Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

weird start up issues possible infection?


  • Please log in to reply

#16
njlock

njlock

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 353 posts
So I was infected, huh? bad? (not good obviously,lol)

Thanks AGAIN!!



cms is my dvr software (I think)



this is the org otl extras, the other one is posted above (I think)post 4?

OTL Extras logfile created on: 7/20/2011 1:22:30 PM - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\DAVID CREIGHTON\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.36 Gb Available Physical Memory | 72.57% Memory free
5.09 Gb Paging File | 4.35 Gb Available in Paging File | 85.42% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 462.39 Gb Total Space | 237.77 Gb Free Space | 51.42% Space Free | Partition Type: NTFS
Drive D: | 1.95 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: BOSSSILVERDELL | User Name: DAVID CREIGHTON | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\shell32.dll,OpenAs_RunDLL %1 (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"30630:TCP" = 30630:TCP:*:Enabled:InstaCode

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
"C:\Program Files\Common Files\aol\acs\AOLDial.exe" = C:\Program Files\Common Files\aol\acs\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer -- (AOL LLC)
"C:\Program Files\Common Files\aol\acs\AOLacsd.exe" = C:\Program Files\Common Files\aol\acs\AOLacsd.exe:*:Enabled:AOL Connectivity Service -- (AOL LLC)
"C:\Program Files\Common Files\aol\1214860790\ee\aolsoftware.exe" = C:\Program Files\Common Files\aol\1214860790\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- (AOL LLC)
"C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL LLC)
"C:\Program Files\Common Files\aol\Loader\aolload.exe" = C:\Program Files\Common Files\aol\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL Inc.)
"C:\Program Files\Common Files\aol\System Information\sinf.exe" = C:\Program Files\Common Files\aol\System Information\sinf.exe:*:Enabled:AOL System Information -- (AOL LLC)
"C:\Program Files\AOL 9.1\waol.exe" = C:\Program Files\AOL 9.1\waol.exe:*:Enabled:AOL -- (AOL, LLC.)
"C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe" = C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe:*:Enabled:Sentinel Protection Server -- (SafeNet, Inc)
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Disabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Activision\Wolfenstein\MP\Wolf2MP.exe" = C:\Program Files\Activision\Wolfenstein\MP\Wolf2MP.exe:*:Enabled:Wolfenstein™ -- (Activision)
"C:\Program Files\Activision\Wolfenstein\MP\Wolf2MPLite.exe" = C:\Program Files\Activision\Wolfenstein\MP\Wolf2MPLite.exe:*:Enabled:Wolfenstein™ -- (Activision)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\Program Files\Kaba\E-Plex PC M-Unit\EplexPCMU.exe" = C:\Program Files\Kaba\E-Plex PC M-Unit\EplexPCMU.exe:*:Enabled:EplexPCMU -- (Kaba)
"C:\Documents and Settings\DAVID CREIGHTON\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\DAVID CREIGHTON\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Documents and Settings\DAVID CREIGHTON\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\DAVID CREIGHTON\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0139C350-2428-442E-A6E6-86A940D4731C}" = E-Plex PC M-Unit
"{02C91E12-74A4-45E1-9D3F-C3DD7D6FECAE}" = 5700_Help
"{02F389EC-AB95-11D6-B455-00E0987E9E9E}" = MYOB Plus V12
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A55CDBB-0566-4AA2-A15B-24C7F27C6FF4}" = BPD_Scan
"{0B99A5A6-6975-45AE-A8DA-96AFF5A449C5}" = Zed-BULL
"{0E92A5AC-05AB-48c2-9227-9AD504EAF4EA}" = J5700
"{11655C91-EF58-4aab-BF09-E8F205324FBF}" = BPDSoftware
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23BE4DF2-293D-4077-82F4-1FD8C269277C}" = TuneUp Utilities Language Pack (en-US)
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 26
"{27B1EB20-36B9-11DF-6784-088ACD3A18BE}" = InstaCode
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{33BEE6F3-9987-4F98-A069-97A64EC8321A}" = Microsoft Works Suite Add-in for Microsoft Word
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38DAE5F5-EC70-4aa5-801B-D11CA0A33B41}" = BPDSoftware
"{39CEE1F2-12B6-4C50-9131-04BFCA110578}" = PowerCinema NE for Everio
"{3B7CB2D7-A03E-4E79-9DC5-273F8C0B3957}" = KeylessRide Learn and Burn
"{3BAD2D97-4900-4014-A2F5-B549802CEEE2}" = Macrium Reflect - Free Edition
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D30BAC1-C250-4F10-9C78-C379D05A445E}" = BPDSoftware_Ini
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{448E2D77-E504-4221-B2C2-93646B344729}" = Mouse Suite for Desktop Computers
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{47836D49-8220-4B40-AC4D-E68F556410A3}" = Learn and Burn
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCC7F68-A437-4559-A840-F5E010934951}" = HP Driver Diagnostics
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{58BEE9AE-625D-4177-BC5E-E6E0794C092E}" = MaxiLink
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{5D5B9E6A-344C-4976-95AB-ABBDC648E5DA}" = Microsoft IntelliType Pro 5.2
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{67A9CA2E-0B69-441E-B1EB-A316ADE20C2F}" = Zed-BULL
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68473A08-3E46-4B25-9739-D01AA9D8F99A}" = Locksmith Connect
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6CC080F1-2E00-41D5-BE47-A3BC784E9DFB}" = BPDSoftware_Ini
"{6DC0632A-A838-4B34-AC19-0FA18E1C533C}" = Sentinel Protection Installer 7.2.2
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E28E0D2-4DDA-4CEB-9E83-ACAD71D6E068}" = Laser Security Products
"{83C57C58-FDD7-4d86-BFCC-9D31CC4EFA71}" = 6500_E709n
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8704D51E-25B7-4F23-81E7-AA4F54790210}" = Microsoft Streets and Trips 2004
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9129B46A-51F0-431b-9838-DF7272F3204E}" = ProductContext
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9603DE6D-4567-4b78-B941-849322373DE2}" = SolutionCenter
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}" = HPProductAssistant
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3723EB8-255B-4A2D-9831-0752C0D06FF6}_is1" = EssentialFax
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{AC76BA86-7AD7-2447-0000-800000000003}" = Chinese Simplified Fonts Support For Adobe Reader 8
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B929776E-7527-4F98-AE4D-BEBCF0BEA669}" = BPD_HPSU
"{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
"{B9966F27-9678-4620-9579-925E3084647E}" = Microsoft Works
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C252EB7B-7AE0-46DE-9BEE-DF681B885F13}" = Modem Diagnostic Tool
"{C29C1940-CB85-4F3B-906C-33FEE0E67103}" = DocMgr
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty® 2
"{D3304BE8-FDA7-4465-A8E8-40BE991C5054}" = AD Loader
"{DE13432E-F0C1-4842-A5BA-CC997DA72A70}" = 6500_E709_eDocs
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F185B35D-38E5-4D88-B275-15C8C7FC4357}" = 6500_E709_Help
"{F2CA5A0D-5F2F-4d99-89F0-2D1358218A7A}" = ProductContext
"{F648FD09-7CEA-4257-BC68-A8389189FD51}" = GPBaseService2
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein
"{FA0F0A01-4631-4161-A6C2-948BF694382E}" = HP Officejet 6500 E709 Series
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"23C892DBF52DDAF3C9BD2BB6E9805E79FCD09A67" = Windows Driver Package - FTDI CDM Driver Package (05/19/2006 2.00.00)
"6D84083A905912F21439B4047066CCFB1F92952D" = Windows Driver Package - Advanced Diagnostics AD100 Pro Driver Package (05/19/2006 2.00.00)
"6FE4FC1EDCCFB197DD24DA48D73FA015278374E6" = Windows Driver Package - Advanced Diagnostics AD100 Pro Driver Package (05/19/2006 2.00.00)
"A2E63BDAC649E514867CB43CE0B4F9DB111206C2" = Windows Driver Package - FTDI CDM Driver Package (05/19/2006 2.00.00)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"AIM_7" = AIM 7
"All ATI Software" = ATI - Software Uninstall Utility
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"ATI Display Driver" = ATI Display Driver
"Carbonite Backup" = Carbonite
"CMS" = CMS
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Cool Timer_is1" = Cool Timer 3.6
"Creative OEM005" = Monitor Webcam (SP2208WFP) Driver (1.00.08.0720)
"EPSON Printer and Utilities" = EPSON Printer Software
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"EWSED" = EWS Editor
"Excel" = Microsoft Excel 97
"FD866F46E980111F9F25187AD216EECEC4BA44B4" = Windows Driver Package - Advanced Diagnostics AD100 Pro Driver Package (11/16/2010 2.08.08)
"FTD2XX" = FTDI FTD2XX USB Drivers
"FTDICOMM" = FTDI USB Serial Converter Drivers
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Document Manager" = HP Document Manager 2.0
"HP Document Viewer" = HP Document Viewer 7.0
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Officejet All-In-One Series" = HP Officejet All-In-One Series
"HP Solution Center & Imaging Support Tools" = HP Solution Center 12.0
"HPOCR" = OCR Software by I.R.I.S. 12.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstaCode" = InstaCode
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty® 2
"InstallShield_{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein
"Jewel Quest" = Jewel Quest
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MYOBPlus" = M.Y.O.B. Plus
"NAVIGON Fresh" = NAVIGON Fresh 1.4.9
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Pagis Viewer 2.0" = Pagis Viewer 2.0
"PROSet" = Intel® PRO Network Connections Drivers
"Return to Castle Wolfenstein" = Return to Castle Wolfenstein
"RKSFaxVersion1_is1" = RKS Fax
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SpeedFan" = SpeedFan (remove only)
"SpywareBlaster_is1" = SpywareBlaster 4.4
"ST6UNST #1" = Autotel
"Strattec" = Strattec 2.0
"Strattec Part Search" = Strattec Part Search
"TrueCrypt" = TrueCrypt
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2004Setup" = Microsoft Works 2004 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.1.0.366
"LastPass" = LastPass (uninstall only)
"magicJack" = magicJack

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/9/2011 5:01:33 PM | Computer Name = BOSSSILVERDELL | Source = Application Hang | ID = 1002
Description = Hanging application aim.exe, version 7.5.8.2, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/18/2011 8:17:09 AM | Computer Name = BOSSSILVERDELL | Source = Userenv | ID = 1508
Description = Windows was unable to load the registry. This is often caused by insufficient
memory or insufficient security rights. DETAIL - Error performing inpage operation.
for C:\Documents and Settings\DAVID CREIGHTON\ntuser.dat

Error - 7/18/2011 8:17:42 AM | Computer Name = BOSSSILVERDELL | Source = Userenv | ID = 1502
Description = Windows cannot load the locally stored profile. Possible causes of
this error include insufficient security rights or a corrupt local profile. If
this problem persists, contact your network administrator. DETAIL - Error performing
inpage operation.

Error - 7/18/2011 8:17:42 AM | Computer Name = BOSSSILVERDELL | Source = Userenv | ID = 1515
Description = Windows has backed up this user's profile. Windows will automatically
try to use the backed up profile the next time this user logs on.

Error - 7/18/2011 8:18:13 AM | Computer Name = BOSSSILVERDELL | Source = Userenv | ID = 1511
Description = Windows cannot find the local profile and is logging you on with a
temporary profile. Changes you make to this profile will be lost when you log off.

Error - 7/18/2011 11:29:04 AM | Computer Name = BOSSSILVERDELL | Source = Application Hang | ID = 1002
Description = Hanging application pspa.exe, version 4.0.0.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/20/2011 12:17:13 PM | Computer Name = BOSSSILVERDELL | Source = VSS | ID = 12289
Description = Volume Shadow Copy Service error: Unexpected error GetVolumeNameForVolumeMountPointW(
\\?\Volume{a7617081-3b65-11e0-8b2b-00038a000015}\, ...). hr = 0x80070003.

Error - 7/20/2011 12:44:31 PM | Computer Name = BOSSSILVERDELL | Source = VSS | ID = 12289
Description = Volume Shadow Copy Service error: Unexpected error GetVolumeNameForVolumeMountPointW(
\\?\Volume{a7617081-3b65-11e0-8b2b-00038a000015}\, ...). hr = 0x80070003.

Error - 7/20/2011 12:49:48 PM | Computer Name = BOSSSILVERDELL | Source = VSS | ID = 12289
Description = Volume Shadow Copy Service error: Unexpected error GetVolumeNameForVolumeMountPointW(
\\?\Volume{a7617081-3b65-11e0-8b2b-00038a000015}\, ...). hr = 0x80070003.

Error - 7/20/2011 12:55:12 PM | Computer Name = BOSSSILVERDELL | Source = VSS | ID = 12289
Description = Volume Shadow Copy Service error: Unexpected error GetVolumeNameForVolumeMountPointW(
\\?\Volume{a7617081-3b65-11e0-8b2b-00038a000015}\, ...). hr = 0x80070003.

[ OSession Events ]
Error - 6/20/2011 1:01:52 PM | Computer Name = BOSSSILVERDELL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 920
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/20/2011 12:55:17 PM | Computer Name = BOSSSILVERDELL | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 7/20/2011 12:55:17 PM | Computer Name = BOSSSILVERDELL | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 7/20/2011 12:55:17 PM | Computer Name = BOSSSILVERDELL | Source = Service Control Manager | ID = 7031
Description = The CarboniteService service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 7/20/2011 12:55:17 PM | Computer Name = BOSSSILVERDELL | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 7/20/2011 12:55:17 PM | Computer Name = BOSSSILVERDELL | Source = Service Control Manager | ID = 7034
Description = The IC Data Server service terminated unexpectedly. It has done this
1 time(s).

Error - 7/20/2011 12:55:18 PM | Computer Name = BOSSSILVERDELL | Source = Service Control Manager | ID = 7034
Description = The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly.
It has done this 1 time(s).

Error - 7/20/2011 12:55:18 PM | Computer Name = BOSSSILVERDELL | Source = Service Control Manager | ID = 7034
Description = The Sentinel Protection Server service terminated unexpectedly. It
has done this 1 time(s).

Error - 7/20/2011 12:55:18 PM | Computer Name = BOSSSILVERDELL | Source = Service Control Manager | ID = 7034
Description = The TuneUp Utilities Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 7/20/2011 12:55:18 PM | Computer Name = BOSSSILVERDELL | Source = Service Control Manager | ID = 7034
Description = The Viewpoint Manager Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 7/20/2011 12:57:54 PM | Computer Name = BOSSSILVERDELL | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.


< End of report >
  • 0

Advertisements


#17
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,700 posts
  • MVP
I don't really know for sure. I googled a few of the things that Combofix removed and they don't look dangerous. Could just be a drive error but it wouldn't hurt to run an ESET online scan:
Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.


We can check your drive and a few other things:

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.

Start, Run, sfc /scannow, OK

SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.

Start, Run, sigverif, OK

Press Start. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Judging from your event log you probably should install:
UPHClean as instructed here: http://support.microsoft.com/kb/837115


Ron
  • 0

#18
njlock

njlock

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 353 posts
Ron, You've been great, really appreciate all your help. I'm gone for today, but will continue with this last post tomorrow.

THX Again, Dave
  • 0

#19
njlock

njlock

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 353 posts
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=b204be1908f01f47bdfcb9127ab7e955
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-07-21 04:15:34
# local_time=2011-07-21 12:15:34 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5891 16776533 42 87 0 22360167 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=233541
# found=0
# cleaned=0
# scan_time=9630
  • 0

#20
njlock

njlock

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 353 posts
"start, Run, sigverif, OK

Press Start. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)"

I got about 15, newest one is 2 years old- ftlang.dll, 11 of the 15 appear to be related to my rksfax program or my hp printer/all in one software.
3 from 2006- ftbusui.dll, ftd2xx.dll, ftdbus.sys
  • 0

#21
njlock

njlock

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 353 posts
Vino's Event Viewer v01c run on Windows XP in English
Report run at 22/07/2011 9:14:07 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 21/07/2011 5:03:49 PM
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 22/07/2011 6:42:43 AM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.
  • 0

#22
njlock

njlock

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 353 posts
Vino's Event Viewer v01c run on Windows XP in English
Report run at 22/07/2011 9:16:09 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 21/07/2011 4:33:52 PM
Type: error Category: 0
Event: 12289 Source: VSS
Volume Shadow Copy Service error: Unexpected error GetVolumeNameForVolumeMountPointW( \\?\Volume{a7617081-3b65-11e0-8b2b-00038a000015}\, ...). hr = 0x80070003.

Log: 'Application' Date/Time: 21/07/2011 4:15:06 PM
Type: error Category: 0
Event: 12289 Source: VSS
Volume Shadow Copy Service error: Unexpected error GetVolumeNameForVolumeMountPointW( \\?\Volume{a7617081-3b65-11e0-8b2b-00038a000015}\, ...). hr = 0x80070003.

Log: 'Application' Date/Time: 21/07/2011 4:13:02 PM
Type: error Category: 0
Event: 12289 Source: VSS
Volume Shadow Copy Service error: Unexpected error GetVolumeNameForVolumeMountPointW( \\?\Volume{a7617081-3b65-11e0-8b2b-00038a000015}\, ...). hr = 0x80070003.

Log: 'Application' Date/Time: 21/07/2011 4:11:42 PM
Type: error Category: 0
Event: 12289 Source: VSS
Volume Shadow Copy Service error: Unexpected error GetVolumeNameForVolumeMountPointW( \\?\Volume{a7617081-3b65-11e0-8b2b-00038a000015}\, ...). hr = 0x80070003.

Log: 'Application' Date/Time: 21/07/2011 4:10:21 PM
Type: error Category: 0
Event: 12289 Source: VSS
Volume Shadow Copy Service error: Unexpected error GetVolumeNameForVolumeMountPointW( \\?\Volume{a7617081-3b65-11e0-8b2b-00038a000015}\, ...). hr = 0x80070003.

Log: 'Application' Date/Time: 21/07/2011 4:02:00 PM
Type: error Category: 0
Event: 12289 Source: VSS
Volume Shadow Copy Service error: Unexpected error GetVolumeNameForVolumeMountPointW( \\?\Volume{a7617081-3b65-11e0-8b2b-00038a000015}\, ...). hr = 0x80070003.

Log: 'Application' Date/Time: 21/07/2011 3:41:26 PM
Type: error Category: 0
Event: 12289 Source: VSS
Volume Shadow Copy Service error: Unexpected error GetVolumeNameForVolumeMountPointW( \\?\Volume{a7617081-3b65-11e0-8b2b-00038a000015}\, ...). hr = 0x80070003.

Log: 'Application' Date/Time: 21/07/2011 3:28:21 PM
Type: error Category: 0
Event: 12289 Source: VSS
Volume Shadow Copy Service error: Unexpected error GetVolumeNameForVolumeMountPointW( \\?\Volume{a7617081-3b65-11e0-8b2b-00038a000015}\, ...). hr = 0x80070003.

Log: 'Application' Date/Time: 21/07/2011 3:00:12 PM
Type: error Category: 0
Event: 12289 Source: VSS
Volume Shadow Copy Service error: Unexpected error GetVolumeNameForVolumeMountPointW( \\?\Volume{a7617081-3b65-11e0-8b2b-00038a000015}\, ...). hr = 0x80070003.

Log: 'Application' Date/Time: 21/07/2011 2:58:06 PM
Type: error Category: 0
Event: 12289 Source: VSS
Volume Shadow Copy Service error: Unexpected error GetVolumeNameForVolumeMountPointW( \\?\Volume{a7617081-3b65-11e0-8b2b-00038a000015}\, ...). hr = 0x80070003.

Log: 'Application' Date/Time: 21/07/2011 2:54:19 PM
Type: error Category: 0
Event: 12289 Source: VSS
Volume Shadow Copy Service error: Unexpected error GetVolumeNameForVolumeMountPointW( \\?\Volume{a7617081-3b65-11e0-8b2b-00038a000015}\, ...). hr = 0x80070003.

Log: 'Application' Date/Time: 21/07/2011 2:47:18 PM
Type: error Category: 0
Event: 12289 Source: VSS
Volume Shadow Copy Service error: Unexpected error GetVolumeNameForVolumeMountPointW( \\?\Volume{a7617081-3b65-11e0-8b2b-00038a000015}\, ...). hr = 0x80070003.

Log: 'Application' Date/Time: 21/07/2011 2:30:43 PM
Type: error Category: 0
Event: 12289 Source: VSS
Volume Shadow Copy Service error: Unexpected error GetVolumeNameForVolumeMountPointW( \\?\Volume{a7617081-3b65-11e0-8b2b-00038a000015}\, ...). hr = 0x80070003.

Log: 'Application' Date/Time: 21/07/2011 1:28:58 PM
Type: error Category: 0
Event: 12289 Source: VSS
Volume Shadow Copy Service error: Unexpected error GetVolumeNameForVolumeMountPointW( \\?\Volume{a7617081-3b65-11e0-8b2b-00038a000015}\, ...). hr = 0x80070003.

Log: 'Application' Date/Time: 21/07/2011 1:17:00 PM
Type: error Category: 0
Event: 12289 Source: VSS
Volume Shadow Copy Service error: Unexpected error GetVolumeNameForVolumeMountPointW( \\?\Volume{a7617081-3b65-11e0-8b2b-00038a000015}\, ...). hr = 0x80070003.

Log: 'Application' Date/Time: 21/07/2011 1:07:27 PM
Type: error Category: 0
Event: 12289 Source: VSS
Volume Shadow Copy Service error: Unexpected error GetVolumeNameForVolumeMountPointW( \\?\Volume{a7617081-3b65-11e0-8b2b-00038a000015}\, ...). hr = 0x80070003.

Log: 'Application' Date/Time: 21/07/2011 1:05:13 PM
Type: error Category: 0
Event: 12289 Source: VSS
Volume Shadow Copy Service error: Unexpected error GetVolumeNameForVolumeMountPointW( \\?\Volume{a7617081-3b65-11e0-8b2b-00038a000015}\, ...). hr = 0x80070003.

Log: 'Application' Date/Time: 21/07/2011 12:58:06 PM
Type: error Category: 0
Event: 12289 Source: VSS
Volume Shadow Copy Service error: Unexpected error GetVolumeNameForVolumeMountPointW( \\?\Volume{a7617081-3b65-11e0-8b2b-00038a000015}\, ...). hr = 0x80070003.

Log: 'Application' Date/Time: 21/07/2011 12:56:44 PM
Type: error Category: 0
Event: 12289 Source: VSS
Volume Shadow Copy Service error: Unexpected error GetVolumeNameForVolumeMountPointW( \\?\Volume{a7617081-3b65-11e0-8b2b-00038a000015}\, ...). hr = 0x80070003.

Log: 'Application' Date/Time: 21/07/2011 12:47:20 PM
Type: error Category: 0
Event: 12289 Source: VSS
Volume Shadow Copy Service error: Unexpected error GetVolumeNameForVolumeMountPointW( \\?\Volume{a7617081-3b65-11e0-8b2b-00038a000015}\, ...). hr = 0x80070003.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#23
njlock

njlock

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 353 posts
OK Ron, I've done all you specified. Once system is up & running it seems fine, always did. But original issue of long restart/ lag, is not changed. upon restarting, goes thru all the normal steps but when desk top comes up, it just lags there for a few minutes, actual time from shut down to icons actually popping up is 5-6 minutes, I know does'nt sound like much, but seems like forever, and originally I thought that it was just locked up there, but icons do start poping up eventually, much longer time than any of my other computers.

thanks for your help
dave
  • 0

#24
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,700 posts
  • MVP
Start, Run, msconfig, OK

Under Services uncheck Volume Shadow Copy Service, CarboniteService, and also uncheck Roxio Hard Drive Watcher 9 then Apply. Under Startup uncheck Carbonite Backup, apply and reboot. Cancel msconfig when it comes up. Does it start faster?
  • 0

#25
njlock

njlock

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 353 posts
Yup, You nailed it. Like a 1 min restart. So if I want the carbonite backup to work I gotta live with it I guess?
THX, Dave
  • 0

Advertisements


#26
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,700 posts
  • MVP
Not really. It's the VSS service that is not working correctly. I've seen reports that your TrueCrypt program and VSS don't get along so you might try uninstalling it then turn VSS and Carbonite back on and reboot and see if that helps.

Ron
  • 0

#27
njlock

njlock

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 353 posts
"TrueCrypt program and VSS don't get along so you might try uninstalling it then turn VSS and Carbonite back on and reboot and see if that helps."

VSS?? I don't know what that is? you want me to uninstall truecrypt? as well as Vss? or just truecrypt?
  • 0

#28
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,700 posts
  • MVP
VSS = Volume Shadow Copy Service in Microsoft-speak. It's what they call it in the event logs.

Yes I think you need to try uninstalling TrueCrypt but I suppose you would need to unencrypt things first:

http://www.truecrypt...lling-truecrypt
then click on How to Remove Encryption

as it is probably the encrypted volume that is driving VSS crazy. I don't know much about VSS (nor TrueCrypt for that matter - I'm the malware guy). Perhaps there is a way to tell it not to try to backup the encrypted volume which I assume is Volume{a7617081-3b65-11e0-8b2b-00038a000015} instead of uninstalling TrueCrypt.

You might work your way through:

http://backupchain.c...leshooting.html

and see if that helps.

Ron
  • 0

#29
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,700 posts
  • MVP
Since the malware issue appears to be resolved I'm going to give you the cleanup routine before I forget:

We need to clean up System Restore. Follow Jim's procedure here:
http://aumha.net/vie...581099691bf108f


You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

OTL has a cleanup tab so if you run it again and select cleanup it will remove itself and its backup files.

To hide hidden files again:

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and shutdown My Computer.

You have the latest Java (Java™ 6 Update 26). But go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
Java™ 6 Update 7

If we haven't already done so please clear the Java Cache per:
http://www.java.com/...lugin_cache.xml

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you can download and run the UpdateChecker:
http://www.filehippo.../updatechecker/ (You don't need to download the Beta versions and if it shows a program you don't use just uninstall it. (Don't think you can uninstall MSN messenger easily but if it doesn't run at startup then don't worry about it.)


If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: Adhttp://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . It seems to work best if you reboot right after running it. You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0

#30
njlock

njlock

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 353 posts
IS VSS & carbonite the same thing? I dont see anything called VSS

I can't seem to be able to find anyway to uninstall truecrypt, it's not listed in my add/remove program list & I don't see any uninstall option. I'll go on thier website & try to figure it out.

OK at least I know the system is uninfected, and we tweaked it pretty good.

Do you think there's any danger to the system if I can't figure out or solve the actual problem we're having with what you suspect is the issue with VSS (still unclear about this?? :< ) & Trucrypt? ie just live with the lag?

Thanks for all your help, I made a donation to the website this morning, you guys have saved my a** multiple times & I appreciate it.

DAve
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP