Jump to content
dangerpay

XP Anti Virus 2011 - Removed but issues remain

Recommended Posts

OTL Extras logfile created on: 6/5/2011 10:57:25 AM - Run 1

OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Agnes\Downloads

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18904)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.08 Gb Available Physical Memory | 52.02% Memory free

8.20 Gb Paging File | 6.14 Gb Available in Paging File | 74.88% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 284.39 Gb Total Space | 20.69 Gb Free Space | 7.27% Space Free | Partition Type: NTFS

Drive D: | 13.70 Gb Total Space | 2.06 Gb Free Space | 15.01% Space Free | Partition Type: NTFS

Computer Name: AGNES-PC | User Name: Agnes | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1642153451-883063535-3536702933-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

"VistaSp2" = 21 67 AA EA D8 6A CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{01E311DC-08B8-4707-A9DE-31B90FB35B0E}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{04EE5A26-F428-40F4-BC9E-11FE28811A08}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |

"{075ACB47-BC7C-4021-BD0B-AB3B4727D35C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{0EB8618C-305E-4F8D-BB99-8A678825A675}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{1274467E-4BA8-46FA-BE03-02BCBBFD7C4D}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{16E5E3FE-EA31-41A7-A2F7-E76C24425EAE}" = lport=2869 | protocol=6 | dir=in | app=system |

"{20829C54-8684-4BD8-9061-8676D8632EBC}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{24F79A54-6B4A-47FE-B6B8-6C07726254B3}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{25443015-96ED-4AEE-83AC-E03F251A7034}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{26ADDFA1-865D-4A96-8360-D7636FC4E8D8}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |

"{26EAA751-090C-484A-B7B2-81BE1CFD5D14}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{2CF68474-356E-439B-8F19-473F95058291}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{326C2DDA-C746-41B0-9A43-C558E66347D2}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{37B120E0-3B50-4DA4-9D59-D39B174929F2}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{45B22D60-65DE-4F60-9A5B-22D8FD335520}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{45D8F279-0A44-4E3A-A11D-ACB3ADB6B411}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{49772B93-1E38-4BD9-A146-D8458215BC26}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{4AC061ED-B467-4B6B-9D83-13E244BD192A}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |

"{4F79D016-6648-43BD-8B4E-9DBA75E49EA9}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |

"{539E6DB2-4C0D-4A44-920C-AA9754F927FF}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{5637967A-22C2-4CEE-A580-E5B06BF7F572}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |

"{564983DC-9C2B-4804-BD08-00FF938D4CFA}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{5E0379E2-79D5-4BAD-AF20-0BE13CB73530}" = lport=2869 | protocol=6 | dir=in | app=system |

"{6350E2AF-127D-4E96-9932-6DBDA6140BE9}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |

"{65A79AEE-4A64-4139-B9F8-1BA1B8A9BE4B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{667DBF2C-B501-47A2-9D27-80EE7EFEC198}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{69A30B6D-CECC-42F4-94D7-C1BB702CFDDD}" = rport=445 | protocol=6 | dir=out | app=system |

"{6C081608-9E61-4DF2-A37C-F7925525834A}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |

"{6F44142F-59BF-4F7C-BD36-61898180CE51}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{7DDCE109-DC71-4BF2-96C0-020CE34CD46A}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |

"{7FEB13AE-C843-49EC-8C7E-64F227618D7D}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{81242D63-7D7E-4954-B68D-E6124E5F96A1}" = lport=139 | protocol=6 | dir=in | app=system |

"{83BE884F-DBC0-48C9-86FE-2C7E2EABCF02}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{84B5DDE1-CF87-453A-BE53-94E59EE5A8EC}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |

"{86227CE4-7DAF-47E3-8BA2-AC640CEB994F}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |

"{8746A9D6-2B70-4158-A01E-23FE2CCB7AE8}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |

"{8ACC2195-9D09-4D88-AC69-CBE00482F8FF}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{8B9E04E6-1258-43D8-BC15-F0D3B2115D9B}" = rport=137 | protocol=17 | dir=out | app=system |

"{8BB07B8B-19B0-44B3-A2CE-6960325A1092}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |

"{99057229-A84A-4788-AA69-E339C9915ABB}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |

"{9D5B70DE-8D52-4B9E-88AA-1CE4616A929C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{9F2E1053-DB91-4FC2-A272-5B794D128502}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{ABD17D4E-EAD1-42CF-822E-9F7ED8DDF04A}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{AF7081B0-1F11-4AF7-85E3-1ACAB7D1986C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{B258741E-0430-42F1-A990-C79503FFA811}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{B35854CA-0E9D-48DF-8DD7-A37A81F4A798}" = rport=10243 | protocol=6 | dir=out | app=system |

"{B3FC0C49-64AE-4DA6-861B-4F326B4AA508}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |

"{B636832B-BCF6-4EF0-BF04-95009B327B47}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |

"{B7950C17-2DE9-41C0-A745-01A44118E198}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{B8625C6A-EF97-41DB-A738-580B329FEF79}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |

"{B937933E-673C-4CCD-A845-846D3295F413}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

"{BA5DF797-3630-419B-BACB-7D1FDB2088B3}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |

"{BC9449F8-B9E9-4BFC-A7C6-93369A74DA21}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{C28AAA98-0295-444A-882D-A33B1FD5BA1D}" = rport=138 | protocol=17 | dir=out | app=system |

"{C59C5B58-462F-4EDE-BCAB-2AD3AF473660}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |

"{C7BD7F12-6C9F-4A01-A03E-ED1F628A58AB}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |

"{C9303595-D5B5-4CFE-96B9-C2E0DB9ABE31}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{C96FA706-9EB9-4B31-A7C2-E36894E0F44A}" = lport=10243 | protocol=6 | dir=in | app=system |

"{C9C532EF-3FC7-4A08-A3AE-185665BFB99C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{CAA23537-474D-453A-90B7-7BDB35E51002}" = rport=139 | protocol=6 | dir=out | app=system |

"{CB2E2F30-CE84-421A-9E4E-C046B1AA658D}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{CB9BBF73-2016-4942-886A-5287CFCB536F}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |

"{CBBE7732-93A9-403A-83DE-8156294C0D75}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |

"{CCDB6F60-838D-477C-AF1D-0D01A61F0C2F}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{CF29C40A-A0F2-47D1-8D8A-BAAE542FCD2A}" = lport=137 | protocol=17 | dir=in | app=system |

"{D65966E1-C55D-438E-B35A-8EA923A0BCAB}" = lport=138 | protocol=17 | dir=in | app=system |

"{DD18CB39-22D4-4F83-9DA9-664DF71DA63F}" = lport=445 | protocol=6 | dir=in | app=system |

"{E299CF02-2935-4B1C-8C86-DB6E7A623BE0}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{E2ED355C-A4BF-4FB4-9EB2-F61F21C69017}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{E6712149-BE2D-4813-86AB-0747AD238784}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{E7FA5397-8B5A-4189-AEE6-1F6E497E82DD}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{F128D1EA-AFFF-407F-A064-5CA261CB2DC9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{F2774F6E-0943-4447-99D1-9B720F1DA8D7}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |

"{F29539A7-A3C2-479A-B737-2D81DAA93327}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{F32909F2-74E5-4179-895E-E74083261556}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |

"{FC96D5D7-60FB-4E13-B780-89FF936CE01C}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{009DD9C9-9294-42F3-9F60-8E17718D2830}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{01A262EF-6C82-4150-A456-469C59BC7BDA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{02784EA4-0C69-4603-8246-23283BD3D255}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{02F2BDBC-4BCC-4FE0-AAC0-D8E02423F39C}" = protocol=17 | dir=in | app=c:\users\agnes\appdata\local\temp\7zs7187.tmp\symnrt.exe |

"{035D9583-BEA8-459D-B621-08657DD433CF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{0BDF1A49-FFE6-4402-9C96-A530A806D4E6}" = protocol=17 | dir=in | app=c:\users\agnes\appdata\roaming\dropbox\bin\dropbox.exe |

"{0DE35E95-AAF7-4E09-BD5E-0A5C60F9B277}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{12756D8F-F719-4AC2-A9A0-FE38F1DFBD36}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{189FC89A-031B-43ED-ADEF-E98E1FAB3423}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |

"{194E2E04-3D34-4678-A878-BAFDB32EE5E0}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{1AE54BA8-1B10-4D60-8D8A-BCE0EABFF7BA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{1C707ECF-D83B-4B09-8858-2ED5DC2B7FE9}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{2471607B-561F-4160-9487-2FC6E2A88E51}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{250B1210-F8D6-4FD5-8369-B2B4428A1CDA}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{308821F1-ABF0-428E-87E7-ABC8EE695A34}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{31D46EF4-DC11-425D-81A2-7F881863320B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{3258B23D-9294-47F7-AAD7-5E207F9A1570}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{32970161-E467-40C0-A0BC-22F9C530E58A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{388538C3-C54A-45C9-BD28-5BFC6AEE6CE5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{38A377A9-A8A9-44F2-8A96-09CE26429B46}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{3D522D1A-E6E6-41A6-8332-918DA45B1502}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{3F104726-95A4-467D-9C1E-039AA0762AD7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{3FE774E2-CE5D-47C4-90A0-273F500F2768}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{40563AC2-CC4E-43E3-AF43-3B2E3B7B7D08}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |

"{42F729C2-BCA5-4182-8DBF-01061D0BEF20}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{4499690F-ED8F-4D59-8A16-E63F9EF02D33}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{47599FC9-A31D-4C4E-82D3-F998A4F630FB}" = protocol=6 | dir=in | app=c:\users\agnes\appdata\local\temp\7zs7187.tmp\symnrt.exe |

"{4C15FF3F-7B8E-45E9-B5F0-CD701A5FC0A8}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qp.exe |

"{4DED727F-8859-40D5-AB4C-A49757EEB5BA}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |

"{4E5D1037-456B-486F-8153-37F64E4673BD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{525E1CF3-A3B8-4F4F-9FB5-680FF14C4EFB}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |

"{572FC6AF-4B18-43E9-AB13-DE772C3DCC82}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{5A7BCDD4-AB5D-4146-8033-DC52693F7F20}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{5A7F76CE-05B0-424F-9C45-67CBCDEE9177}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |

"{5AF6E26B-58B1-4734-9988-F723A1470AEE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{5C498EBB-1C0C-40FC-803F-8263DDEFF293}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{5CA51FA1-137C-47A2-BAC1-EF108D505AF1}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{5DF4C428-FF3F-44C6-BF68-3FD7416831CB}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |

"{5F6A8D12-5F43-42AC-A98A-A71088875AEF}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{62D0C201-92D6-4480-AD89-6A10E615A295}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |

"{639B2F44-45C3-4F33-BCA7-1E8B8A20A7CF}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{6B92CDC0-FF66-4CD6-9827-2F3787E00F6F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{6C5C3786-2E93-4E35-8E69-047858C6F722}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{75043F8D-804C-4747-87CA-171D1EE73843}" = protocol=6 | dir=in | app=c:\users\agnes\appdata\roaming\dropbox\bin\dropbox.exe |

"{775186B8-1CE5-4A7C-A8FC-80592ED56572}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{783E4DAE-7C6B-4A2D-8110-06C1B52D3F6D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{787E1F21-100A-4EE1-8A27-7EF5FE55F3D2}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{78B300D1-6904-4FDB-878A-6AD403811E28}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{797FA8A4-A337-4062-A2BF-0BC699B72D5D}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |

"{7D4D6353-C6D6-470D-B150-3CA3B60A19E9}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |

"{7FAEEE59-F81F-47DB-A490-4A9DE4B5B52F}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |

"{7FC999D8-658F-4A06-B24A-C4B74830902D}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{7FEFA668-9BDF-4B29-8BE8-FA2E8B55E476}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{80A24812-EFA4-4C21-83EB-ACA9570CDECD}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{81BD8E90-0F3F-4028-A139-52D889ABDD31}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{857B7EB1-D2C6-45A8-BB39-68D04FFE482D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{8A5C0EE1-EF82-4505-970E-63B41C325FB8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{8A983E1C-E191-4327-B769-871F89508E0A}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |

"{8C9762B7-AF17-41F5-BC2F-286DD77D775C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{8FEF5C38-F666-4B87-93ED-773C59DBB40D}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{912931EF-70A9-44FB-B8F4-5D3A9B31FF3B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{92B496C9-7F24-4143-8033-0FD591BDCA96}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |

"{98363477-D281-415F-8EAF-A7FF2700E3E2}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{9D4E696E-8EDE-4803-9DA5-9D6BCAEF33F0}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{A183735F-EDE1-4D6C-A317-59EEE9F5F075}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |

"{A616515A-B2DC-4B9C-964E-5709255BAFC4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{A8C7F1E9-D230-42C4-B24C-81C4C0D154DC}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{AA9AA729-F138-4B95-8DC5-5F9C8E75BF53}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{AD0A7BCE-5297-49CE-B89D-776843C3BF94}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{AED34EDF-6405-496F-A815-3BD437F676F1}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{B288BBD3-811D-4D52-A6DD-EF8313B128D4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{B5180201-498C-4516-A24B-4AA48FB92F08}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |

"{C31A2CAD-F4DB-416F-97BD-2C2C5FD225A5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{C3363A04-2069-48C9-96C3-5757A897CBD6}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{C50FD729-423C-4E8F-8C90-65F2E0AEA538}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{C81FCB07-3373-4144-9787-E64B9321D5FD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{CA6FF709-AF17-49EF-BEC5-01AD19A5F51D}" = protocol=6 | dir=out | app=system |

"{CA90C7C5-713D-43B3-AAF1-FA3F274F594A}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{CAE18190-F862-4486-977B-F2B6D50600B4}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{CEE1550D-DA73-4FBD-8223-5331F67A83AD}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |

"{D0A1F64B-41B8-4C34-8617-44478DDE65AA}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{D3D13C53-BEFA-4EBB-BCF8-0CB762033083}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |

"{D42F50C5-F16B-4618-8362-42D9C8131CC0}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{DE33E7E0-1375-445F-BA23-3A2E1479B033}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{E0892F01-155F-4747-9430-DFEA3E4F9D1F}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{E4CEC2C1-E481-44DE-9421-44891C25F32B}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qpservice.exe |

"{E5597595-0FD2-4C3A-AD51-38CDD0CBD727}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{E6D40FBB-CBA1-4180-AB31-D1C8F3801EF9}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |

"{E75C13F0-36D2-4395-972A-3B4F3601076B}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{E7BCE8A0-2195-4A92-A916-4E65BB5D648B}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |

"{F43596E0-E73B-48D5-BF2F-C150175937BC}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{FE6E7F2D-E618-4B51-BE3E-CB296F1FB675}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"TCP Query User{EC8C759D-C31B-4617-B4A6-E37DD68E6675}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

"UDP Query User{1417C72D-EB68-44D1-8D50-6F7FC47AE27E}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{22ABA92B-6C1B-46D8-AC2B-C48EEAE172A9}" = VD64Inst

"{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection

"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support

"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll

"{4575935D-9457-4517-8750-2341F4286F5F}" = iTunes

"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729

"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile Device Center Driver Update

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Touch Pad Driver

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}" = HP MediaSmart SmartMenu

"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

"B30ECD0209A21D638611F893829C8AF3A483A302" = Windows Driver Package - ENE (enecir) HIDClass (04/29/2008 2.5.0.0)

"CCleaner" = CCleaner

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer

"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam

"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module

"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer

"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1

"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Herramienta de carga de Windows Live

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader

"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check

"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller

"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 23

"{2B83A043-BA8C-4164-98AA-29529D0BE756}" = Windows Live Essentials

"{30D3B7BC-5798-45D9-822D-05CA18F39E99}" = HPTCSSetup

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2

"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader

"{36C9E08A-BE2B-40A0-83C5-576748F7B777}" = TestDrive Client

"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista

"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements

"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library

"{612F4E20-3661-4D44-AD79-823F1B613FB3}" = HP Update

"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader

"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check

"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV

"{6A370610-3778-44AF-9AAC-69B2FD1A3356}" = Microsoft Live Search Toolbar

"{6DCBB845-0FA4-4723-A40A-1F320C221C30}" = Sprint Mobile Broadband (Sierra)

"{7593234B-2AEB-4FC9-B02D-C9B30D86084C}" = Windows Live Asistente para el inicio de sesión

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{7B798B31-2F33-4DC8-BDA4-D36488E86636}" = Slingbox - Watch Your TV Anywhere

"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver

"{8924FD04-AFF1-4387-B08B-6A979485F2BD}" = Windows Live Call

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007

"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars

"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4

"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2

"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR

"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video

"{B830589B-A569-4572-B8C0-6141EA774D96}" = Roxio PhotoSuite Deluxe v9

"{BEC001F9-0451-4396-92D7-E1A4E7854BF3}" = Windows Live Mail

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{C4156B59-DD7E-40DF-AF08-E568A27A6409}" = Windows Live Messenger

"{C4CF43CE-94AE-498E-9EB1-C804E05CB3CA}" = HP User Guides 0125

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{C5E6A84F-2064-40D2-85C4-CE97B76ACECE}" = VitalSource Bookshelf

"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0

"{CF0EDB56-BBF6-3C9F-9C50-2E3B3D444641}" = Google Talk Plugin

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2

"{D1E7142C-6BC3-49EB-A71A-E5D7ADAC7599}" = Nikon File Uploader 2

"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center

"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4

"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD

"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal

"{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2

"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio

"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer

"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition

"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"avast" = avast! Free Antivirus

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"dcmsvc_is1" = dcmsvc 1.0

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"HP Bluetooth Laser Mobile Mouse" = HP Bluetooth Laser Mobile Mouse 1.00.06

"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam

"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV

"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video

"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200

"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)

"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software

"PROR" = Microsoft Office Professional 2007 Trial

"RCA Detective™_is1" = RCA Detective™ 2.0.0.98

"RCA Digital Voice Manager_is1" = RCA Digital Voice Manager 5.0.3.1

"TTM70" = Talk to Me

"VLC media player" = VLC media player 0.9.8a

"WildTangent hp Master Uninstall" = HP Games

"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner

"Windows Mobile Device Handbook" = Touch by HTC™ User Guide

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR archiver

"Yahoo! Companion" = Yahoo! Toolbar

"Yahoo! Software Update" = Yahoo! Software Update

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 9/14/2010 6:31:58 AM | Computer Name = Agnes-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

Error - 9/14/2010 6:31:58 AM | Computer Name = Agnes-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

Error - 9/14/2010 6:32:00 AM | Computer Name = Agnes-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

Error - 9/14/2010 6:32:00 AM | Computer Name = Agnes-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

Error - 9/14/2010 6:32:03 AM | Computer Name = Agnes-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

Error - 9/14/2010 6:32:03 AM | Computer Name = Agnes-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

Error - 9/14/2010 6:32:05 AM | Computer Name = Agnes-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

Error - 9/14/2010 6:32:05 AM | Computer Name = Agnes-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

Error - 9/14/2010 6:32:08 AM | Computer Name = Agnes-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

Error - 9/14/2010 6:32:08 AM | Computer Name = Agnes-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

[ System Events ]

Error - 6/5/2011 10:48:50 AM | Computer Name = Agnes-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 6/5/2011 10:49:16 AM | Computer Name = Agnes-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 6/5/2011 10:49:46 AM | Computer Name = Agnes-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 6/5/2011 10:51:53 AM | Computer Name = Agnes-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 6/5/2011 10:52:21 AM | Computer Name = Agnes-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 6/5/2011 10:52:21 AM | Computer Name = Agnes-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 6/5/2011 10:52:21 AM | Computer Name = Agnes-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 6/5/2011 10:52:28 AM | Computer Name = Agnes-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 6/5/2011 10:52:28 AM | Computer Name = Agnes-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 6/5/2011 10:52:28 AM | Computer Name = Agnes-PC | Source = Service Control Manager | ID = 7000

Description =

< End of report >

Share this post


Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - Startup: C:\Users\Agnes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warner Bros.lnk = File not found
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} https://fixit.suppor...FixItClient.CAB (FixItClient Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O33 - MountPoints2\{33a71268-dff8-11de-b9fa-00235a2fdb97}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\goMEn.eXE
O33 - MountPoints2\{520ecce4-d532-11de-a1df-00235a2fdb97}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL GOMeN.eXE
O33 - MountPoints2\{68e23d52-6ada-11df-8dda-00235a2fdb97}\Shell\AutoRun\command - "" = F:\MULTIM~1.EXE
O33 - MountPoints2\{68e23d52-6ada-11df-8dda-00235a2fdb97}\Shell\doubleTwist\command - "" = F:\MULTIM~1.EXE
O33 - MountPoints2\{79488463-c172-11df-ac4d-00235a2fdb97}\Shell - "" = AutoRun
O33 - MountPoints2\{79488463-c172-11df-ac4d-00235a2fdb97}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{7c73115c-29fa-11de-ba96-00235a2fdb97}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe
O33 - MountPoints2\{7c73115c-29fa-11de-ba96-00235a2fdb97}\Shell\open\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe
O33 - MountPoints2\{86daed1d-87a7-11de-8d4b-00235a2fdb97}\Shell\AutoRun\command - "" = F:\rcaDVM_setup.exe
O33 - MountPoints2\{86daed1d-87a7-11de-8d4b-00235a2fdb97}\Shell\install\command - "" = F:\rcaDVM_setup.exe
O33 - MountPoints2\{a79990cc-dec5-11de-9280-00235a2fdb97}\Shell - "" = AutoRun
O33 - MountPoints2\{a79990cc-dec5-11de-9280-00235a2fdb97}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{e15736ab-cd56-11de-9cfe-00235a2fdb97}\Shell - "" = AutoRun
O33 - MountPoints2\{e15736ab-cd56-11de-9cfe-00235a2fdb97}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{e9fa3577-4eb7-11de-9d2c-00235a2fdb97}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe
O33 - MountPoints2\{e9fa3577-4eb7-11de-9d2c-00235a2fdb97}\Shell\open\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe
[2 C:\Users\Agnes\Desktop\*.tmp files -> C:\Users\Agnes\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2011/05/14 00:47:03 | 000,010,080 | -HS- | M] () -- C:\Users\Agnes\AppData\Local\d43ty083vt8n0eg1yin153biwk27
[2011/05/14 00:47:03 | 000,010,080 | -HS- | M] () -- C:\ProgramData\d43ty083vt8n0eg1yin153biwk27
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Next

Download aswMBR.exe to your Desktop => http://public.avast.com/~gmerek/aswMBR.exe

  • Run as Admin
  • Click the Scan button to start scan.
  • On completion of the scan click Save log, save it to your desktop and post in your next reply.

On your Desktop there should also be MBR.dat, zip it up and attach

Share this post


Link to post
Share on other sites

Where i download the fix for EXE extension?

Here

btw. did you follow my previous instructions?

Share this post


Link to post
Share on other sites

Here

btw. did you follow my previous instructions?

I am diferent computer, but yes I did, but the asMBR scanner caused a BSOD in the computer.

Share this post


Link to post
Share on other sites

Don't want to re-hijack my own thread but BIG thanks to rise and all for your assistance. All of my issues have been fixed!

Share this post


Link to post
Share on other sites

I am diferent computer, but yes I did, but the asMBR scanner caused a BSOD in the computer.

  • Download TDSSKiller and save it to your Desktop.
  • Unzip the folder (Right Click > Extract to your Desktop).
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory.

Share this post


Link to post
Share on other sites

here we go again here is the log

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.

File move failed. C:\Users\Agnes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warner Bros.lnk scheduled to be moved on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!

Starting removal of ActiveX control {02BCC737-B171-4746-94C9-0D8A0B2C0089}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{02BCC737-B171-4746-94C9-0D8A0B2C0089}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02BCC737-B171-4746-94C9-0D8A0B2C0089}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{02BCC737-B171-4746-94C9-0D8A0B2C0089}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02BCC737-B171-4746-94C9-0D8A0B2C0089}\ not found.

Starting removal of ActiveX control {17492023-C23A-453E-A040-C7C580BBF700}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{17492023-C23A-453E-A040-C7C580BBF700}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17492023-C23A-453E-A040-C7C580BBF700}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{17492023-C23A-453E-A040-C7C580BBF700}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17492023-C23A-453E-A040-C7C580BBF700}\ not found.

Starting removal of ActiveX control {3860DD98-0549-4D50-AA72-5D17D200EE10}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3860DD98-0549-4D50-AA72-5D17D200EE10}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3860DD98-0549-4D50-AA72-5D17D200EE10}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3860DD98-0549-4D50-AA72-5D17D200EE10}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3860DD98-0549-4D50-AA72-5D17D200EE10}\ not found.

Starting removal of ActiveX control {588031A3-94BF-4CDD-86D0-939F6F93910F}

C:\Windows\Downloaded Program Files\FixIt.inf moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{588031A3-94BF-4CDD-86D0-939F6F93910F}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{588031A3-94BF-4CDD-86D0-939F6F93910F}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{588031A3-94BF-4CDD-86D0-939F6F93910F}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{588031A3-94BF-4CDD-86D0-939F6F93910F}\ not found.

Starting removal of ActiveX control {73ECB3AA-4717-450C-A2AB-D00DAD9EE203}

C:\Windows\Downloaded Program Files\setup.inf moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{73ECB3AA-4717-450C-A2AB-D00DAD9EE203}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73ECB3AA-4717-450C-A2AB-D00DAD9EE203}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{73ECB3AA-4717-450C-A2AB-D00DAD9EE203}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73ECB3AA-4717-450C-A2AB-D00DAD9EE203}\ not found.

Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found.

Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}

C:\Windows\Downloaded Program Files\gp.inf not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.

File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ not found.

File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.

File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}\ not found.

File {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}\ deleted successfully.

File {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03C514A3-1EFB-4856-9F99-10D7BE1653C0}\ not found.

File {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33a71268-dff8-11de-b9fa-00235a2fdb97}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33a71268-dff8-11de-b9fa-00235a2fdb97}\ not found.

File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\goMEn.eXE not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{520ecce4-d532-11de-a1df-00235a2fdb97}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{520ecce4-d532-11de-a1df-00235a2fdb97}\ not found.

File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL GOMeN.eXE not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{68e23d52-6ada-11df-8dda-00235a2fdb97}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68e23d52-6ada-11df-8dda-00235a2fdb97}\ not found.

File F:\MULTIM~1.EXE not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{68e23d52-6ada-11df-8dda-00235a2fdb97}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68e23d52-6ada-11df-8dda-00235a2fdb97}\ not found.

File F:\MULTIM~1.EXE not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79488463-c172-11df-ac4d-00235a2fdb97}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79488463-c172-11df-ac4d-00235a2fdb97}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79488463-c172-11df-ac4d-00235a2fdb97}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79488463-c172-11df-ac4d-00235a2fdb97}\ not found.

File G:\LaunchU3.exe -a not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c73115c-29fa-11de-ba96-00235a2fdb97}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7c73115c-29fa-11de-ba96-00235a2fdb97}\ not found.

File F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c73115c-29fa-11de-ba96-00235a2fdb97}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7c73115c-29fa-11de-ba96-00235a2fdb97}\ not found.

File F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{86daed1d-87a7-11de-8d4b-00235a2fdb97}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86daed1d-87a7-11de-8d4b-00235a2fdb97}\ not found.

File F:\rcaDVM_setup.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{86daed1d-87a7-11de-8d4b-00235a2fdb97}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86daed1d-87a7-11de-8d4b-00235a2fdb97}\ not found.

File F:\rcaDVM_setup.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a79990cc-dec5-11de-9280-00235a2fdb97}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a79990cc-dec5-11de-9280-00235a2fdb97}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a79990cc-dec5-11de-9280-00235a2fdb97}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a79990cc-dec5-11de-9280-00235a2fdb97}\ not found.

File G:\LaunchU3.exe -a not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e15736ab-cd56-11de-9cfe-00235a2fdb97}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e15736ab-cd56-11de-9cfe-00235a2fdb97}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e15736ab-cd56-11de-9cfe-00235a2fdb97}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e15736ab-cd56-11de-9cfe-00235a2fdb97}\ not found.

File G:\LaunchU3.exe -a not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e9fa3577-4eb7-11de-9d2c-00235a2fdb97}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9fa3577-4eb7-11de-9d2c-00235a2fdb97}\ not found.

File F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e9fa3577-4eb7-11de-9d2c-00235a2fdb97}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9fa3577-4eb7-11de-9d2c-00235a2fdb97}\ not found.

File F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe not found.

C:\Users\Agnes\Desktop\~WRL0001.tmp deleted successfully.

C:\Users\Agnes\Desktop\~WRL3983.tmp deleted successfully.

C:\Windows\msdownld.tmp folder deleted successfully.

C:\Users\Agnes\AppData\Local\d43ty083vt8n0eg1yin153biwk27 moved successfully.

C:\ProgramData\d43ty083vt8n0eg1yin153biwk27 moved successfully.

========== COMMANDS ==========

HOSTS file reset successfully

[EMPTYTEMP]

User: Agnes

->Temp folder emptied: 12675723 bytes

->Temporary Internet Files folder emptied: 20121600 bytes

->Java cache emptied: 79266370 bytes

->FireFox cache emptied: 43990143 bytes

->Flash cache emptied: 60237 bytes

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 898 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes

RecycleBin emptied: 208731264 bytes

Total Files Cleaned = 348.00 mb

[EMPTYFLASH]

User: Agnes

->Flash cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.23.0 log created on 06052011_122800

Files\Folders moved on Reboot...

File\Folder C:\Users\Agnes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warner Bros.lnk not found!

C:\Users\Agnes\AppData\Local\Temp\ehmsas.txt moved successfully.

File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Share this post


Link to post
Share on other sites

The TDSKIller showed "no threats"" found. As I said before I removed the threats with SAS, the only problem is the windows update that dont work

Share this post


Link to post
Share on other sites

The TDSKIller showed "no threats"" found. As I said before I removed the threats with SAS, the only problem is the windows update that dont work

???

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...