Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

BSOD...can't do system restore or recovery [Solved]


  • This topic is locked This topic is locked

#16
joyo8822

joyo8822

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi Josh!

I did have to use the bcdedit command.

Step 1: Untitled.jpg

Step 2: OTL Extras logfile created on: 8/4/2012 7:14:09 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Yola\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 48.00% Memory free
6.12 Gb Paging File | 4.42 Gb Available in Paging File | 72.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 187.74 Gb Total Space | 43.76 Gb Free Space | 23.31% Space Free | Partition Type: NTFS
Drive D: | 30.39 Gb Total Space | 15.69 Gb Free Space | 51.63% Space Free | Partition Type: NTFS

Computer Name: YOLAB | User Name: Yola | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{287EEDB7-ABFE-4B10-AAC6-136476E7949E}" = lport=139 | protocol=6 | dir=in | app=system |
"{3327E860-5EDD-4A98-835F-EDDF7183D3CC}" = lport=137 | protocol=17 | dir=in | app=system |
"{3CB26806-EA51-43EF-B3F7-E7812A31CE64}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4F9202C7-73BF-4236-9C4C-17B57B37B769}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5036653D-22AA-4205-8F11-B742389F9C81}" = rport=138 | protocol=17 | dir=out | app=system |
"{52F59AF2-1D23-4C48-8CAA-9A8A0200D4EF}" = rport=137 | protocol=17 | dir=out | app=system |
"{55CAAC19-B4B3-407A-A9B2-08A3F9304EF1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{970555B2-0552-4E98-B26D-0390D2C60972}" = rport=445 | protocol=6 | dir=out | app=system |
"{B3FC61AC-B3CE-4AB5-9642-24411C5CD50A}" = rport=139 | protocol=6 | dir=out | app=system |
"{BCA31437-6569-4B3E-968A-B64D17C60DC1}" = lport=138 | protocol=17 | dir=in | app=system |
"{C7DD2EA2-AF0B-4E4F-94E7-A50DF530A751}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service v4\intuitupdateservice.exe |
"{DBFA7604-EA16-44D7-9F54-D43C77A02C84}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service v4\intuitupdater.exe |
"{E899B2D8-2CA2-45E5-B165-E0E2F566B41E}" = lport=445 | protocol=6 | dir=in | app=system |
"{F18DF747-884D-4228-B1A5-118C7800DFDC}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0064FE3C-646C-4807-9222-B181F7EB7CCE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{07440DC5-BE71-4129-8A73-B20633C47F52}" = dir=in | app=c:\program files\lenovo\readycomm\projectionist.exe |
"{085E6773-F963-4A5F-A79F-33B5B4246FFA}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{0BE8A247-E5F2-4116-B321-28F592A56484}" = protocol=17 | dir=in | app=c:\program files\roxio\roxionow player\rnowshell.exe |
"{0CB3E76A-5E48-47D1-98D3-149471FAAAF6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0DC0DA4C-B724-40A2-9911-29B38F06466F}" = protocol=58 | dir=out | [email protected],-28546 |
"{17A79FFD-AF02-478E-9A65-CE95285D6C3F}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{1CBF100E-5E88-41E1-A951-C157D693450E}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{1EB38C67-0F2E-4472-8E95-4A455FD9F58E}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{2460AAE9-A1B7-4DC3-81BC-CBAF62FF24C4}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{24CBEAD1-84A6-4DE8-AAB3-3AC92C101C08}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{2A050074-8CCF-48F1-AD74-973ECD346404}" = protocol=6 | dir=in | app=c:\users\yola\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{2D3453B0-429F-47EF-B606-D01CEA52BB6F}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{2F6870F2-94AA-44A5-8C15-57C0DEE3DC96}" = protocol=1 | dir=out | [email protected],-28544 |
"{312D8B76-8C72-4C87-B129-68EFB6205751}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{31831A69-631E-4DD5-9BFB-3B783485F3EF}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil_.exe |
"{36482F8A-22E0-4EAE-B29C-00C4AA94DF2F}" = dir=in | app=c:\program files\lenovo\readycomm\filereceiver.exe |
"{38302420-224A-4B7B-9939-E3AB4992E793}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{396A2E18-F648-4999-AC46-41CB298937B0}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{3AC921D4-DC92-4A52-93DB-E7F17DB43BD6}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{3CAC90AF-E80B-4054-893D-65CA1C518082}" = protocol=17 | dir=in | app=c:\users\yola\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{4130A829-2414-4688-B2A4-31523BE4DBD4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{422DD1BE-FEA2-4666-91EB-C73A54A3733A}" = dir=in | app=c:\program files\lenovo\readycomm\common\igrs.exe |
"{43CEFDEF-3451-4047-8E78-022012048B14}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{4725D173-BA19-4637-9FFB-7A4AA4F17785}" = protocol=6 | dir=in | app=c:\users\yola\appdata\roaming\dropbox\bin\dropbox.exe |
"{4D8C8B1E-50C8-4B81-826F-1ADD52EF43C9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{4E02C23C-9F16-498E-A139-A2E0BD246013}" = dir=in | app=c:\program files\lenovo\readycomm\readycomm.exe |
"{51BFC52C-2AEF-4E0C-A75B-B511AB8916EB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5A132EFA-0A36-4250-98C3-9610ADC8B7C5}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{5AC0BD08-C4A7-42ED-A293-FE8291763525}" = dir=out | app=c:\windows\system32\igrssvcs.exe |
"{5B3E6D0B-76E4-4F52-B1CA-FFD28CF4D45F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6B535569-E9D6-4401-9B38-BD8EC4D989EE}" = protocol=17 | dir=in | app=c:\users\yola\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{70134804-AD63-46B4-A6FC-2E18DC371A7C}" = protocol=6 | dir=in | app=c:\users\yola\appdata\local\temp\wzse0.tmp\symnrt.exe |
"{756C2B8C-EB4A-4F6A-ACC0-AC7AD8D6661D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{78019905-88F8-40A6-A4BA-C27E104A5778}" = protocol=6 | dir=in | app=c:\users\yola\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{81A6173F-0372-473D-B84E-D1A2F7AE40CB}" = protocol=58 | dir=in | [email protected],-28545 |
"{8D03786B-C3D1-4D9F-A5F3-837CCBB1CC20}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{8DED26A8-CFB0-44DF-A464-CB2EFF5B4EDF}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{91ACACCE-5E19-41DD-BD64-F52F06EEBFF3}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{937A8660-88A5-4906-9154-F80DA5FDE7E6}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil_.exe |
"{9618AAC7-0E45-429E-BF0E-278F573C07B9}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil_.exe |
"{995DC63A-2E94-494B-84A1-04572894B0EA}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{9C4FE00A-1C0C-4B1E-B8E8-93B61AE5F77E}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{9CC46088-3CF5-4711-9F79-F116EC9AD7DF}" = protocol=1 | dir=in | [email protected],-28543 |
"{9F804DD1-8405-4D04-99AF-5192AF8C3C60}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil_.exe |
"{9F898DDC-973A-4CFD-B83D-76332C9A3022}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{A20800E5-8727-4721-A7F8-61C4F7F04F62}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{A25BDF97-ED45-4155-8262-0B44A82E10F8}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{A6899EC0-FF32-4FB0-B5C3-88CA9A9C3129}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A74B32BD-20AF-4266-805D-CBDEE1B97313}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{AAEF7CFF-50CD-491D-92AE-4E64A3D4516E}" = dir=out | app=c:\program files\lenovo\readycomm\readycomm.exe |
"{AD285648-DECA-415F-9CBB-488667DF0DFF}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{AE31C587-6831-4FBF-BFD1-215D6B91F7EF}" = dir=out | app=c:\program files\lenovo\readycomm\projectionist.exe |
"{B021E9DA-0875-4AA1-9886-97EDA1542A53}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{B710B5BE-1832-48D3-9CD3-0279819464F6}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{B914E317-A891-410C-8AD6-6F4538A14899}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{BAE62A87-E5A1-43D4-ABB4-834A5415A57E}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{C213CE58-E5F6-43AA-8E8A-9E5B387B0E6F}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{C43E8F5F-A957-4D6F-B59B-71F5EE52609E}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{C48F3993-EECB-4336-8764-50D1829A69EB}" = dir=out | app=c:\program files\lenovo\readycomm\common\igrs.exe |
"{C6C91CBB-6F3B-4885-9949-64259EA31A04}" = protocol=17 | dir=in | app=c:\users\yola\appdata\roaming\dropbox\bin\dropbox.exe |
"{CDADC98B-6586-4B9C-A232-D7268340DE01}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{CE776177-1FDD-4111-89E1-49B9401E3042}" = protocol=6 | dir=in | app=c:\program files\roxio\roxionow player\rnowshell.exe |
"{D1982428-4B19-4AD6-A7B3-47F7A7477772}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{D34F6D21-25A4-45C6-A4C5-B2AFC5AA256F}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{D4420A45-08EA-4FE9-A46D-23FE17E237D8}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{E7E36240-552C-46A7-93EC-5EE4159CC94A}" = dir=out | app=c:\program files\lenovo\readycomm\filereceiver.exe |
"{F2B5F6DB-8926-478B-B315-67C7474A3DB4}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{F4AEECA7-3A29-4A20-A887-E70A538125B8}" = protocol=17 | dir=in | app=c:\users\yola\appdata\local\temp\wzse0.tmp\symnrt.exe |
"{F5B3A53C-3B79-4AD3-B02A-2171342AC1FC}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{F9D2FC3E-2819-427B-A39A-24293F015657}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{FABB8E81-E859-4977-BAA1-B567F61381EE}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{FBEE8AD8-67DF-4E5D-AE4B-16E5FE358258}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{FC3861BB-4E7F-4A14-9D01-F82D91DE72F4}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{FDEDD6A6-78F2-490B-8459-D70260A9563F}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{FFC9693B-0E63-4E2F-94C9-AEC844ABBF71}" = dir=in | app=c:\windows\system32\igrssvcs.exe |
"TCP Query User{32636143-D98D-4713-A202-5DCDA043A291}C:\users\yola\brosix\brosix.exe" = protocol=6 | dir=in | app=c:\users\yola\brosix\brosix.exe |
"TCP Query User{489FE911-6CB5-44FB-ADE4-CB4DB0BEA343}C:\users\yola\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\yola\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{4CA90724-BF85-4E7B-A80D-B52757271CF3}C:\users\yola\brosix\brosix.exe" = protocol=6 | dir=in | app=c:\users\yola\brosix\brosix.exe |
"TCP Query User{500BC777-FE11-4039-BB2D-8070C0192412}C:\users\yola\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\yola\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{ABC9BC33-3572-458E-B427-B62A6EFFB670}C:\program files\lionhead studios ltd\black & white\runblack.exe" = protocol=6 | dir=in | app=c:\program files\lionhead studios ltd\black & white\runblack.exe |
"TCP Query User{B6049A40-2692-4497-99CC-A54DDDADAA4C}C:\program files\soulseekns\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseekns\slsk.exe |
"TCP Query User{CA25617E-4264-4402-AF48-96E8819CEAA0}C:\program files\soulseekns\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseekns\slsk.exe |
"UDP Query User{03AA2575-D868-4E0A-A8F6-32E2CB179ABC}C:\users\yola\brosix\brosix.exe" = protocol=17 | dir=in | app=c:\users\yola\brosix\brosix.exe |
"UDP Query User{2E35E13C-CCF7-461D-BD1A-3CD24B982831}C:\users\yola\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\yola\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{88115475-B379-4D40-8910-915C1AA3579F}C:\users\yola\brosix\brosix.exe" = protocol=17 | dir=in | app=c:\users\yola\brosix\brosix.exe |
"UDP Query User{9D6CDA6E-9FD6-4E5A-8054-4CAA4B8478C7}C:\program files\soulseekns\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseekns\slsk.exe |
"UDP Query User{A6CBD210-CBAD-468B-9D11-6AD9AA3674B5}C:\program files\lionhead studios ltd\black & white\runblack.exe" = protocol=17 | dir=in | app=c:\program files\lionhead studios ltd\black & white\runblack.exe |
"UDP Query User{D8B8F1EB-12E2-448E-95C2-9371B65F6731}C:\users\yola\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\yola\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{E2856C2B-E6CC-4BBF-B5F7-220B1E2E50C1}C:\program files\soulseekns\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseekns\slsk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03E66394-42F0-4745-85F7-0A2F8F35C09F}" = HP Deskjet Printer Driver Software 9.0
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{10964A8F-21C1-45EA-BC2D-F84B505C3848}" = H&R Block Deluxe + Efile + State 2010
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{15C70064-2463-49dd-9A88-B700F75BB428}" = dj_sf_ProductContext
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{26E9EE62-5517-4C46-8B6E-B7C9A0A95D66}" = SWelCntr
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{438BB9B4-65FE-4626-91D9-A8F57B18001D}" = Bluesoleil2.6.0.8 Release 070517
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Lenovo EasyCamera
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{6549AA0C-6D93-4E76-9A13-6A6A0AA4FD6D}" = TaxCut California 2008
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6D12EC75-E7D3-4EAD-AB10-E1F3AFF94AA6}" = AVG 2012
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{717E0AD5-91EB-459F-AB8B-1B5219BAF7CE}" = Lenovo System Repair - Windows Update Monitor
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{75C22B40-6D12-4439-80DC-CAB3313EADA5}" = dj_sf_software_req
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{76C66170-C538-4E77-B54D-48E136B5B533}" = Lenovo ReadyComm 4.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99041921-18B5-4d36-9729-BE5A671B1932}" = D4200
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FBDF580-E37F-4DEE-8F2E-75A8E8716AAD}" = H&R Block California 2010
"{9FE94C17-25AD-4142-A012-E0BBE923C711}" = D4200_Help
"{A23E5590-6799-437B-9723-2627BA800B6F}" = Dolby Control Center
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B143D835-EBAF-4A39-8B31-1868FF4166C1}" = AVG 2012
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B639110D-747F-40DC-9682-95D94EF73790}" = dj_sf_software
"{BA31F48A-C811-30B4-AD93-1986C7838442}" = Google Talk Plugin
"{BBB33AD6-BCF7-4002-B6A0-6DC679AE5C18}" = TaxCut Premium + State + Efile 2008
"{C200A620-DD82-42A9-9A32-2CDA92914DCB}" = O2Micro Flash Memory Card Reader Driver (x86)
"{C89269D9-DD02-45DD-99DD-6AE592F6C447}" = TurboTax 2011 wcaiper
"{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}" = TuneUp Utilities 2007
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEF7211D-CE3A-44C4-B321-D84A2099AE94}" = Comcast Desktop Software (v1.2.0.9)
"{D8AA889B-2C65-47C3-8C16-3DCD4EF76A47}}_is1" = Invoke Solutions Participant 6.2.0.1452
"{E0C18BB0-32CA-4679-B422-9B9FA825378F}" = HP Deskjet Printer Driver Software 9.0
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{ECF9A76C-EDCE-45EF-95B0-6CD652DA8AF8}" = TmlCMode
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom Gigabit Integrated Controller
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FEF06E73-A519-4510-8CF3-B66041B91D8A}" = EMSC
"5D38134BF8A10D640B30E6B014EECDBC5F881E3D" = Windows Driver Package - ENE (enecir) HIDClass (04/29/2008 2.5.0.0)
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"ArtistScope Plugin FX 424.2.0.0" = ArtistScope Plugin FX 42
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"AVG" = AVG 2012
"BitTorrent" = BitTorrent
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"DivX Setup" = DivX Setup
"EasyCapture3.0" = EasyCapture
"ENTERPRISER" = Microsoft Office Enterprise 2007 Trial
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{ECF9A76C-EDCE-45EF-95B0-6CD652DA8AF8}" = TmlCMode
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Pdf995" = Pdf995 (installed by TaxCut)
"PdfEdit995" = PdfEdit995 (installed by TaxCut)
"PeerGuardian_is1" = PeerGuardian 2.0
"Soulseek2" = SoulSeek 157 NS 13e
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TurboTax 2011" = TurboTax 2011
"VeriFace III" = VeriFace III
"VLC media player" = VLC media player 0.9.2

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Brosix" = Brosix
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/22/2011 5:41:43 PM | Computer Name = YolaB | Source = WinMgmt | ID = 10
Description =

Error - 7/23/2011 8:19:10 PM | Computer Name = YolaB | Source = WinMgmt | ID = 10
Description =

Error - 7/24/2011 12:16:44 PM | Computer Name = YolaB | Source = WinMgmt | ID = 10
Description =

Error - 7/25/2011 10:43:21 PM | Computer Name = YolaB | Source = WinMgmt | ID = 10
Description =

Error - 7/26/2011 1:10:04 AM | Computer Name = YolaB | Source = WinMgmt | ID = 10
Description =

Error - 7/26/2011 10:08:32 PM | Computer Name = YolaB | Source = WinMgmt | ID = 10
Description =

Error - 7/27/2011 10:05:50 PM | Computer Name = YolaB | Source = WinMgmt | ID = 10
Description =

Error - 7/30/2011 2:23:55 AM | Computer Name = YolaB | Source = WinMgmt | ID = 10
Description =

Error - 7/30/2011 4:45:34 PM | Computer Name = YolaB | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 5.0.0.4183 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 730 Start Time: 01cc4eed53466dd0 Termination Time: 73

Error - 7/30/2011 5:00:51 PM | Computer Name = YolaB | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 5.0.0.4183 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 17e4 Start Time: 01cc4efbbc6bb960 Termination Time: 172

[ System Events ]
Error - 7/28/2012 7:45:19 PM | Computer Name = YolaB | Source = Service Control Manager | ID = 7022
Description =

Error - 8/3/2012 10:27:45 PM | Computer Name = YolaB | Source = Service Control Manager | ID = 7000
Description =

Error - 8/3/2012 10:27:45 PM | Computer Name = YolaB | Source = Service Control Manager | ID = 7026
Description =

Error - 8/3/2012 10:32:39 PM | Computer Name = YolaB | Source = Service Control Manager | ID = 7000
Description =

Error - 8/3/2012 10:32:39 PM | Computer Name = YolaB | Source = Service Control Manager | ID = 7026
Description =

Error - 8/3/2012 10:37:00 PM | Computer Name = YolaB | Source = Service Control Manager | ID = 7000
Description =

Error - 8/3/2012 10:37:00 PM | Computer Name = YolaB | Source = Service Control Manager | ID = 7026
Description =

Error - 8/4/2012 12:40:03 PM | Computer Name = YolaB | Source = Service Control Manager | ID = 7000
Description =

Error - 8/4/2012 12:40:03 PM | Computer Name = YolaB | Source = Service Control Manager | ID = 7026
Description =

Error - 8/4/2012 9:06:03 PM | Computer Name = YolaB | Source = DCOM | ID = 10010
Description =


< End of report >

Step 3: A file wasn't produced when I ran OTL. When it hit the emptytemp command, I let it sit and when I returned to it abotu 15 minutes later, it was "Not responding". It did that twice.

Step 4: Attached to the post.

Step 5: Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.05.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Yola :: YOLAB [administrator]

8/5/2012 9:43:07 AM
mbam-log-2012-08-05 (09-43-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209040
Time elapsed: 16 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\$Recycle.Bin\S-1-5-21-3575403344-3258026585-3421331224-1004\$RT8374G.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
C:\Users\Yola\AppData\Local\Temp\services.exe.mui (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

(end)


Thank you!

Attached Files


  • 0

Advertisements


#17
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,798 posts
Hello joyo8822. NPE didn't even show the details of what it did... how lame that program sucks. Your extras looks good save this:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

Are you aware of these security center settings? They disable warnings about automatic updates, internet security settings, and user account control. I noticed you have an out of date Java and Adobe Reader. I will give you instructions to update these programs. Also we will now try OTL emptyflash and emptyjava instead of emptytemp and see if we succeed. Emptyjava ought to get rid of the Java exploits Kaspersky Security Scan found. Your Kaspersky Security Scan log looked good save the Java exploits. Also MBAM log looked good too. Please do the following:

Step 1

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [CREATERESTOREPOINT]
    [EMPTYJAVA]
    [EMPTYFLASH]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Then post the produced log (it will be in C:\_OTL\MovedFiles with a filename beginning with the date)

Step 2

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older versions of Java components and upgrade the application.

Upgrading Java :
Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, then click Remove JRE.
  • Run the built-in uninstallers for all copies of java listed
  • Click the Next button
  • Click the Next button again
  • Click the Java Manual Download link
  • A browser window will open with the Java download page
  • Click the Windows Offline (32-bit) link to download Java
  • Run the installer
  • Close JavaRa

Step 3

Upgrading Adobe Reader:
  • Go to Start Menu --> Control Panel --> Programs and Features
  • Scroll to and select the Adobe Reader entry
  • Click Uninstall
  • Follow the instructions
  • Go to this site: http://get.adobe.com/reader/ or this one for Foxit Reader (I prefer Foxit - it is less targeted by malware and allows pdf form editing)
  • Download and install the newest Adobe Reader (or Foxit)

Things to see in your next post:
OTL fix log (it will be in C:\_OTL\MovedFiles with a filename beginning with the date)

  • 0

#18
joyo8822

joyo8822

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi Josh

NPE is awful...I wish I never used it. I checked my windows security settings and everything said "on" so I'm kinda curious why it said there were all disabled? I installed all the updates...thanks!

Here's the OTL log:
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Yola
->Java cache emptied: 55618339 bytes

Total Java Files Cleaned = 53.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Yola
->Flash cache emptied: 1090238 bytes

Total Flash Files Cleaned = 1.00 mb


OTL by OldTimer - Version 3.2.55.0 log created on 08052012_221550
  • 0

#19
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,798 posts
Hi joyo8822. G2G has no means of accepting donations since it is self-supporting. I cannot accept donations because I am still in training to become a malware removal expert. My instructor however who makes it possible for people like to me to help people like you and who also does disinfections on his own time would love a donation. Here is his donation link.
On the other hand, the java/flash empty commands worked great. We will now fix your security center notification settings and then we are done with disinfection! :) By the way the security center settings simply disable notifications not monitoring. Please do the following:

Step 1

The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot perform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry
  • Download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.
Posted Image

Step 2

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [CREATERESTOREPOINT]
    
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "UacDisableNotify" = DWORD:0
    "InternetSettingsDisableNotify" = DWORD:0
    "AutoUpdateDisableNotify" = DWORD:0
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Then post the produced log (it will be in C:\_OTL\MovedFiles with a filename beginning with the date)

Step 3

  • Run OTL
  • Click the None button
  • Select the Use SafeList option in the Extra Registry section
  • Then click the Run Scan button at the top
  • Let the program run unhindered
  • Then post the produced log (Extras.txt in the same directory as OTL)

Things to see in your next post:
OTL fix log (it will be in C:\_OTL\MovedFiles with a filename beginning with the date)
extras.txt

  • 0

#20
joyo8822

joyo8822

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi Josh

Great! I'll also let him know that you did a great job. :)

Step 1: Done

Step 2:
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"UacDisableNotify" | DWORD:0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"InternetSettingsDisableNotify" | DWORD:0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"AutoUpdateDisableNotify" | DWORD:0 /E : value set successfully!

OTL by OldTimer - Version 3.2.55.0 log created on 08062012_223012

Step 3:
OTL Extras logfile created on: 8/6/2012 10:43:44 PM - Run 2
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Yola\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 53.19% Memory free
6.12 Gb Paging File | 4.60 Gb Available in Paging File | 75.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 187.74 Gb Total Space | 44.49 Gb Free Space | 23.70% Space Free | Partition Type: NTFS
Drive D: | 30.39 Gb Total Space | 14.97 Gb Free Space | 49.28% Space Free | Partition Type: NTFS

Computer Name: YOLAB | User Name: Yola | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{287EEDB7-ABFE-4B10-AAC6-136476E7949E}" = lport=139 | protocol=6 | dir=in | app=system |
"{3327E860-5EDD-4A98-835F-EDDF7183D3CC}" = lport=137 | protocol=17 | dir=in | app=system |
"{3CB26806-EA51-43EF-B3F7-E7812A31CE64}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4F9202C7-73BF-4236-9C4C-17B57B37B769}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5036653D-22AA-4205-8F11-B742389F9C81}" = rport=138 | protocol=17 | dir=out | app=system |
"{52F59AF2-1D23-4C48-8CAA-9A8A0200D4EF}" = rport=137 | protocol=17 | dir=out | app=system |
"{55CAAC19-B4B3-407A-A9B2-08A3F9304EF1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{970555B2-0552-4E98-B26D-0390D2C60972}" = rport=445 | protocol=6 | dir=out | app=system |
"{B3FC61AC-B3CE-4AB5-9642-24411C5CD50A}" = rport=139 | protocol=6 | dir=out | app=system |
"{BCA31437-6569-4B3E-968A-B64D17C60DC1}" = lport=138 | protocol=17 | dir=in | app=system |
"{C7DD2EA2-AF0B-4E4F-94E7-A50DF530A751}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service v4\intuitupdateservice.exe |
"{DBFA7604-EA16-44D7-9F54-D43C77A02C84}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service v4\intuitupdater.exe |
"{E899B2D8-2CA2-45E5-B165-E0E2F566B41E}" = lport=445 | protocol=6 | dir=in | app=system |
"{F18DF747-884D-4228-B1A5-118C7800DFDC}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0064FE3C-646C-4807-9222-B181F7EB7CCE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{07440DC5-BE71-4129-8A73-B20633C47F52}" = dir=in | app=c:\program files\lenovo\readycomm\projectionist.exe |
"{085E6773-F963-4A5F-A79F-33B5B4246FFA}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{0BE8A247-E5F2-4116-B321-28F592A56484}" = protocol=17 | dir=in | app=c:\program files\roxio\roxionow player\rnowshell.exe |
"{0CB3E76A-5E48-47D1-98D3-149471FAAAF6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0DC0DA4C-B724-40A2-9911-29B38F06466F}" = protocol=58 | dir=out | [email protected],-28546 |
"{17A79FFD-AF02-478E-9A65-CE95285D6C3F}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{1CBF100E-5E88-41E1-A951-C157D693450E}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{1EB38C67-0F2E-4472-8E95-4A455FD9F58E}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{2460AAE9-A1B7-4DC3-81BC-CBAF62FF24C4}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{24CBEAD1-84A6-4DE8-AAB3-3AC92C101C08}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{2A050074-8CCF-48F1-AD74-973ECD346404}" = protocol=6 | dir=in | app=c:\users\yola\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{2D3453B0-429F-47EF-B606-D01CEA52BB6F}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{2F6870F2-94AA-44A5-8C15-57C0DEE3DC96}" = protocol=1 | dir=out | [email protected],-28544 |
"{312D8B76-8C72-4C87-B129-68EFB6205751}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{31831A69-631E-4DD5-9BFB-3B783485F3EF}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil_.exe |
"{36482F8A-22E0-4EAE-B29C-00C4AA94DF2F}" = dir=in | app=c:\program files\lenovo\readycomm\filereceiver.exe |
"{38302420-224A-4B7B-9939-E3AB4992E793}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{396A2E18-F648-4999-AC46-41CB298937B0}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{3AC921D4-DC92-4A52-93DB-E7F17DB43BD6}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{3CAC90AF-E80B-4054-893D-65CA1C518082}" = protocol=17 | dir=in | app=c:\users\yola\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{4130A829-2414-4688-B2A4-31523BE4DBD4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{422DD1BE-FEA2-4666-91EB-C73A54A3733A}" = dir=in | app=c:\program files\lenovo\readycomm\common\igrs.exe |
"{43CEFDEF-3451-4047-8E78-022012048B14}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{4725D173-BA19-4637-9FFB-7A4AA4F17785}" = protocol=6 | dir=in | app=c:\users\yola\appdata\roaming\dropbox\bin\dropbox.exe |
"{4D8C8B1E-50C8-4B81-826F-1ADD52EF43C9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{4E02C23C-9F16-498E-A139-A2E0BD246013}" = dir=in | app=c:\program files\lenovo\readycomm\readycomm.exe |
"{51BFC52C-2AEF-4E0C-A75B-B511AB8916EB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5A132EFA-0A36-4250-98C3-9610ADC8B7C5}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{5AC0BD08-C4A7-42ED-A293-FE8291763525}" = dir=out | app=c:\windows\system32\igrssvcs.exe |
"{5B3E6D0B-76E4-4F52-B1CA-FFD28CF4D45F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6B535569-E9D6-4401-9B38-BD8EC4D989EE}" = protocol=17 | dir=in | app=c:\users\yola\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{70134804-AD63-46B4-A6FC-2E18DC371A7C}" = protocol=6 | dir=in | app=c:\users\yola\appdata\local\temp\wzse0.tmp\symnrt.exe |
"{756C2B8C-EB4A-4F6A-ACC0-AC7AD8D6661D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{78019905-88F8-40A6-A4BA-C27E104A5778}" = protocol=6 | dir=in | app=c:\users\yola\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{81A6173F-0372-473D-B84E-D1A2F7AE40CB}" = protocol=58 | dir=in | [email protected],-28545 |
"{8D03786B-C3D1-4D9F-A5F3-837CCBB1CC20}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{8DED26A8-CFB0-44DF-A464-CB2EFF5B4EDF}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{91ACACCE-5E19-41DD-BD64-F52F06EEBFF3}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{937A8660-88A5-4906-9154-F80DA5FDE7E6}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil_.exe |
"{9618AAC7-0E45-429E-BF0E-278F573C07B9}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil_.exe |
"{995DC63A-2E94-494B-84A1-04572894B0EA}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{9C4FE00A-1C0C-4B1E-B8E8-93B61AE5F77E}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{9CC46088-3CF5-4711-9F79-F116EC9AD7DF}" = protocol=1 | dir=in | [email protected],-28543 |
"{9F804DD1-8405-4D04-99AF-5192AF8C3C60}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil_.exe |
"{9F898DDC-973A-4CFD-B83D-76332C9A3022}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{A20800E5-8727-4721-A7F8-61C4F7F04F62}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{A25BDF97-ED45-4155-8262-0B44A82E10F8}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{A6899EC0-FF32-4FB0-B5C3-88CA9A9C3129}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A74B32BD-20AF-4266-805D-CBDEE1B97313}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{AAEF7CFF-50CD-491D-92AE-4E64A3D4516E}" = dir=out | app=c:\program files\lenovo\readycomm\readycomm.exe |
"{AD285648-DECA-415F-9CBB-488667DF0DFF}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{AE31C587-6831-4FBF-BFD1-215D6B91F7EF}" = dir=out | app=c:\program files\lenovo\readycomm\projectionist.exe |
"{B021E9DA-0875-4AA1-9886-97EDA1542A53}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{B710B5BE-1832-48D3-9CD3-0279819464F6}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{B914E317-A891-410C-8AD6-6F4538A14899}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{BAE62A87-E5A1-43D4-ABB4-834A5415A57E}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{C213CE58-E5F6-43AA-8E8A-9E5B387B0E6F}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{C43E8F5F-A957-4D6F-B59B-71F5EE52609E}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{C48F3993-EECB-4336-8764-50D1829A69EB}" = dir=out | app=c:\program files\lenovo\readycomm\common\igrs.exe |
"{C6C91CBB-6F3B-4885-9949-64259EA31A04}" = protocol=17 | dir=in | app=c:\users\yola\appdata\roaming\dropbox\bin\dropbox.exe |
"{CDADC98B-6586-4B9C-A232-D7268340DE01}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{CE776177-1FDD-4111-89E1-49B9401E3042}" = protocol=6 | dir=in | app=c:\program files\roxio\roxionow player\rnowshell.exe |
"{D1982428-4B19-4AD6-A7B3-47F7A7477772}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{D34F6D21-25A4-45C6-A4C5-B2AFC5AA256F}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{D4420A45-08EA-4FE9-A46D-23FE17E237D8}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{E7E36240-552C-46A7-93EC-5EE4159CC94A}" = dir=out | app=c:\program files\lenovo\readycomm\filereceiver.exe |
"{F2B5F6DB-8926-478B-B315-67C7474A3DB4}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{F4AEECA7-3A29-4A20-A887-E70A538125B8}" = protocol=17 | dir=in | app=c:\users\yola\appdata\local\temp\wzse0.tmp\symnrt.exe |
"{F5B3A53C-3B79-4AD3-B02A-2171342AC1FC}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{F9D2FC3E-2819-427B-A39A-24293F015657}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{FABB8E81-E859-4977-BAA1-B567F61381EE}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{FBEE8AD8-67DF-4E5D-AE4B-16E5FE358258}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{FC3861BB-4E7F-4A14-9D01-F82D91DE72F4}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{FDEDD6A6-78F2-490B-8459-D70260A9563F}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{FFC9693B-0E63-4E2F-94C9-AEC844ABBF71}" = dir=in | app=c:\windows\system32\igrssvcs.exe |
"TCP Query User{32636143-D98D-4713-A202-5DCDA043A291}C:\users\yola\brosix\brosix.exe" = protocol=6 | dir=in | app=c:\users\yola\brosix\brosix.exe |
"TCP Query User{489FE911-6CB5-44FB-ADE4-CB4DB0BEA343}C:\users\yola\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\yola\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{4CA90724-BF85-4E7B-A80D-B52757271CF3}C:\users\yola\brosix\brosix.exe" = protocol=6 | dir=in | app=c:\users\yola\brosix\brosix.exe |
"TCP Query User{500BC777-FE11-4039-BB2D-8070C0192412}C:\users\yola\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\yola\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{ABC9BC33-3572-458E-B427-B62A6EFFB670}C:\program files\lionhead studios ltd\black & white\runblack.exe" = protocol=6 | dir=in | app=c:\program files\lionhead studios ltd\black & white\runblack.exe |
"TCP Query User{B6049A40-2692-4497-99CC-A54DDDADAA4C}C:\program files\soulseekns\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseekns\slsk.exe |
"TCP Query User{CA25617E-4264-4402-AF48-96E8819CEAA0}C:\program files\soulseekns\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseekns\slsk.exe |
"UDP Query User{03AA2575-D868-4E0A-A8F6-32E2CB179ABC}C:\users\yola\brosix\brosix.exe" = protocol=17 | dir=in | app=c:\users\yola\brosix\brosix.exe |
"UDP Query User{2E35E13C-CCF7-461D-BD1A-3CD24B982831}C:\users\yola\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\yola\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{88115475-B379-4D40-8910-915C1AA3579F}C:\users\yola\brosix\brosix.exe" = protocol=17 | dir=in | app=c:\users\yola\brosix\brosix.exe |
"UDP Query User{9D6CDA6E-9FD6-4E5A-8054-4CAA4B8478C7}C:\program files\soulseekns\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseekns\slsk.exe |
"UDP Query User{A6CBD210-CBAD-468B-9D11-6AD9AA3674B5}C:\program files\lionhead studios ltd\black & white\runblack.exe" = protocol=17 | dir=in | app=c:\program files\lionhead studios ltd\black & white\runblack.exe |
"UDP Query User{D8B8F1EB-12E2-448E-95C2-9371B65F6731}C:\users\yola\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\yola\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{E2856C2B-E6CC-4BBF-B5F7-220B1E2E50C1}C:\program files\soulseekns\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseekns\slsk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03E66394-42F0-4745-85F7-0A2F8F35C09F}" = HP Deskjet Printer Driver Software 9.0
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{10964A8F-21C1-45EA-BC2D-F84B505C3848}" = H&R Block Deluxe + Efile + State 2010
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{15C70064-2463-49dd-9A88-B700F75BB428}" = dj_sf_ProductContext
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{26E9EE62-5517-4C46-8B6E-B7C9A0A95D66}" = SWelCntr
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{438BB9B4-65FE-4626-91D9-A8F57B18001D}" = Bluesoleil2.6.0.8 Release 070517
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Lenovo EasyCamera
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{6549AA0C-6D93-4E76-9A13-6A6A0AA4FD6D}" = TaxCut California 2008
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6D12EC75-E7D3-4EAD-AB10-E1F3AFF94AA6}" = AVG 2012
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{717E0AD5-91EB-459F-AB8B-1B5219BAF7CE}" = Lenovo System Repair - Windows Update Monitor
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{75C22B40-6D12-4439-80DC-CAB3313EADA5}" = dj_sf_software_req
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{76C66170-C538-4E77-B54D-48E136B5B533}" = Lenovo ReadyComm 4.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99041921-18B5-4d36-9729-BE5A671B1932}" = D4200
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FBDF580-E37F-4DEE-8F2E-75A8E8716AAD}" = H&R Block California 2010
"{9FE94C17-25AD-4142-A012-E0BBE923C711}" = D4200_Help
"{A23E5590-6799-437B-9723-2627BA800B6F}" = Dolby Control Center
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B143D835-EBAF-4A39-8B31-1868FF4166C1}" = AVG 2012
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B639110D-747F-40DC-9682-95D94EF73790}" = dj_sf_software
"{BA31F48A-C811-30B4-AD93-1986C7838442}" = Google Talk Plugin
"{BBB33AD6-BCF7-4002-B6A0-6DC679AE5C18}" = TaxCut Premium + State + Efile 2008
"{C200A620-DD82-42A9-9A32-2CDA92914DCB}" = O2Micro Flash Memory Card Reader Driver (x86)
"{C89269D9-DD02-45DD-99DD-6AE592F6C447}" = TurboTax 2011 wcaiper
"{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}" = TuneUp Utilities 2007
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEF7211D-CE3A-44C4-B321-D84A2099AE94}" = Comcast Desktop Software (v1.2.0.9)
"{D8AA889B-2C65-47C3-8C16-3DCD4EF76A47}}_is1" = Invoke Solutions Participant 6.2.0.1452
"{E0C18BB0-32CA-4679-B422-9B9FA825378F}" = HP Deskjet Printer Driver Software 9.0
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{ECF9A76C-EDCE-45EF-95B0-6CD652DA8AF8}" = TmlCMode
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom Gigabit Integrated Controller
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FEF06E73-A519-4510-8CF3-B66041B91D8A}" = EMSC
"5D38134BF8A10D640B30E6B014EECDBC5F881E3D" = Windows Driver Package - ENE (enecir) HIDClass (04/29/2008 2.5.0.0)
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"ArtistScope Plugin FX 424.2.0.0" = ArtistScope Plugin FX 42
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"AVG" = AVG 2012
"BitTorrent" = BitTorrent
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"DivX Setup" = DivX Setup
"EasyCapture3.0" = EasyCapture
"ENTERPRISER" = Microsoft Office Enterprise 2007 Trial
"ERUNT_is1" = ERUNT 1.1j
"Foxit Reader_is1" = Foxit Reader
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{ECF9A76C-EDCE-45EF-95B0-6CD652DA8AF8}" = TmlCMode
"InstallWIX_{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Pdf995" = Pdf995 (installed by TaxCut)
"PdfEdit995" = PdfEdit995 (installed by TaxCut)
"PeerGuardian_is1" = PeerGuardian 2.0
"Soulseek2" = SoulSeek 157 NS 13e
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TurboTax 2011" = TurboTax 2011
"VeriFace III" = VeriFace III
"VLC media player" = VLC media player 0.9.2

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Brosix" = Brosix
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/20/2011 9:38:19 PM | Computer Name = YolaB | Source = WinMgmt | ID = 10
Description =

Error - 7/21/2011 10:50:48 PM | Computer Name = YolaB | Source = WinMgmt | ID = 10
Description =

Error - 7/21/2011 10:59:23 PM | Computer Name = YolaB | Source = WinMgmt | ID = 10
Description =

Error - 7/21/2011 11:13:21 PM | Computer Name = YolaB | Source = WinMgmt | ID = 10
Description =

Error - 7/22/2011 12:46:09 AM | Computer Name = YolaB | Source = WinMgmt | ID = 10
Description =

Error - 7/22/2011 1:06:36 AM | Computer Name = YolaB | Source = WinMgmt | ID = 10
Description =

Error - 7/22/2011 5:41:43 PM | Computer Name = YolaB | Source = WinMgmt | ID = 10
Description =

Error - 7/23/2011 8:19:10 PM | Computer Name = YolaB | Source = WinMgmt | ID = 10
Description =

Error - 7/24/2011 12:16:44 PM | Computer Name = YolaB | Source = WinMgmt | ID = 10
Description =

Error - 7/25/2011 10:43:21 PM | Computer Name = YolaB | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 8/6/2012 1:16:43 AM | Computer Name = YolaB | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 8/6/2012 1:16:43 AM | Computer Name = YolaB | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 8/6/2012 1:16:43 AM | Computer Name = YolaB | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 8/6/2012 1:16:43 AM | Computer Name = YolaB | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 8/6/2012 1:16:43 AM | Computer Name = YolaB | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 8/6/2012 1:17:26 AM | Computer Name = YolaB | Source = volsnap | ID = 393230
Description = The shadow copies of volume C: were aborted because of an IO failure
on volume C:.

Error - 8/6/2012 1:23:04 AM | Computer Name = YolaB | Source = Service Control Manager | ID = 7000
Description =

Error - 8/6/2012 1:23:04 AM | Computer Name = YolaB | Source = Service Control Manager | ID = 7026
Description =

Error - 8/7/2012 12:56:02 AM | Computer Name = YolaB | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume \Device\HarddiskVolume1.

Error - 8/7/2012 12:56:12 AM | Computer Name = YolaB | Source = DCOM | ID = 10010
Description =


< End of report >
  • 0

#21
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,798 posts
Now that we're done scanning for and disinfecting malware it's time to clean up.

Please use your computer a couple hours at least and make sure there are no remaining symptoms. If there are no symptoms proceed with the following instructions. One final step to take in disinfecting your computer is to purge all system restore points. This ensures that you will not get reinfected by files hiding in the system restore points. To do this follow these instructions:

  • Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [ClearAllRestorePoints]
  • Then click the Run Fix button at the top
  • OTL may ask to reboot the machine. Please do so if asked.
  • Post the log it produces in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run. Make sure to grab the contents of this file before following the cleanup procedure described next.

You can now remove all the tools that were used to disinfect your computer by running OTL and clicking the CleanUp button.

Now that your computer is disinfected it is important to keep it that way. What follows are guidelines to keeping your computer malware-free.

You absolutely must have an antivirus program installed. This is important because the antivirus program runs in the background of the computer and prevents viruses from both infecting the computer and doing malicious things to the computer. This can prevent many infections in the first place. Just as a city without police would be chaotic so would a computer with an anti-virus program. I recommend the free programs Avira AntiVir Personal and avast! Free Anti-Virus . Also make absolutely sure to only have one anti-virus installed as more than one can slow your computer, create software conflicts, and increase your vulnerability to viruses and malware.

It is also advised to have an anti-spyware program as well. I recommend the paid version of Malwarebytes' Anti-Malware. This program complementing your anti-virus can protect your computer from most infections out there. Make absolutely sure to only have one anti-spyware installed as more than one can slow your computer, create software conflicts, and increase your vulnerability to viruses and malware.

A program to complement your anti-virus and anti-spyware with passive protection is SpywareBlaster. SpywareBlaster is not a malware scanner or removal tool and uses no system resources except a little disk space. It does a great job of preventing malware from being installed in the first place! It blocks the popular spyware ActiveX controls, and also prevents the installation of any of them from malicious websites. You can download it here. To use it to protect your computer install it then do the following regularly at your concenience (once a week is adequate):
  • Run SpywareBlaster
  • Click Updates on the left of the screen
  • Click the 'Check for Updates' button and let the program update
  • Click 'Protection Status' on the left of the screen
  • Click 'Enable All Protection' on the bottom of the screen and SpywareBlaster will implement its protection
  • Exit the program
Another program to add additional protection is Spybot Search and Destroy. It works similar to SpywareBlaster by providing passive protection. You can download it here. To use it to protect your computer install it then do the following regularly at your concenience (once a week is adequate):
  • Run Spybot S&D
  • Click "Search for Updates"
  • Click "Continue"
  • Click "Download" - ignore if it says "please select some update files from the list first"
  • Click "OK" in update window if it prompts you
  • Click "Exit" in update window when update finishes or if Spybot said "please select some update files from the list first"
  • Go back to Spybot main window
  • Close Internet Explorer/Firefox/Chrome if they are open
  • Click "Immunize"
  • Wait for the progress meter to complete
  • Click the "Immunize" button with the plus sign next to it towards the top of the window
  • Wait for the progress meter to complete
  • Close the program
And one last program to add additional protection is Panda USB vaccine. This program disables the autorun rile on removable devices. You can vaccinate both a computer and a removable device. To download and run refer to here.

Another important thing to have installed is a firewall to secure communications to and from your computer. The firewall prevents inbound communications from the Internet to your computer that could be malicious in nature. Some firewalls also regulate outbound communications from your computer to the Internet that could be malicious as well. Inbound communications can take advantage of security holes in software running on your computer to gain control of your computer and infect you with malware. Outbound communications can be from malware on your computer to malicious websites on the Internet, containing information about your computer usage and even your passwords. For these reasons it is essential to the security of your computer to install a firewall. Make sure to only install one firewall as any more than that would prove to be redundant - one firewall is just as effective as multiple ones. Also more than one firewall could cause software conflicts. This applies to the Windows firewall as well - if you use a third-party firewall make sure to disable the Windows firewall. I recommend ZoneAlarm Free Firewall or Comodo Firewall.

Besides these measures, an equally important step to take to protect your computer from malware is to update all programs regularly including Windows Updates. Windows, Java, Adobe Flash, PDF readers, and other programs have security holes in them that leave your computer vulnerable to malicious code from hackers that could infect your computer with malware when taken advantage of. Updates close these holes. For this reason it is important to always update programs when prompted. Windows Updates is enabled by default in Windows and Java, Flash, and others have auto-update programs enabled by default as well. You will not have to worry about setting up the auto-update feature for these programs unless you altered the settings to begin with. Make sure as well to never update a program via e-mail - companies will never send e-mails to update their products. In order to help you update programs you might want to download and run FileHippo.com Update Checker from here. This program will tell you which programs need to be updated.

One last thing to consider is to exercise caution when browsing the web and viewing e-mails. Try to stay away from non-reputable websites including websites for software piracy and pornography. By staying away from these websites you decrease your chances of malware infection significantly. To help you exercise caution in your browsing habits you can download and install Web of Trust into your web browser here. This program will install in your browser and color code the website you are viewing to inform you if it is safe or not; green means safe, yellow means proceed with caution, and red means danger. Viewing e-mails should also be done with caution. If you don't recognize an email as one from a known or requested source then you will be safer to avoid opening it. File attachments should be opened only with extreme caution as they can contain files that exploit security holes on your computer and infect you with malware. Never open an attachment unless you are expecting it or you verify that the sender intended to send it to you. Also make sure to scan the attachment before opening it.

You might want to use an alternate browser than Internet Explorer. Firefox and Google Chrome are excellent candidates. They are more secure than Internet Explorer and are just as functional. You can download Google Chrome here and Firefox here.

Something just as important as preventing infection by malware is to backup your data. You can read about different methods here.

Some articles you might be interested in reading to reiterate points I have addressed in this post as well as make new points follow:
By following these steps you should ensure that you most likely will never get infected with malware again. Good luck and safe browsing!

-Josh
  • 0

#22
joyo8822

joyo8822

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi Josh

Once again thanks for your help!

Here's the OTL log

========== COMMANDS ==========
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.55.0 log created on 08092012_163917
  • 0

#23
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,798 posts
My pleasure :)
Take Care,
Josh
  • 0

#24
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP