000005, fault offset 0x000235e3, process id 0xb98, application start time 0x01cabb0aeabec303.
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Application Error" />
<EventID Qualifiers="0">1000</EventID>
<Level>2</Level>
<Task>100</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-03-03T19:51:37.000Z" />
<EventRecordID>44613</EventRecordID>
<Channel>Application</Channel>
<Computer>Faith</Computer>
<Security />
</System>
<EventData>
<Data>Paint Shop Pro.exe</Data>
<Data>8.1.0.0</Data>
<Data>3f7cca99</Data>
<Data>JascWorkspace.dll</Data>
<Data>8.1.0.0</Data>
<Data>3f7cbfc6</Data>
<Data>c0000005</Data>
<Data>000235e3</Data>
<Data>b98</Data>
<Data>01cabb0aeabec303</Data>
</EventData>
</Event>

~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~
Log Name: Application
Source: Application Error
Date: 2/28/2010 8:10:56 PM
Event ID: 1000
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A
Computer: Faith
Description:
Faulting application Paint Shop Pro.exe, version 8.0.0.0, time stamp 0x3e9f67b9, faulting module JascWorkspace.dll, version 8.0.0.0, time stamp 0x3e9f5c69, exception code 0xc0000005, fault offset 0x00023543, process id 0x5b0, application start time 0x01cab8dc083f3013.
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Application Error" />
<EventID Qualifiers="0">1000</EventID>
<Level>2</Level>
<Task>100</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-03-01T01:10:56.000Z" />
<EventRecordID>44360</EventRecordID>
<Channel>Application</Channel>
<Computer>Faith</Computer>
<Security />
</System>
<EventData>
<Data>Paint Shop Pro.exe</Data>
<Data>8.0.0.0</Data>
<Data>3e9f67b9</Data>
<Data>JascWorkspace.dll</Data>
<Data>8.0.0.0</Data>
<Data>3e9f5c69</Data>
<Data>c0000005</Data>
<Data>00023543</Data>
<Data>5b0</Data>
<Data>01cab8dc083f3013</Data>
</EventData>
</Event>

~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~
Log Name: Application
Source: MsiInstaller
Date: 2/21/2010 10:40:12 PM
Event ID: 1035
Task Category: None
Level: Information
Keywords: Classic
User: Faith\Nichole
Computer: Faith
Description:
Windows Installer reconfigured the product. Product Name: Jasc Paint Shop Pro 8. Product Version: 8.00.0000. Product Language: 1033. Reconfiguration success or error status: 0.
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="MsiInstaller" />
<EventID Qualifiers="0">1035</EventID>
<Level>4</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-02-22T03:40:12.000Z" />
<EventRecordID>43849</EventRecordID>
<Channel>Application</Channel>
<Computer>Faith</Computer>
<Security UserID="S-1-5-21-229804440-1059440681-801431790-1000" />
</System>
<EventData>
<Data>Jasc Paint Shop Pro 8</Data>
<Data>8.00.0000</Data>
<Data>1033</Data>
<Data>0</Data>
<Data>(NULL)</Data>
<Data>
</Data>
<Data>
</Data>
<Binary>7B38314133343930322D394430422D343932302D413235432D3443444335443134423332387D</Binary>
</EventData>
</Event>

~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~
Log Name: Application
Source: MsiInstaller
Date: 2/21/2010 10:40:07 PM
Event ID: 1004
Task Category: None
Level: Warning
Keywords: Classic
User: Faith\Nichole
Computer: Faith
Description:
Detection of product '{81A34902-9D0B-4920-A25C-4CDC5D14B328}', feature 'PaintShopPro8_Premium', component '{023E14D3-E18F-4BA0-B0B5-BDB09B1674CA}' failed. The resource 'C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Palettes\' does not exist.
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="MsiInstaller" />
<EventID Qualifiers="0">1004</EventID>
<Level>3</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-02-22T03:40:07.000Z" />
<EventRecordID>43845</EventRecordID>
<Channel>Application</Channel>
<Computer>Faith</Computer>
<Security UserID="S-1-5-21-229804440-1059440681-801431790-1000" />
</System>
<EventData>
<Data>{81A34902-9D0B-4920-A25C-4CDC5D14B328}</Data>
<Data>PaintShopPro8_Premium</Data>
<Data>{023E14D3-E18F-4BA0-B0B5-BDB09B1674CA}</Data>
<Data>C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Palettes\</Data>
<Data>(NULL)</Data>
<Data>
</Data>
<Data>
</Data>
</EventData>
</Event>

~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~
Log Name: Application
Source: Windows Error Reporting
Date: 2/21/2010 10:29:44 PM
Event ID: 1001
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Faith
Description:
Fault bucket 10767991, type 5
Event Name: PCA2
Response: None
Cab Id: 0

Problem signature:
P1: Paint Shop Pro.exe
P2: 8.1.0.0
P3: Paint Shop Pro 8
P4: Paint Shop Pro 8
P5: Jasc Software, Inc.
P6: 200
P7: -1
P8:
P9:
P10:

Attached files:
C:\Users\Nichole\AppData\Local\Temp\{63d0c468-eecb-4ffc-a8fd-36e6862b0cc4}\appcompat.txt
C:\Users\Nichole\AppData\Local\Temp\TabF4D2.tmp

These files may be available here:
C:\Users\Nichole\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0b07f964
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Windows Error Reporting" />
<EventID Qualifiers="0">1001</EventID>
<Level>4</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-02-22T03:29:44.000Z" />
<EventRecordID>43831</EventRecordID>
<Channel>Application</Channel>
<Computer>Faith</Computer>
<Security />
</System>
<EventData>
<Data>10767991</Data>
<Data>5</Data>
<Data>PCA2</Data>
<Data>None</Data>
<Data>0</Data>
<Data>Paint Shop Pro.exe</Data>
<Data>8.1.0.0</Data>
<Data>Paint Shop Pro 8</Data>
<Data>Paint Shop Pro 8</Data>
<Data>Jasc Software, Inc.</Data>
<Data>200</Data>
<Data>-1</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
C:\Users\Nichole\AppData\Local\Temp\{63d0c468-eecb-4ffc-a8fd-36e6862b0cc4}\appcompat.txt
C:\Users\Nichole\AppData\Local\Temp\TabF4D2.tmp</Data>
<Data>C:\Users\Nichole\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0b07f964</Data>
</EventData>
</Event>

~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~
Log Name: Application
Source: Windows Error Reporting
Date: 2/21/2010 9:06:37 PM
Event ID: 1001
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Faith
Description:
Fault bucket 385155036, type 1
Event Name: APPCRASH
Response: None
Cab Id: 0

Problem signature:
P1: Paint Shop Pro.exe
P2: 8.1.0.0
P3: 3f7cca99
P4: JascColorMgr.dll!?ICMProcessImage@CJDeviceContex
P5: 6.0.6000.16386
P6: 4549bdc9
P7: c0000139
P8: 00008fc7
P9:
P10:

Attached files:
C:\Users\Nichole\AppData\Local\Temp\WER3B80.tmp.version.txt

These files may be available here:
C:\Users\Nichole\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report06b7e141
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Windows Error Reporting" />
<EventID Qualifiers="0">1001</EventID>
<Level>4</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-02-22T02:06:37.000Z" />
<EventRecordID>43814</EventRecordID>
<Channel>Application</Channel>
<Computer>Faith</Computer>
<Security />
</System>
<EventData>
<Data>385155036</Data>
<Data>1</Data>
<Data>APPCRASH</Data>
<Data>None</Data>
<Data>0</Data>
<Data>Paint Shop Pro.exe</Data>
<Data>8.1.0.0</Data>
<Data>3f7cca99</Data>
<Data>JascColorMgr.dll!?ICMProcessImage@CJDeviceContex</Data>
<Data>6.0.6000.16386</Data>
<Data>4549bdc9</Data>
<Data>c0000139</Data>
<Data>00008fc7</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
C:\Users\Nichole\AppData\Local\Temp\WER3B80.tmp.version.txt</Data>
<Data>C:\Users\Nichole\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report06b7e141</Data>
</EventData>
</Event>


~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~

Log Name: Application
Source: Application Error
Date: 2/21/2010 9:05:55 PM
Event ID: 1000
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A
Computer: Faith
Description:
Faulting application Paint Shop Pro.exe, version 8.1.0.0, time stamp 0x3f7cca99, faulting module JascColorMgr.dll!?ICMProcessImage@CJDeviceContex, version 6.0.6000.16386, time stamp 0x4549bdc9, exception code 0xc0000139, fault offset 0x00008fc7, process id 0x784, application start time 0x01cab363844ec474.
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Application Error" />
<EventID Qualifiers="0">1000</EventID>
<Level>2</Level>
<Task>100</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-02-22T02:05:55.000Z" />
<EventRecordID>43812</EventRecordID>
<Channel>Application</Channel>
<Computer>Faith</Computer>
<Security />
</System>
<EventData>
<Data>Paint Shop Pro.exe</Data>
<Data>8.1.0.0</Data>
<Data>3f7cca99</Data>
<Data>JascColorMgr.dll!?ICMProcessImage@CJDeviceContex</Data>
<Data>6.0.6000.16386</Data>
<Data>4549bdc9</Data>
<Data>c0000139</Data>
<Data>00008fc7</Data>
<Data>784</Data>
<Data>01cab363844ec474</Data>
</EventData>
</Event>

~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~
SERVICE PACK ERRORS

Log Name: Setup
Source: Microsoft-Windows-WUSA
Date: 2/10/2010 1:10:52 PM
Event ID: 3
Task Category: None
Level: Error
Keywords:
User: Faith\Nichole
Computer: Faith
Description:
The Windows update could not be installed because of an error: 2147943458 "The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." (Command line: ""C:\Windows\system32\wusa.exe" "C:\Downloads\Software\Windows6.0-KB947821-v7-x86.msu" ")
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-WUSA" Guid="{09608c12-c1da-4104-a6fe-b959cf57560a}" />
<EventID>3</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2010-02-10T18:10:52.393Z" />
<EventRecordID>12</EventRecordID>
<Correlation />
<Execution ProcessID="1416" ThreadID="4076" />
<Channel>Setup</Channel>
<Computer>Faith</Computer>
<Security UserID="S-1-5-21-229804440-1059440681-801431790-1000" />
</System>
<EventData>
<Data Name="UpdateTitle">
</Data>
<Data Name="ErrorCode">2147943458</Data>
<Data Name="ErrorString">The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.</Data>
<Data Name="CommandLine">"C:\Windows\system32\wusa.exe" "C:\Downloads\Software\Windows6.0-KB947821-v7-x86.msu" </Data>
</EventData>
</Event>


~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~
Log Name: Setup
Source: Microsoft-Windows-WUSA
Date: 2/10/2010 3:08:01 PM
Event ID: 3
Task Category: None
Level: Error
Keywords:
User: Faith\Nichole
Computer: Faith
Description:
The Windows update could not be installed because of an error: 2147943484 "This service cannot be started in Safe Mode" (Command line: ""C:\Windows\system32\wusa.exe" "C:\Downloads\Software\Windows6.0-KB947821-v7-x86.msu" ")
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-WUSA" Guid="{09608c12-c1da-4104-a6fe-b959cf57560a}" />
<EventID>3</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2010-02-10T20:08:01.226Z" />
<EventRecordID>16</EventRecordID>
<Correlation />
<Execution ProcessID="556" ThreadID="312" />
<Channel>Setup</Channel>
<Computer>Faith</Computer>
<Security UserID="S-1-5-21-229804440-1059440681-801431790-1000" />
</System>
<EventData>
<Data Name="UpdateTitle">
</Data>
<Data Name="ErrorCode">2147943484</Data>
<Data Name="ErrorString">This service cannot be started in Safe Mode</Data>
<Data Name="CommandLine">"C:\Windows\system32\wusa.exe" "C:\Downloads\Software\Windows6.0-KB947821-v7-x86.msu" </Data>
</EventData>
</Event>


~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~
Log Name: Setup
Source: Microsoft-Windows-WUSA
Date: 2/28/2010 11:31:13 AM
Event ID: 3
Task Category: None
Level: Error
Keywords:
User: Faith\Nichole
Computer: Faith
Description:
The Windows update "Hotfix for Windows (KB947821)" could not be installed because of an error: 2147500034 "No such interface supported" (Command line: ""C:\Windows\system32\wusa.exe" "C:\Downloads\Software\Windows6.0-KB947821-v7-x86.msu" ")
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-WUSA" Guid="{09608c12-c1da-4104-a6fe-b959cf57560a}" />
<EventID>3</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2010-02-28T16:31:13.238Z" />
<EventRecordID>20</EventRecordID>
<Correlation />
<Execution ProcessID="1008" ThreadID="748" />
<Channel>Setup</Channel>
<Computer>Faith</Computer>
<Security UserID="S-1-5-21-229804440-1059440681-801431790-1000" />
</System>
<EventData>
<Data Name="UpdateTitle">"Hotfix for Windows (KB947821)"</Data>
<Data Name="ErrorCode">2147500034</Data>
<Data Name="ErrorString">No such interface supported</Data>
<Data Name="CommandLine">"C:\Windows\system32\wusa.exe" "C:\Downloads\Software\Windows6.0-KB947821-v7-x86.msu" </Data>
</EventData>
</Event>


There's more but I'll wait to hear from you.....

  • 0

#33
Niki McKnight

Niki McKnight

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
PSP... THIS may be the cause....

Log Name: System
Source: Application Popup
Date: 2/21/2010 9:05:33 PM
Event ID: 26
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Faith
Description:
Application popup: Paint Shop Pro.exe - Entry Point Not Found : The procedure entry point ?ICMProcessImage@CJDeviceContext@@UAE_NPAVCRowIterator@@0@Z could not be located in the dynamic link library JascColorMgr.dll.
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Application Popup" />
<EventID Qualifiers="16384">26</EventID>
<Level>4</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-02-22T02:05:33.000Z" />
<EventRecordID>107267</EventRecordID>
<Channel>System</Channel>
<Computer>Faith</Computer>
<Security />
</System>
<EventData>
<Data>Paint Shop Pro.exe - Entry Point Not Found</Data>
<Data>The procedure entry point ?ICMProcessImage@CJDeviceContext@@UAE_NPAVCRowIterator@@0@Z could not be located in the dynamic link library JascColorMgr.dll. </Data>
</EventData>
</Event>

~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~

Log Name: System
Source: Application Popup
Date: 2/21/2010 8:59:22 PM
Event ID: 26
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Faith
Description:
Application popup: Paint Shop Pro.exe - Unable To Locate Component : This application has failed to start because sxlrt308.dll was not found. Re-installing the application may fix this problem.
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Application Popup" />
<EventID Qualifiers="16384">26</EventID>
<Level>4</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-02-22T01:59:22.000Z" />
<EventRecordID>107265</EventRecordID>
<Channel>System</Channel>
<Computer>Faith</Computer>
<Security />
</System>
<EventData>
<Data>Paint Shop Pro.exe - Unable To Locate Component</Data>
<Data>This application has failed to start because sxlrt308.dll was not found. Re-installing the application may fix this problem. </Data>
</EventData>
</Event>

~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~
Log Name: System
Source: Application Popup
Date: 2/21/2010 8:59:15 PM
Event ID: 26
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Faith
Description:
Application popup: Paint Shop Pro.exe - Entry Point Not Found : The procedure entry point ?ICMProcessImage@CJDeviceContext@@UAE_NPAVCRowIterator@@0@Z could not be located in the dynamic link library JascColorMgr.dll.
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Application Popup" />
<EventID Qualifiers="16384">26</EventID>
<Level>4</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-02-22T01:59:15.000Z" />
<EventRecordID>107264</EventRecordID>
<Channel>System</Channel>
<Computer>Faith</Computer>
<Security />
</System>
<EventData>
<Data>Paint Shop Pro.exe - Entry Point Not Found</Data>
<Data>The procedure entry point ?ICMProcessImage@CJDeviceContext@@UAE_NPAVCRowIterator@@0@Z could not be located in the dynamic link library JascColorMgr.dll. </Data>
</EventData>
</Event>
  • 0

#34
Niki McKnight

Niki McKnight

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
I appreciate your help...

Edited by Niki McKnight, 05 March 2010 - 06:02 PM.

  • 0

#35
Ltangelic

Ltangelic

    Angel Annihilator of Malware

  • Retired Staff
  • 2,008 posts
Hey Niki McKnight,

As suggested in the logs you gave me, perhaps re-installing the program would resolve the issue?

Let's do a few more scans and if there are still problem with your computer, I'll need to direct you to the appropriate forum since it is beyond my expertise.

Please follow my instructions in the order they were given, and print out a copy of it as you may not have access to the forums during the fix.

Before we go on to run the tools, it would be advisable to temporarily disable your protection software(s) (Spybot Teatimer) as it/they may hinder the tools from running. Instructions is in the link below:

http://www.bleepingc...opic114351.html

1) Run Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
2) Run Kaspersky Webscanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

Upgrading Java:
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 18.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u18-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Make sure the C:\Program Files\JAVA folder is removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u18-windows-i586.exe and select "Run as an Administrator.")
THEN

Please do an online scan with Kaspersky WebScanner
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
Next reply (please include in your post):

MBAM scan log
Kaspersky scan log
  • 0

#36
Niki McKnight

Niki McKnight

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Malwarebytes' Anti-Malware 1.44
Database version: 3828
Windows 6.0.6000
Internet Explorer 7.0.6000.16609

3/6/2010 2:04:13 AM
mbam-log-2010-03-06 (02-04-10).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 413077
Time elapsed: 1 hour(s), 19 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#37
Niki McKnight

Niki McKnight

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Everything it found was latent, however I deleted all the files....

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, March 6, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit (build 6000)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, March 06, 2010 06:08:02
Records in database: 3710405
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\

Scan statistics:
Objects scanned: 568635
Threats found: 9
Infected objects found: 34
Suspicious objects found: 0
Scan duration: 07:43:28


File name / Threat / Threats count
C:\Program Files\ABC\List Alphabetizer.exe Infected: not-a-virus:AdWare.Win32.Rabio.cz 1
E:\BACK _ UP 2008\Downloads\listalphabetizer.zip Infected: not-a-virus:AdWare.Win32.Rabio.cz 1
E:\BACK _ UP 2008\JUNK DRAWER\incoming\JANUARY\sendtocommander\SendTo Commander.exe Infected: not-a-virus:AdWare.Win32.Rabio.cx 1
E:\BACK _ UP 2008\JUNK DRAWER\incoming\JANUARY\sendtocommander.zip Infected: not-a-virus:AdWare.Win32.Rabio.cx 1
E:\BACK _ UP 2008\JUNK DRAWER\incoming\sdvc3000.exe Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1
E:\BACK _ UP 2008\JUNK DRAWER\My Virtual Junk Draw\Newbie Programs\ESP_Monitoring_Survailence.MSI Infected: not-a-virus:Monitor.Win32.KeyLogger.aj 1
E:\BACK _ UP 2008\JUNK DRAWER\My Virtual Junk Draw\Newbie Programs\mailpv.zip Infected: not-a-virus:PSWTool.Win32.MailPassView.c 1
E:\GRAPHICS\Zipped Graphics & Icons\safari.zip Infected: not-a-virus:AdWare.Win32.SaveNow.bx 1
E:\GRAPHICS\Zipped Graphics & Icons\safari_2.zip Infected: not-a-virus:AdWare.Win32.SaveNow.aj 2
E:\GRAPHICS\Zipped Graphics & Icons\scrnpix.zip Infected: not-a-virus:AdWare.Win32.WebHancer.16 8
E:\Pic GRAPHICS back-up\Pictures Graphics\GRAPHICS\Zipped Graphics & Icons\safari.zip Infected: not-a-virus:AdWare.Win32.SaveNow.bx 1
E:\Pic GRAPHICS back-up\Pictures Graphics\GRAPHICS\Zipped Graphics & Icons\safari_2.zip Infected: not-a-virus:AdWare.Win32.SaveNow.aj 2
E:\Pic GRAPHICS back-up\Pictures Graphics\GRAPHICS\Zipped Graphics & Icons\scrnpix.zip Infected: not-a-virus:AdWare.Win32.WebHancer.16 8
E:\Pics 2009\___June 2009\JUNK DRAWER\incoming\JANUARY\sendtocommander\SendTo Commander.exe Infected: not-a-virus:AdWare.Win32.Rabio.cx 1
E:\Pics 2009\___June 2009\JUNK DRAWER\incoming\sdvc3000.exe Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1
E:\Pics 2009\___June 2009\JUNK DRAWER\My Virtual Junk Draw\Newbie Programs\ESP_Monitoring_Survailence.MSI Infected: not-a-virus:Monitor.Win32.KeyLogger.aj 1
E:\RELOCATED FILES 2010\DOWNLOAD FILES\listalphabetizer.zip Infected: not-a-virus:AdWare.Win32.Rabio.cz 1
E:\RELOCATED FILES 2010\DOWNLOAD FILES\slidesetup-freeware(2).exe Infected: Virus.Win32.Induc.a 1

Selected area has been scanned.
  • 0

#38
Ltangelic

Ltangelic

    Angel Annihilator of Malware

  • Retired Staff
  • 2,008 posts
Hey Niki McKnight,

How is your computer running? Is the Paint Ship Pro program issue resolved?
  • 0

#39
Niki McKnight

Niki McKnight

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
PC seems to be running better... PSP is working after I uninstalled MSVisuall c++...
  • 0

#40
Ltangelic

Ltangelic

    Angel Annihilator of Malware

  • Retired Staff
  • 2,008 posts
Hey Niki McKnight,

Congratulations, your logs are clean! :)

We stil have some final cleanups to do, please bear with me. I'll also post my prevention speech so you can have an idea how to secure your computer in the future.

Cleanup

1) Remove Tools With OTC

Please download OTC.
  • Save it to your desktop.
  • Double Click on OTC.exe, a window will appear.
  • Please press the CleanUp! Button.
  • You may be asked to reboot, click "Yes".

2) Install an anti-virus

If you do not have an active anti-virus running, please go to the following links provided below, download and install ONE of the anti-virus protection.

Avira Antivir (recommended)
Avast! Home Edition
AVG 9 Free

3) Run TFC

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
4) Reset System Restore Points

[indent=1]You should Create a New Restore Point to prevent possible reinfection from an old one.
Some of the malware you picked up could have been saved in System Restore.
Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point.
Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

Prevention Speech

Below are some recommendations to protect your computer against malware infections.

1) Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

2) To reduce re-infection for malware in the future, I strongly recommend installing these free programs:

Complementary programs (does not conflict with any software that offers real time protection)

* SpywareBlaster- Prevents malicious Active-X controls from installing in the first place and reducing your chances of infection of spyware.
* IE-SpyAd- Puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites which actually installs malicious codes onto your system. (Tutorial available here)
* MVPS Hosts file- Replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

Anti-spyware programs with real time protection

* SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program or there will be a conflict.
* Spybot Search & Destroy- Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
* Windows Defender - Microsoft's free anti-spyware program that has high detection rates and protects well against unwanted malicious softwares

Firewalls

You should also have a good firewall. Here are 4 free ones available for personal use (please turn OFF your Windows firewall after installing ONE of the following):

* Sygate Personal Firewall
* Kerio Personal Firewall
* ZoneAlarm
* Comodo Firewall Pro

It is critical to have only ONE firewall, ONE anti virus and ONE anti-spyware resident protection running to protect your system and to keep them updated. Take note that not ALL programs offer real time protection, for a list of programs that DO offer real time protection, look here

3) Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
4) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

5) Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.

Please post back telling me if there are any further problems. If everything is working properly, I will mark this as Solved.
  • 0

Advertisements


#41
Niki McKnight

Niki McKnight

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
I will do as you asked but my problem is NOT solved!!!! I CAN'T UPDATE!
  • 0

#42
Ltangelic

Ltangelic

    Angel Annihilator of Malware

  • Retired Staff
  • 2,008 posts
Hey,

What error messages do you get when you try to update your computer? Is the same as before?
  • 0

#43
Niki McKnight

Niki McKnight

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
it tries to update but then it says some updates were not installed... I'll try running it again now so I can give you the exact message...
  • 0

#44
Niki McKnight

Niki McKnight

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
___update.jpg
  • 0

#45
Niki McKnight

Niki McKnight

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
I've also downloaded and tried to install the system readiness tool which tells me that some updates couldn't be installed.... I've download the agent, I've tried to force the installation, nothing...
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP