Fake 'windows protection' alerts

Author	All Replies
cjski The Wheel Weaves As The Wheel Will join:2001-01-04 Sun City, CA	Fake 'windows protection' alerts I just started receinving fake 'windows protection...' alerts, so I ran through the cleanup steps (except ESET). Logs posted below. Appreciate any help. Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 8251 Windows 6.1.7600 Internet Explorer 9.0.8112.16421 11/27/2011 12:02:31 AM mbam-log-2011-11-27 (00-02-31).txt Scan type: Full scan (C:\\|D:\\|) Objects scanned: 333269 Time elapsed: 42 minute(s), 8 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
	to forum · permalink · 2011-11-27 03:53:37 ·

cjski The Wheel Weaves As The Wheel Will join:2001-01-04 Sun City, CA	OTL logfile created on: 11/26/2011 10:59:40 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\cjski\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 1.75 Gb Total Physical Memory \| 0.84 Gb Available Physical Memory \| 48.20% Memory free 3.50 Gb Paging File \| 2.37 Gb Available in Paging File \| 67.86% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files (x86) Drive C: \| 455.02 Gb Total Space \| 410.53 Gb Free Space \| 90.22% Space Free \| Partition Type: NTFS Drive D: \| 10.64 Gb Total Space \| 1.57 Gb Free Space \| 14.79% Space Free \| Partition Type: NTFS Computer Name: CJSKI-PC \| User Name: cjski \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: Current user \| Include 64bit Scans Company Name Whitelist: Off \| Skip Microsoft Files: Off \| No Company Name Whitelist: On \| File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011/11/26 22:56:35 \| 000,584,192 \| ---- \| M] (OldTimer Tools) -- C:\Users\cjski\Desktop\OTL.exe PRC - [2011/08/31 17:00:48 \| 000,449,608 \| ---- \| M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011/08/31 17:00:48 \| 000,366,152 \| ---- \| M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2010/11/16 14:35:42 \| 000,274,608 \| ---- \| M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe PRC - [2010/10/14 17:27:38 \| 000,092,216 \| ---- \| M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2010/08/27 14:33:32 \| 000,779,984 \| ---- \| M] (Symantec Corporation) -- C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\18.0.0.128\InstStub.exe PRC - [2010/05/22 21:39:05 \| 000,126,904 \| R--- \| M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.0.0.128\ccSvcHst.exe PRC - [2010/05/20 23:28:00 \| 011,312,128 \| ---- \| M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2010/05/20 23:27:58 \| 011,318,784 \| ---- \| M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2009/08/24 18:11:16 \| 000,656,896 \| ---- \| M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe PRC - [2008/11/20 09:47:28 \| 000,062,768 \| ---- \| M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2010/05/04 14:36:28 \| 000,970,752 \| ---- \| M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:64bit: - [2009/07/13 17:41:27 \| 001,011,712 \| ---- \| M] (Microsoft Corporation) [Auto \| Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2011/08/31 17:00:48 \| 000,366,152 \| ---- \| M] (Malwarebytes Corporation) [Auto \| Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011/03/29 14:41:46 \| 000,053,248 \| ---- \| M] (NOS Microsystems Ltd.) [On_Demand \| Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R) SRV - [2010/10/14 17:27:38 \| 000,092,216 \| ---- \| M] (Hewlett-Packard Company) [Auto \| Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2010/05/22 21:39:05 \| 000,126,904 \| R--- \| M] (Symantec Corporation) [Unknown \| Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.0.0.128\ccSvcHst.exe -- (NIS) SRV - [2010/03/18 12:16:28 \| 000,130,384 \| ---- \| M] (Microsoft Corporation) [Auto \| Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 13:23:09 \| 000,066,384 \| ---- \| M] (Microsoft Corporation) [Disabled \| Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/06/05 16:07:28 \| 000,250,616 \| ---- \| M] (WildTangent, Inc.) [On_Demand \| Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:64bit: - [2011/08/31 17:00:50 \| 000,025,416 \| ---- \| M] (Malwarebytes Corporation) [File_System \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011/03/10 22:22:41 \| 000,107,904 \| ---- \| M] (Advanced Micro Devices) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/10 22:22:40 \| 000,027,008 \| ---- \| M] (Advanced Micro Devices) [Kernel \| Boot \| Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/05/23 16:41:39 \| 000,038,248 \| R--- \| M] (Symantec Corporation) [Kernel \| System \| Running] -- C:\Windows\SysNative\drivers\NISx64\1200000.080\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV:64bit: - [2010/05/23 16:41:38 \| 000,701,800 \| R--- \| M] (Symantec Corporation) [File_System \| System \| Running] -- C:\Windows\SysNative\drivers\NISx64\1200000.080\srtsp64.sys -- (SRTSP) DRV:64bit: - [2009/07/30 09:12:56 \| 000,339,744 \| ---- \| M] (NVIDIA Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET) DRV:64bit: - [2009/07/13 17:52:20 \| 000,194,128 \| ---- \| M] (AMD Technologies Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 17:48:04 \| 000,065,600 \| ---- \| M] (LSI Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 17:47:48 \| 000,077,888 \| ---- \| M] (Hewlett-Packard Company) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009/07/13 17:45:55 \| 000,024,656 \| ---- \| M] (Promise Technology) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 12:34:33 \| 003,286,016 \| ---- \| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 12:34:28 \| 000,468,480 \| ---- \| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 12:34:23 \| 000,270,848 \| ---- \| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 12:31:59 \| 000,031,232 \| ---- \| M] (Hauppauge Computer Works, Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2010/05/28 01:00:00 \| 001,773,104 \| ---- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20100528.021\EX64.SYS -- (NAVEX15) DRV - [2010/05/28 01:00:00 \| 000,117,808 \| ---- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20100528.021\ENG64.SYS -- (NAVENG) DRV - [2009/07/13 17:19:10 \| 000,019,008 \| ---- \| M] (Microsoft Corporation) [File_System \| On_Demand \| Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = »g.msn.com/CQDSK/1 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »g.msn.com/CQDSK/1 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = »g.msn.com/CQDSK/1 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »g.msn.com/CQDSK/1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = »g.msn.com/CQDSK/1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »www.google.com/ IE - HKCU\..\URLSearchHook: {c44f9e21-d93f-490c-b41c-b3548bdd19fc} - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.102: C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.10.1\npHDPlg.dll () FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\cjski\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\cjski\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\cjski\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\cjski\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/16 14:35:57 \| 000,000,000 \| ---D \| M] [2011/05/08 18:23:01 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Users\cjski\AppData\Roaming\Mozilla\Extensions [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\gcswf32.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\pdf.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\cjski\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\cjski\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll CHR - plugin: getPlusPlus for Adobe 162102 (Enabled) = C:\Program Files (x86)\NOS\bin\np_gp.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Hulu Desktop (Enabled) = C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.10.1\npHDPlg.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Entanglement = C:\Users\cjski\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.5.7_0\ CHR - Extension: GameVance = C:\Users\cjski\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnhgoncokajlafhnhjmccgcmgggiehjm\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\cjski\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\ CHR - Extension: Poppit = C:\Users\cjski\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\ O1 HOSTS File: ([2009/06/10 13:00:26 \| 000,000,824 \| ---- \| M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll () O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll () O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (RefresherBand Class) - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - C:\Program Files (x86)\YRefresher\YRefresher.dll () O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll () O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (RefresherBand Class) - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - C:\Program Files (x86)\YRefresher\YRefresher.dll () O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard) O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) O4 - Startup: C:\Users\cjski\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} »platformdl.adobe.com/NOS/getPlus···6/gp.cab (get_atlcom Class) O16 - DPF: {F375116A-793C-11D2-BFE1-444553540001} »realist2.firstamres.com/mapviewe···ewer.cab (First American Res MapActiveX Control) O16 - DPF: vzTCPConfig »my.verizon.com/micro/speedoptimi···nfig.CAB (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.64.12 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{713FD0CE-4996-4CD4-B61A-C545A61D87C4}: DhcpNameServer = 192.168.1.1 68.238.64.12 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\vsharechrome - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk ) O35:64bit:* - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011/11/26 22:56:35 \| 000,584,192 \| ---- \| C] (OldTimer Tools) -- C:\Users\cjski\Desktop\OTL.exe [2011/11/26 22:40:40 \| 000,446,464 \| ---- \| C] (OldTimer Tools) -- C:\Users\cjski\Desktop\TFC.exe [2011/11/26 21:59:56 \| 000,000,000 \| ---D \| C] -- C:\Windows\system64 [2011/11/10 20:51:29 \| 000,000,000 \| ---D \| C] -- C:\Users\cjski\AppData\Roaming\Malwarebytes [2011/11/10 20:49:26 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/11/10 20:49:26 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Malwarebytes [2011/11/10 20:49:21 \| 000,025,416 \| ---- \| C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011/11/10 20:49:21 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011/11/26 23:03:18 \| 000,015,792 \| -H-- \| M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/11/26 23:03:18 \| 000,015,792 \| -H-- \| M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/11/26 22:58:25 \| 000,000,896 \| ---- \| M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011/11/26 22:57:30 \| 000,879,652 \| ---- \| M] () -- C:\Users\cjski\Desktop\SecurityCheck.exe [2011/11/26 22:56:35 \| 000,584,192 \| ---- \| M] (OldTimer Tools) -- C:\Users\cjski\Desktop\OTL.exe [2011/11/26 22:54:29 \| 000,000,892 \| ---- \| M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011/11/26 22:54:10 \| 000,067,584 \| --S- \| M] () -- C:\Windows\bootstat.dat [2011/11/26 22:54:07 \| 1408,098,304 \| -HS- \| M] () -- C:\hiberfil.sys [2011/11/26 22:40:41 \| 000,446,464 \| ---- \| M] (OldTimer Tools) -- C:\Users\cjski\Desktop\TFC.exe [2011/11/26 22:30:34 \| 000,000,000 \| ---- \| M] () -- C:\ProgramData\2YQ1YpB.dat [2011/11/26 22:14:56 \| 000,008,290 \| -HS- \| M] () -- C:\ProgramData\aoekmg7h0xsk3fhh0kqq1s574o1q [2011/11/26 22:14:55 \| 000,008,290 \| -HS- \| M] () -- C:\Users\cjski\AppData\Local\aoekmg7h0xsk3fhh0kqq1s574o1q [2011/11/25 23:43:21 \| 000,443,214 \| ---- \| M] () -- C:\Users\cjski\Desktop\e.87thMC.ods [2011/11/25 23:43:19 \| 000,000,114 \| -H-- \| M] () -- C:\Users\cjski\Desktop\.~lock.e.87thMC.ods# [2011/11/25 23:05:16 \| 000,397,191 \| ---- \| M] () -- C:\Users\cjski\Desktop\w. 71stMC.ods [2011/11/23 08:04:27 \| 000,013,540 \| ---- \| M] () -- C:\Users\cjski\Desktop\11-23-11.ods [2011/11/23 07:58:56 \| 000,014,765 \| ---- \| M] () -- C:\Users\cjski\Desktop\10-27-11to11-22-11.ods [2011/11/22 23:23:51 \| 000,478,936 \| ---- \| M] () -- C:\Users\cjski\Desktop\carribeanMCb.ods [2011/11/22 23:23:49 \| 000,000,114 \| -H-- \| M] () -- C:\Users\cjski\Desktop\.~lock.carribeanMCb.ods# [2011/11/22 23:17:26 \| 000,260,179 \| ---- \| M] () -- C:\Users\cjski\Desktop\carribeanMC.ods [2011/11/22 09:27:24 \| 000,334,280 \| ---- \| M] () -- C:\Users\cjski\Desktop\2048011MC.ods [2011/11/22 09:27:21 \| 000,000,114 \| -H-- \| M] () -- C:\Users\cjski\Desktop\.~lock.2048011MC.ods# [2011/11/22 00:26:23 \| 000,000,908 \| ---- \| M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-152471229-762847833-4253421684-1001UA.job [2011/11/21 21:02:25 \| 000,385,019 \| ---- \| M] () -- C:\Users\cjski\Desktop\flintMCb.ods [2011/11/21 21:02:23 \| 000,000,114 \| -H-- \| M] () -- C:\Users\cjski\Desktop\.~lock.flintMCb.ods# [2011/11/21 20:55:43 \| 000,478,569 \| ---- \| M] () -- C:\Users\cjski\Desktop\flintMC.ods [2011/11/21 13:58:36 \| 000,000,856 \| ---- \| M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-152471229-762847833-4253421684-1001Core.job [2011/11/20 23:15:42 \| 000,438,017 \| ---- \| M] () -- C:\Users\cjski\Desktop\vernalMC.ods [2011/11/20 23:15:40 \| 000,000,114 \| -H-- \| M] () -- C:\Users\cjski\Desktop\.~lock.vernalMC.ods# [2011/11/20 19:49:17 \| 000,239,633 \| ---- \| M] () -- C:\Users\cjski\Desktop\mapleviewMC.ods [2011/11/20 19:49:15 \| 000,000,114 \| -H-- \| M] () -- C:\Users\cjski\Desktop\.~lock.mapleviewMC.ods# [2011/11/20 17:28:12 \| 000,468,372 \| ---- \| M] () -- C:\Users\cjski\Desktop\basaltMCb.ods [2011/11/20 17:28:10 \| 000,000,114 \| -H-- \| M] () -- C:\Users\cjski\Desktop\.~lock.basaltMCb.ods# [2011/11/20 17:18:15 \| 000,252,387 \| ---- \| M] () -- C:\Users\cjski\Desktop\basaltMC.ods [2011/11/19 00:59:00 \| 000,726,316 \| ---- \| M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011/11/19 00:59:00 \| 000,623,940 \| ---- \| M] () -- C:\Windows\SysNative\perfh009.dat [2011/11/19 00:59:00 \| 000,106,316 \| ---- \| M] () -- C:\Windows\SysNative\perfc009.dat [2011/11/19 00:55:27 \| 000,414,368 \| ---- \| M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2011/11/17 19:36:32 \| 000,372,301 \| ---- \| M] () -- C:\Users\cjski\Desktop\agrigentoMC.ods [2011/11/17 19:36:30 \| 000,000,114 \| -H-- \| M] () -- C:\Users\cjski\Desktop\.~lock.agrigentoMC.ods# [2011/11/17 14:40:15 \| 006,946,833 \| ---- \| M] () -- C:\Users\cjski\Desktop\pelicanPC.PDF [2011/11/17 14:11:15 \| 000,480,955 \| ---- \| M] () -- C:\Users\cjski\Desktop\pelicanMCb.ods [2011/11/17 14:11:13 \| 000,000,114 \| -H-- \| M] () -- C:\Users\cjski\Desktop\.~lock.pelicanMCb.ods# [2011/11/17 14:02:47 \| 000,273,002 \| ---- \| M] () -- C:\Users\cjski\Desktop\pelicanMC.ods [2011/11/16 20:59:21 \| 000,002,346 \| ---- \| M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2011/11/14 22:05:45 \| 000,263,685 \| ---- \| M] () -- C:\Users\cjski\Desktop\lindenbergerMCb.ods [2011/11/14 22:05:43 \| 000,000,114 \| -H-- \| M] () -- C:\Users\cjski\Desktop\.~lock.lindenbergerMCb.ods# [2011/11/14 21:59:18 \| 000,204,923 \| ---- \| M] () -- C:\Users\cjski\Desktop\lindenbergerMC.ods [2011/11/14 15:38:18 \| 000,960,028 \| ---- \| M] () -- C:\Users\cjski\Desktop\lindenbergerPC.PDF [2011/11/14 12:05:33 \| 000,349,589 \| ---- \| M] () -- C:\Users\cjski\Desktop\sandsMC.ods [2011/11/14 12:05:31 \| 000,000,114 \| -H-- \| M] () -- C:\Users\cjski\Desktop\.~lock.sandsMC.ods# [2011/11/14 09:44:51 \| 000,612,433 \| ---- \| M] () -- C:\Users\cjski\Desktop\heidiMC.ods [2011/11/14 09:44:48 \| 000,000,114 \| -H-- \| M] () -- C:\Users\cjski\Desktop\.~lock.heidiMC.ods# [2011/11/11 03:17:46 \| 000,303,944 \| ---- \| M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011/11/10 22:24:39 \| 000,000,332 \| ---- \| M] () -- C:\Windows\tasks\HPCeeScheduleForcjski.job [2011/11/10 20:49:27 \| 000,001,115 \| ---- \| M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/11/10 08:08:34 \| 000,276,683 \| ---- \| M] () -- C:\Users\cjski\Desktop\galeriaMC.ods [2011/11/10 08:08:32 \| 000,000,114 \| -H-- \| M] () -- C:\Users\cjski\Desktop\.~lock.galeriaMC.ods# [2011/11/10 07:58:55 \| 000,061,207 \| ---- \| M] () -- C:\Users\cjski\Desktop\galeriaPC.pdf [2011/11/08 15:01:29 \| 000,808,763 \| ---- \| M] () -- C:\Users\cjski\Desktop\herringtonPC.PDF [2011/11/08 14:57:06 \| 000,317,178 \| ---- \| M] () -- C:\Users\cjski\Desktop\herringtonMCc.ods [2011/11/08 14:57:04 \| 000,000,114 \| -H-- \| M] () -- C:\Users\cjski\Desktop\.~lock.herringtonMCc.ods# [2011/11/08 14:52:58 \| 000,232,892 \| ---- \| M] () -- C:\Users\cjski\Desktop\herringtonMCb.ods [2011/11/08 14:48:23 \| 000,210,949 \| ---- \| M] () -- C:\Users\cjski\Desktop\herringtonMC.ods [2011/11/08 08:11:54 \| 000,510,755 \| ---- \| M] () -- C:\Users\cjski\Desktop\challendonMC.ods [2011/11/08 08:11:52 \| 000,000,114 \| -H-- \| M] () -- C:\Users\cjski\Desktop\.~lock.challendonMC.ods# [2011/11/07 16:59:57 \| 000,572,048 \| ---- \| M] () -- C:\Users\cjski\Desktop\alcornMCc.ods [2011/11/07 16:59:53 \| 000,000,114 \| -H-- \| M] () -- C:\Users\cjski\Desktop\.~lock.alcornMCc.ods# [2011/11/07 16:58:01 \| 000,335,468 \| ---- \| M] () -- C:\Users\cjski\Desktop\alcornMCb.ods [2011/11/07 16:58:00 \| 000,000,114 \| -H-- \| M] () -- C:\Users\cjski\Desktop\.~lock.alcornMCb.ods# [2011/11/07 16:53:04 \| 000,361,882 \| ---- \| M] () -- C:\Users\cjski\Desktop\alcornMC.ods [2011/11/02 15:20:11 \| 000,333,369 \| ---- \| M] () -- C:\Users\cjski\Desktop\palominoMC.ods [2011/11/02 15:20:09 \| 000,000,114 \| -H-- \| M] () -- C:\Users\cjski\Desktop\.~lock.palominoMC.ods# [2011/11/01 19:51:18 \| 000,007,605 \| ---- \| M] () -- C:\Users\cjski\AppData\Local\Resmon.ResmonCfg [2011/11/01 17:41:57 \| 000,155,469 \| ---- \| M] () -- C:\Users\cjski\Desktop\freeportPC2.pdf [2011/10/31 12:49:19 \| 001,922,235 \| ---- \| M] () -- C:\Users\cjski\Desktop\freeportPC.pdf [2011/10/31 09:48:12 \| 000,581,276 \| ---- \| M] () -- C:\Users\cjski\Desktop\freeportMC.ods [2011/10/31 09:48:09 \| 000,000,114 \| -H-- \| M] () -- C:\Users\cjski\Desktop\.~lock.freeportMC.ods# [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011/11/26 22:57:30 \| 000,879,652 \| ---- \| C] () -- C:\Users\cjski\Desktop\SecurityCheck.exe [2011/11/26 22:30:34 \| 000,000,000 \| ---- \| C] () -- C:\ProgramData\2YQ1YpB.dat [2011/11/26 21:59:19 \| 000,008,290 \| -HS- \| C] () -- C:\Users\cjski\AppData\Local\aoekmg7h0xsk3fhh0kqq1s574o1q [2011/11/26 21:59:19 \| 000,008,290 \| -HS- \| C] () -- C:\ProgramData\aoekmg7h0xsk3fhh0kqq1s574o1q [2011/11/25 23:41:19 \| 000,000,114 \| -H-- \| C] () -- C:\Users\cjski\Desktop\.~lock.e.87thMC.ods# [2011/11/25 23:41:17 \| 000,443,214 \| ---- \| C] () -- C:\Users\cjski\Desktop\e.87thMC.ods [2011/11/25 23:02:01 \| 000,397,191 \| ---- \| C] () -- C:\Users\cjski\Desktop\w. 71stMC.ods [2011/11/23 07:58:54 \| 000,014,765 \| ---- \| C] () -- C:\Users\cjski\Desktop\10-27-11to11-22-11.ods [2011/11/22 23:17:35 \| 000,000,114 \| -H-- \| C] () -- C:\Users\cjski\Desktop\.~lock.carribeanMCb.ods# [2011/11/22 23:17:34 \| 000,478,936 \| ---- \| C] () -- C:\Users\cjski\Desktop\carribeanMCb.ods [2011/11/22 23:16:24 \| 000,260,179 \| ---- \| C] () -- C:\Users\cjski\Desktop\carribeanMC.ods [2011/11/22 09:25:09 \| 000,000,114 \| -H-- \| C] () -- C:\Users\cjski\Desktop\.~lock.2048011MC.ods# [2011/11/22 09:25:08 \| 000,334,280 \| ---- \| C] () -- C:\Users\cjski\Desktop\2048011MC.ods [2011/11/21 20:58:49 \| 000,000,114 \| -H-- \| C] () -- C:\Users\cjski\Desktop\.~lock.flintMCb.ods# [2011/11/21 20:58:47 \| 000,385,019 \| ---- \| C] () -- C:\Users\cjski\Desktop\flintMCb.ods [2011/11/21 20:52:46 \| 000,478,569 \| ---- \| C] () -- C:\Users\cjski\Desktop\flintMC.ods [2011/11/20 23:13:49 \| 000,000,114 \| -H-- \| C] () -- C:\Users\cjski\Desktop\.~lock.vernalMC.ods# [2011/11/20 23:13:47 \| 000,438,017 \| ---- \| C] () -- C:\Users\cjski\Desktop\vernalMC.ods [2011/11/20 19:48:10 \| 000,000,114 \| -H-- \| C] () -- C:\Users\cjski\Desktop\.~lock.mapleviewMC.ods# [2011/11/20 19:48:09 \| 000,239,633 \| ---- \| C] () -- C:\Users\cjski\Desktop\mapleviewMC.ods [2011/11/20 17:18:22 \| 000,000,114 \| -H-- \| C] () -- C:\Users\cjski\Desktop\.~lock.basaltMCb.ods# [2011/11/20 17:18:20 \| 000,468,372 \| ---- \| C] () -- C:\Users\cjski\Desktop\basaltMCb.ods [2011/11/20 17:17:11 \| 000,252,387 \| ---- \| C] () -- C:\Users\cjski\Desktop\basaltMC.ods [2011/11/17 19:34:12 \| 000,000,114 \| -H-- \| C] () -- C:\Users\cjski\Desktop\.~lock.agrigentoMC.ods# [2011/11/17 19:30:21 \| 000,372,301 \| ---- \| C] () -- C:\Users\cjski\Desktop\agrigentoMC.ods [2011/11/17 14:39:59 \| 006,946,833 \| ---- \| C] () -- C:\Users\cjski\Desktop\pelicanPC.PDF [2011/11/17 14:02:53 \| 000,000,114 \| -H-- \| C] () -- C:\Users\cjski\Desktop\.~lock.pelicanMCb.ods# [2011/11/17 14:02:52 \| 000,480,955 \| ---- \| C] () -- C:\Users\cjski\Desktop\pelicanMCb.ods [2011/11/17 14:01:38 \| 000,273,002 \| ---- \| C] () -- C:\Users\cjski\Desktop\pelicanMC.ods [2011/11/14 22:00:11 \| 000,000,114 \| -H-- \| C] () -- C:\Users\cjski\Desktop\.~lock.lindenbergerMCb.ods# [2011/11/14 22:00:09 \| 000,263,685 \| ---- \| C] () -- C:\Users\cjski\Desktop\lindenbergerMCb.ods [2011/11/14 21:59:15 \| 000,204,923 \| ---- \| C] () -- C:\Users\cjski\Desktop\lindenbergerMC.ods [2011/11/14 15:38:17 \| 000,960,028 \| ---- \| C] () -- C:\Users\cjski\Desktop\lindenbergerPC.PDF [2011/11/14 12:03:57 \| 000,000,114 \| -H-- \| C] () -- C:\Users\cjski\Desktop\.~lock.sandsMC.ods# [2011/11/14 12:03:55 \| 000,349,589 \| ---- \| C] () -- C:\Users\cjski\Desktop\sandsMC.ods [2011/11/14 09:42:10 \| 000,000,114 \| -H-- \| C] () -- C:\Users\cjski\Desktop\.~lock.heidiMC.ods# [2011/11/14 09:42:08 \| 000,612,433 \| ---- \| C] () -- C:\Users\cjski\Desktop\heidiMC.ods [2011/11/10 20:49:27 \| 000,001,115 \| ---- \| C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/11/10 08:06:53 \| 000,000,114 \| -H-- \| C] () -- C:\Users\cjski\Desktop\.~lock.galeriaMC.ods# [2011/11/10 08:06:51 \| 000,276,683 \| ---- \| C] () -- C:\Users\cjski\Desktop\galeriaMC.ods [2011/11/10 07:58:55 \| 000,061,207 \| ---- \| C] () -- C:\Users\cjski\Desktop\galeriaPC.pdf [2011/11/08 15:01:29 \| 000,808,763 \| ---- \| C] () -- C:\Users\cjski\Desktop\herringtonPC.PDF [2011/11/08 14:53:40 \| 000,000,114 \| -H-- \| C] () -- C:\Users\cjski\Desktop\.~lock.herringtonMCc.ods# [2011/11/08 14:53:38 \| 000,317,178 \| ---- \| C] () -- C:\Users\cjski\Desktop\herringtonMCc.ods [2011/11/08 14:48:31 \| 000,232,892 \| ---- \| C] () -- C:\Users\cjski\Desktop\herringtonMCb.ods [2011/11/08 14:47:20 \| 000,210,949 \| ---- \| C] () -- C:\Users\cjski\Desktop\herringtonMC.ods [2011/11/08 08:09:25 \| 000,000,114 \| -H-- \| C] () -- C:\Users\cjski\Desktop\.~lock.challendonMC.ods# [2011/11/08 08:09:23 \| 000,510,755 \| ---- \| C] () -- C:\Users\cjski\Desktop\challendonMC.ods [2011/11/07 16:58:40 \| 000,000,114 \| -H-- \| C] () -- C:\Users\cjski\Desktop\.~lock.alcornMCc.ods# [2011/11/07 16:58:39 \| 000,572,048 \| ---- \| C] () -- C:\Users\cjski\Desktop\alcornMCc.ods [2011/11/07 16:55:38 \| 000,335,468 \| ---- \| C] () -- C:\Users\cjski\Desktop\alcornMCb.ods [2011/11/07 16:55:38 \| 000,000,114 \| -H-- \| C] () -- C:\Users\cjski\Desktop\.~lock.alcornMCb.ods# [2011/11/07 16:51:06 \| 000,361,882 \| ---- \| C] () -- C:\Users\cjski\Desktop\alcornMC.ods [2011/11/02 15:18:49 \| 000,000,114 \| -H-- \| C] () -- C:\Users\cjski\Desktop\.~lock.palominoMC.ods# [2011/11/02 15:18:48 \| 000,333,369 \| ---- \| C] () -- C:\Users\cjski\Desktop\palominoMC.ods [2011/11/01 19:51:18 \| 000,007,605 \| ---- \| C] () -- C:\Users\cjski\AppData\Local\Resmon.ResmonCfg [2011/11/01 17:41:57 \| 000,155,469 \| ---- \| C] () -- C:\Users\cjski\Desktop\freeportPC2.pdf [2011/10/31 12:49:19 \| 001,922,235 \| ---- \| C] () -- C:\Users\cjski\Desktop\freeportPC.pdf [2011/10/31 09:45:38 \| 000,000,114 \| -H-- \| C] () -- C:\Users\cjski\Desktop\.~lock.freeportMC.ods# [2011/10/31 09:45:36 \| 000,581,276 \| ---- \| C] () -- C:\Users\cjski\Desktop\freeportMC.ods [2011/06/02 00:10:36 \| 000,001,854 \| ---- \| C] () -- C:\Users\cjski\AppData\Roaming\GhostObjGAFix.xml [2010/12/11 14:42:57 \| 000,905,290 \| R--- \| C] () -- C:\Windows\SysWow64\libmmd.dll [2010/11/02 16:40:37 \| 000,000,067 \| ---- \| C] () -- C:\Windows\iltwain.ini [2010/02/09 17:58:12 \| 000,012,800 \| ---- \| C] () -- C:\Windows\LPRES.DLL [2009/07/13 21:38:36 \| 000,067,584 \| --S- \| C] () -- C:\Windows\bootstat.dat [2009/07/13 18:35:51 \| 000,000,741 \| ---- \| C] () -- C:\Windows\SysWow64\NOISE.DAT [2009/07/13 18:34:42 \| 000,215,943 \| ---- \| C] () -- C:\Windows\SysWow64\dssec.dat [2009/07/13 16:10:29 \| 000,043,131 \| ---- \| C] () -- C:\Windows\mib.bin [2009/07/13 15:42:10 \| 000,064,000 \| ---- \| C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 13:03:59 \| 000,364,544 \| ---- \| C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/06/10 13:26:10 \| 000,673,088 \| ---- \| C] () -- C:\Windows\SysWow64\mlang.dat [color=#E56717]========== LOP Check ==========[/color] [2011/11/10 21:41:33 \| 000,000,000 \| ---D \| M] -- C:\Users\cjski\AppData\Roaming\EurekaLog [2011/05/14 16:04:53 \| 000,000,000 \| ---D \| M] -- C:\Users\cjski\AppData\Roaming\OpenCandy [2010/11/02 17:56:30 \| 000,000,000 \| ---D \| M] -- C:\Users\cjski\AppData\Roaming\OpenOffice.org [2010/11/02 14:46:14 \| 000,000,000 \| ---D \| M] -- C:\Users\cjski\AppData\Roaming\PictureMover [2011/01/19 21:46:35 \| 000,000,000 \| ---D \| M] -- C:\Users\cjski\AppData\Roaming\WinBatch [2009/07/13 21:08:49 \| 000,013,144 \| ---- \| M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] OTL Extras logfile created on: 11/26/2011 10:59:40 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\cjski\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 1.75 Gb Total Physical Memory \| 0.84 Gb Available Physical Memory \| 48.20% Memory free 3.50 Gb Paging File \| 2.37 Gb Available in Paging File \| 67.86% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files (x86) Drive C: \| 455.02 Gb Total Space \| 410.53 Gb Free Space \| 90.22% Space Free \| Partition Type: NTFS Drive D: \| 10.64 Gb Total Space \| 1.57 Gb Free Space \| 14.79% Space Free \| Partition Type: NTFS Computer Name: CJSKI-PC \| User Name: cjski \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: Current user \| Include 64bit Scans Company Name Whitelist: Off \| Skip Microsoft Files: Off \| No Company Name Whitelist: On \| File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [color=#E56717]========== Shell Spawning ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64 "{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "NVIDIA Drivers" = NVIDIA Drivers [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{08DB3902-2CE0-474D-BCE3-0177766CE9F1}" = HP Support Assistant "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover "{1BCF955D-1F76-4D42-97F2-23CC39028C0A}" = ClickFORMS "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26 "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2E56A14B-A38A-3AD6-B06D-4A0DCC0F2F2C}" = Google Talk Plugin "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2 "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup "{73E0D3A0-9C30-4F59-ABBF-6233686FB396}_is1" = ConTEXT v0.98.6 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6 "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger "{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer "{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information "{C124BC7E-1C94-44C7-A8CA-70D10644FB05}" = Intellex Player "{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update "{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call "{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004) "{EA4FFFE4-0517-46AC-A19B-A8013985F766}" = Microsoft Live Search Toolbar "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FD71E2F7-B9FC-4072-88DB-AC19E2464D82}" = LightScribe System Software "Adobe AIR" = Adobe AIR "Google Chrome" = Google Chrome "HP Remote Solution" = HP Remote Solution "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300 "NIS" = Norton Internet Security "RealPlayer 12.0" = RealPlayer "vShare" = vShare Plugin "WildTangent hp Master Uninstall" = HP Games "WinLiveSuite_Wave3" = Windows Live Essentials "YRefresher_is1" = Yrefresher 1.00 [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "HuluDesktop" = Hulu Desktop [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 11/2/2011 4:52:37 AM \| Computer Name = cjski-PC \| Source = SideBySide \| ID = 16842787 Description = Activation context generation failed for "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis. Error - 11/3/2011 11:58:07 AM \| Computer Name = cjski-PC \| Source = SideBySide \| ID = 16842785 Description = Activation context generation failed for "C:\Program Files (x86)\Real\RealPlayer\plugins\rmxrend.dll". Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 11/4/2011 12:53:42 AM \| Computer Name = cjski-PC \| Source = SideBySide \| ID = 16842787 Description = Activation context generation failed for "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis. Error - 11/4/2011 3:27:53 AM \| Computer Name = cjski-PC \| Source = SideBySide \| ID = 16842787 Description = Activation context generation failed for "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis. Error - 11/5/2011 4:22:21 AM \| Computer Name = cjski-PC \| Source = SideBySide \| ID = 16842787 Description = Activation context generation failed for "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis. Error - 11/5/2011 11:38:05 PM \| Computer Name = cjski-PC \| Source = SideBySide \| ID = 16842785 Description = Activation context generation failed for "C:\Program Files (x86)\Real\RealPlayer\plugins\rmxrend.dll". Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 11/5/2011 11:38:10 PM \| Computer Name = cjski-PC \| Source = SideBySide \| ID = 16842785 Description = Activation context generation failed for "C:\Program Files (x86)\Real\RealPlayer\plugins\rmxrend.dll". Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 11/6/2011 3:32:01 AM \| Computer Name = cjski-PC \| Source = SideBySide \| ID = 16842787 Description = Activation context generation failed for "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis. Error - 11/7/2011 3:58:09 PM \| Computer Name = cjski-PC \| Source = SideBySide \| ID = 16842785 Description = Activation context generation failed for "C:\Program Files (x86)\Real\RealPlayer\plugins\rmxrend.dll". Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 11/9/2011 3:29:01 PM \| Computer Name = cjski-PC \| Source = SideBySide \| ID = 16842787 Description = Activation context generation failed for "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis. [ Hewlett-Packard Events ] Error - 12/9/2010 1:20:24 AM \| Computer Name = cjski-PC \| Source = Hewlett-Packard \| ID = 0 Description = en-US Could not find a part of the path 'C:\ProgramData\Hewlett-Packard\HP Support Framework\Logs\Temp\HPSA\HPSASession_201012082120.xml'. mscorlib at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at System.IO.StreamWriter.CreateFile(String path, Boolean append) at System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding, Int32 bufferSize) at System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding) at System.IO.File.WriteAllText(String path, String contents, Encoding encoding) at HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession() Error - 12/16/2010 1:57:28 AM \| Computer Name = cjski-PC \| Source = Hewlett-Packard \| ID = 0 Description = en-US Could not find a part of the path 'C:\ProgramData\Hewlett-Packard\HP Support Framework\Logs\Temp\HPSA\HPSASession_201012152157.xml'. mscorlib at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at System.IO.StreamWriter.CreateFile(String path, Boolean append) at System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding, Int32 bufferSize) at System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding) at System.IO.File.WriteAllText(String path, String contents, Encoding encoding) at HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession() Error - 12/23/2010 1:15:18 AM \| Computer Name = cjski-PC \| Source = Hewlett-Packard \| ID = 0 Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\121022091516.xml File not created by asset agent Error - 12/23/2010 1:16:25 AM \| Computer Name = cjski-PC \| Source = Hewlett-Packard \| ID = 0 Description = en-US Could not find a part of the path 'C:\ProgramData\Hewlett-Packard\HP Support Framework\Logs\Temp\HPSA\HPSASession_201012222116.xml'. mscorlib at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at System.IO.StreamWriter.CreateFile(String path, Boolean append) at System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding, Int32 bufferSize) at System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding) at System.IO.File.WriteAllText(String path, String contents, Encoding encoding) at HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession() Error - 12/30/2010 2:22:28 AM \| Computer Name = cjski-PC \| Source = Hewlett-Packard \| ID = 0 Description = en-US Could not find a part of the path 'C:\ProgramData\Hewlett-Packard\HP Support Framework\Logs\Temp\HPSA\HPSASession_201012292222.xml'. mscorlib at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at System.IO.StreamWriter.CreateFile(String path, Boolean append) at System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding, Int32 bufferSize) at System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding) at System.IO.File.WriteAllText(String path, String contents, Encoding encoding) at HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession() Error - 1/20/2011 2:02:55 AM \| Computer Name = cjski-PC \| Source = Hewlett-Packard \| ID = 0 Description = en-US Object reference not set to an instance of an object. HP.ActiveSupportLibrary at HP.ActiveSupportLibrary.Issues.HPSFSession.?() Error - 1/26/2011 1:20:32 PM \| Computer Name = cjski-PC \| Source = Hewlett-Packard \| ID = 0 Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\011126092018.xml File not created by asset agent Error - 2/23/2011 1:15:28 PM \| Computer Name = cjski-PC \| Source = Hewlett-Packard \| ID = 0 Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\021123091503.xml File not created by asset agent Error - 4/20/2011 12:58:16 PM \| Computer Name = cjski-PC \| Source = Hewlett-Packard \| ID = 0 Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\041120095812.xml File not created by asset agent Error - 6/2/2011 4:10:33 AM \| Computer Name = cjski-PC \| Source = Hewlett-Packard \| ID = 0 Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\061102011029.xml File not created by asset agent [ System Events ] Error - 8/31/2011 4:59:35 PM \| Computer Name = cjski-PC \| Source = Service Control Manager \| ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. Error - 8/31/2011 6:08:10 PM \| Computer Name = cjski-PC \| Source = Service Control Manager \| ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service. Error - 9/1/2011 1:19:43 AM \| Computer Name = cjski-PC \| Source = Service Control Manager \| ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service. Error - 9/1/2011 4:24:38 AM \| Computer Name = cjski-PC \| Source = Service Control Manager \| ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service. Error - 9/1/2011 12:12:25 PM \| Computer Name = cjski-PC \| Source = Service Control Manager \| ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service. Error - 9/1/2011 4:25:28 PM \| Computer Name = cjski-PC \| Source = Service Control Manager \| ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service. Error - 9/1/2011 6:15:08 PM \| Computer Name = cjski-PC \| Source = Service Control Manager \| ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service. Error - 9/1/2011 7:20:43 PM \| Computer Name = cjski-PC \| Source = Service Control Manager \| ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service. Error - 9/2/2011 3:59:33 AM \| Computer Name = cjski-PC \| Source = Service Control Manager \| ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service. Error - 9/2/2011 11:43:29 AM \| Computer Name = cjski-PC \| Source = Service Control Manager \| ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service.
	to forum · permalink · 2011-11-27 03:54:33 ·
cjski The Wheel Weaves As The Wheel Will join:2001-01-04 Sun City, CA	reply to cjski Results of screen317's Security Check version 0.99.28 Windows 7 x64 (UAC is enabled) Internet Explorer 9 `````````````````````````````` [u]Antivirus/Firewall Check:[/u] Windows Firewall Enabled! Norton Internet Security [size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size] ``````````````````````````````` [u]Anti-malware/Other Utilities Check:[/u] Malwarebytes' Anti-Malware Java(TM) 6 Update 26 [color=red]Java version out of date![/color] Adobe Reader 9 [color=red](Adobe Reader out of date![/color] ```````````````````````````````` Process Check: [u]objlist.exe by Laurent[/u] Norton ccSvcHst.exe Malwarebytes' Anti-Malware mbamservice.exe Malwarebytes' Anti-Malware mbamgui.exe ``````````End of Log```````````` QuickScan 64-bit v0.9.9.100 --------------------------- Scan date: Sun Nov 27 00:39:09 2011 Machine ID: A87DF530 No infection found. ------------------- Processes --------- (unsigned) HP Remote Solution 1492 C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (unsigned) LightScribe 1532 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (unsigned) OpenOffice.org 3.2 1232 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (unsigned) OpenOffice.org 3.2 1036 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (verified) hpwuSchd Application 1576 C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe (verified) GoogleToolbarNotifier 1964 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (verified) HP Quick Synchronization Service 1452 C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (verified) HP Support Assistant 3144 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe (verified) hpsysdrv Application 1396 C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (verified) Java(TM) Platform SE Auto Updater 2 0 2524 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (verified) Malwarebytes' Anti-Malware 2532 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (verified) Malwarebytes' Anti-Malware 3348 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (verified) Microsoft® Windows® Operating System 1996 C:\Program Files\Windows Media Player\wmpnetwk.exe (verified) Microsoft® Windows® Operating System 1604 C:\Windows\explorer.exe (verified) Microsoft® Windows® Operating System 412 C:\Windows\System32\csrss.exe (verified) Microsoft® Windows® Operating System 480 C:\Windows\System32\csrss.exe (verified) Microsoft® Windows® Operating System 1592 C:\Windows\System32\dwm.exe (verified) Microsoft® Windows® Operating System 572 C:\Windows\System32\lsass.exe (verified) Microsoft® Windows® Operating System 580 C:\Windows\System32\lsm.exe (verified) Microsoft® Windows® Operating System 556 C:\Windows\System32\services.exe (verified) Microsoft® Windows® Operating System 268 C:\Windows\System32\smss.exe (verified) Microsoft® Windows® Operating System 1176 C:\Windows\System32\spoolsv.exe (verified) Microsoft® Windows® Operating System 484 C:\Windows\System32\svchost.exe (verified) Microsoft® Windows® Operating System 588 C:\Windows\System32\svchost.exe (verified) Microsoft® Windows® Operating System 800 C:\Windows\System32\svchost.exe (verified) Microsoft® Windows® Operating System 872 C:\Windows\System32\svchost.exe (verified) Microsoft® Windows® Operating System 1000 C:\Windows\System32\svchost.exe (verified) Microsoft® Windows® Operating System 1300 C:\Windows\System32\svchost.exe (verified) Microsoft® Windows® Operating System 1208 C:\Windows\System32\svchost.exe (verified) Microsoft® Windows® Operating System 1792 C:\Windows\System32\svchost.exe (verified) Microsoft® Windows® Operating System 976 C:\Windows\System32\svchost.exe (verified) Microsoft® Windows® Operating System 700 C:\Windows\System32\svchost.exe (verified) Microsoft® Windows® Operating System 3088 C:\Windows\System32\svchost.exe (verified) Microsoft® Windows® Operating System 924 C:\Windows\System32\svchost.exe (verified) Microsoft® Windows® Operating System 1460 C:\Windows\System32\taskhost.exe (verified) Microsoft® Windows® Operating System 468 C:\Windows\System32\wininit.exe (verified) Microsoft® Windows® Operating System 544 C:\Windows\System32\winlogon.exe (verified) Microsoft® Windows® Operating System 3620 C:\Windows\System32\wuauclt.exe (verified) Microsoft® Windows® Operating System 2304 C:\Windows\System32\WUDFHost.exe (verified) Norton Internet Security 1892 C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\18.0.0.128\InstStub.exe (verified) NVIDIA Driver Helper Service, Version 1 1124 C:\Windows\System32\nvvsvc.exe (verified) NVIDIA Driver Helper Service, Version 1 760 C:\Windows\System32\nvvsvc.exe (verified) RealPlayer (32-bit) 2496 C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (verified) Symantec Security Technologies 1580 C:\Program Files (x86)\Norton Internet Security\Engine\18.0.0.128\ccSvcHst.exe (verified) Windows® Internet Explorer 2060 C:\Program Files\Internet Explorer\iexplore.exe (verified) Windows® Internet Explorer 888 C:\Program Files\Internet Explorer\iexplore.exe (verified) Windows® Search 1292 C:\Windows\System32\SearchIndexer.exe Network activity ---------------- Process iexplore.exe (888) connected on port 443 (HTTP over SSL) --> 173.194.64.95 Process iexplore.exe (888) connected on port 443 (HTTP over SSL) --> 173.194.64.95 Process iexplore.exe (888) connected on port 80 (HTTP) --> 65.200.11.146 Process iexplore.exe (888) connected on port 80 (HTTP) --> 63.110.246.43 Process iexplore.exe (888) connected on port 80 (HTTP) --> 65.200.11.146 Process iexplore.exe (888) connected on port 80 (HTTP) --> 63.110.246.43 Process iexplore.exe (888) connected on port 80 (HTTP) --> 74.125.224.164 Process iexplore.exe (888) connected on port 80 (HTTP) --> 74.125.224.164 Process iexplore.exe (888) connected on port 80 (HTTP) --> 66.220.147.44 Process iexplore.exe (888) connected on port 80 (HTTP) --> 66.220.147.44 Process wininit.exe (468) listens on ports: 49152 (RPC) Process services.exe (556) listens on ports: 49156 (RPC) Process lsass.exe (572) listens on ports: 49157 (RPC) Process svchost.exe (800) listens on ports: 135 (RPC) Process svchost.exe (924) listens on ports: 49153 (RPC) Process svchost.exe (1000) listens on ports: 49154 (RPC) Process spoolsv.exe (1176) listens on ports: 49155 (RPC) Process wmpnetwk.exe (1996) listens on ports: 554 (RTSP) Autoruns and critical files --------------------------- (unsigned) Internet Explorer C:\Program Files (x86)\Internet Explorer (unsigned) PictureMover Application C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (unsigned) quickstart.exe C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (verified) hpwuSchd Application C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe (verified) Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (verified) Adobe Reader and Acrobat Manager C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (verified) Google Update C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (verified) Google Update C:\Users\cjski\AppData\Local\Google\Update\GoogleUpdate.exe (verified) GoogleToolbarNotifier C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (verified) HP Ceement C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe (verified) hpsysdrv Application C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (verified) Java(TM) Platform SE Auto Updater 2 0 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (verified) Malwarebytes' Anti-Malware C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe (verified) Norton Online Backup C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (verified) NVIDIA Compatible Windows7 Display driv C:\Windows\system32\NvCpl.dll (verified) RealPlayer (32-bit) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (verified) Windows Live Messenger C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe Browser plugins --------------- (unsigned) Map Viewer Control Module C:\Windows\Downloaded Program Files\mapviewer.ocx (unsigned) Verizon TCP Configuration utility C:\Windows\Downloaded Program Files\vzTCPConfig.dll (verified) BitDefender QuickScan C:\Windows\Downloaded Program Files\qsax.dll (verified) BitDefender QuickScan C:\Windows\Downloaded Program Files\qsax64.dll (verified) getPlus+(R) C:\Windows\Downloaded Program Files\gp.ocx (verified) Google Talk Plugin C:\Users\cjski\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (verified) Google Talk Plugin Video Accelerator C:\Users\cjski\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll (verified) Google Toolbar for Internet Explorer c:\program files (x86)\google\google toolbar\googletoolbar_64.dll (verified) Google Update C:\Users\cjski\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (verified) Hulu Desktop C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.10.1\npHDPlg.dll (verified) Microsoft® Windows® Operating System C:\Windows\System32\mswsock.dll (verified) Microsoft® Windows® Operating System C:\Windows\System32\NapiNSP.dll (verified) Microsoft® Windows® Operating System C:\Windows\System32\nlaapi.dll (verified) Microsoft® Windows® Operating System C:\Windows\System32\pnrpnsp.dll (verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll (verified) Windows® Internet Explorer C:\Windows\System32\ieframe.dll Missing files ------------- File not found: C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe --> HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\"HP Remote Solution" File not found: c:\program files\java\jre6\bin\jp2ssv.dll --> HKLM\Software\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\InprocServer32\"(default)" Scan ---- MD5: 4a77c31e21f922995226cdbc41b91026 C:\Program Files (x86)\Common Files\LightScribe\LSLog.dll MD5: 78050e770ffae1fc5faa25cd108a6e43 C:\Program Files (x86)\Common Files\LightScribe\LSSProxy.dll MD5: b1e1c8bb1392537e4d415fcdcb93b1d3 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe MD5: 47dce3a2fe0b34dd9f01eb4037303a3e C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe MD5: 16f418774061546d1c11ee6d69b45ddf C:\Program Files (x86)\OpenOffice.org 3\program\aggmi.dll MD5: 4b33cb1da8f724deedc227c25b0685e4 C:\Program Files (x86)\OpenOffice.org 3\program\avmediami.dll MD5: 102c52c3ed800e74c102997ba6487d91 C:\Program Files (x86)\OpenOffice.org 3\program\basegfxmi.dll MD5: 23e75bf2f7b2dcba2fcbe5cd6a2933f4 C:\Program Files (x86)\OpenOffice.org 3\program\behelper.uno.dll MD5: 093fc273d1d41c429639a244b3e5e849 C:\Program Files (x86)\OpenOffice.org 3\program\canvastoolsmi.dll MD5: e012e338c2883b7d2f75676fe59a2762 C:\Program Files (x86)\OpenOffice.org 3\program\comphelp4MSC.dll MD5: 0e9b9080ec6b67e777a09e4800a81a94 C:\Program Files (x86)\OpenOffice.org 3\program\configmgr2.uno.dll MD5: 99407cadea791d3087d431a9d6b7da29 C:\Program Files (x86)\OpenOffice.org 3\program\cppcanvasmi.dll MD5: 6da662b2c4e3f6277644f8f7f123154c C:\Program Files (x86)\OpenOffice.org 3\program\drawinglayermi.dll MD5: 1f18edb0ecb4d1cbd5614e9d28e6a4f8 C:\Program Files (x86)\OpenOffice.org 3\program\emsermi.dll MD5: ddf1b3037f108509732c013e01717de7 C:\Program Files (x86)\OpenOffice.org 3\program\fwemi.dll MD5: e1e26ab87223886fc5fbeb3efc5c6901 C:\Program Files (x86)\OpenOffice.org 3\program\fwimi.dll MD5: a9d865ced47bce7ebc77049a13790b82 C:\Program Files (x86)\OpenOffice.org 3\program\fwkmi.dll MD5: 973713eb3dc679291546dda634125543 C:\Program Files (x86)\OpenOffice.org 3\program\gomi.dll MD5: 8cfaa3aa70771ecba2c7725f5a3781ca C:\Program Files (x86)\OpenOffice.org 3\program\i18nisolang1MSC.dll MD5: f31b1bd9a9f9e74127fb8b95d81b36a7 C:\Program Files (x86)\OpenOffice.org 3\program\i18npapermi.dll MD5: a950a4b9e8d432a839d0a6473f857902 C:\Program Files (x86)\OpenOffice.org 3\program\i18nutilMSC.dll MD5: 951775c077bc507f8e0853c239664543 C:\Program Files (x86)\OpenOffice.org 3\program\icudt40.dll MD5: c8d87acb5d27c7ed40f41cad8f3b0b87 C:\Program Files (x86)\OpenOffice.org 3\program\icuuc40.dll MD5: 2d1427fb7a3d305ca6f3be6f02d5d37f C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MD5: 827afcc2669d7d70a1c22daa49e5bef6 C:\Program Files (x86)\OpenOffice.org 3\program\lngmi.dll MD5: d067c328fd74c1bf7105300155124e81 C:\Program Files (x86)\OpenOffice.org 3\program\localebe1.uno.dll MD5: 2270f24ebad967082c73cec74c785adf C:\Program Files (x86)\OpenOffice.org 3\program\oleautobridge.uno.dll MD5: c7475600f51d0b9bd32ad677413191a7 C:\Program Files (x86)\OpenOffice.org 3\program\oooimprovementmi.dll MD5: a9a9f5163f79df7134bf9735850e2abd C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe MD5: 29a66ed323dcb3aeb65f8287e5b9ddc9 C:\Program Files (x86)\OpenOffice.org 3\program\sax.uno.dll MD5: cfa104661d3b4af42c379cddd50bd8c2 C:\Program Files (x86)\OpenOffice.org 3\program\saxmi.dll MD5: daf1f0ce28afc670614865003e629292 C:\Program Files (x86)\OpenOffice.org 3\program\sbmi.dll MD5: d163ea1a1023dbe0bb2558462f391b40 C:\Program Files (x86)\OpenOffice.org 3\program\sfxmi.dll MD5: 4b723f33d7331f20e06f3a2fd76ec1d5 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin MD5: 569e547273c25b019054a12a40400ece C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe MD5: f15c8e24a8a4011f79e64e89e9e2ecba C:\Program Files (x86)\OpenOffice.org 3\program\sofficeapp.dll MD5: 29152b8ea87a52a9eafd9160236f761e C:\Program Files (x86)\OpenOffice.org 3\program\sotmi.dll MD5: ab3320e852daacaf201c02a8d061bd4d C:\Program Files (x86)\OpenOffice.org 3\program\svlmi.dll MD5: 8a1532174f9abcb3d8d6c30dce0d9eba C:\Program Files (x86)\OpenOffice.org 3\program\svtmi.dll MD5: a866730f7cbcac713ff3c262691d057c C:\Program Files (x86)\OpenOffice.org 3\program\svxcoremi.dll MD5: 338a1ddd1f7a6bdf640078bbb2530ebd C:\Program Files (x86)\OpenOffice.org 3\program\svxmi.dll MD5: e22a61bfdab717a4017404fee4c98927 C:\Program Files (x86)\OpenOffice.org 3\program\sysmgr1.uno.dll MD5: 20cb9daa4a93eab6d0a03a0bca861927 C:\Program Files (x86)\OpenOffice.org 3\program\tkmi.dll MD5: d12284aae79e869a05f0001951b711e5 C:\Program Files (x86)\OpenOffice.org 3\program\tlmi.dll MD5: a8fd4c50412e657a89939b79483eacea C:\Program Files (x86)\OpenOffice.org 3\program\ucb1.dll MD5: b4298a86f8841eadd4acad948cce446c C:\Program Files (x86)\OpenOffice.org 3\program\ucbhelper4MSC.dll MD5: 5ccbd4a23f52593cb7e02c8efa1a0e3d C:\Program Files (x86)\OpenOffice.org 3\program\ucpfile1.dll MD5: b06c294b0c9418c7ff5f49acd2498e34 C:\Program Files (x86)\OpenOffice.org 3\program\utlmi.dll MD5: 6b9de68503dc365c9dac418ae0530426 C:\Program Files (x86)\OpenOffice.org 3\program\vclmi.dll MD5: 13b896e8ad6f9bdf0fb8353321ceca09 C:\Program Files (x86)\OpenOffice.org 3\program\vos3MSC.dll MD5: 612c2c52bcebb915fd0c1e7a8694f3ce C:\Program Files (x86)\OpenOffice.org 3\program\xcrmi.dll MD5: 07f44b4d7f61558bc62a69936d69ee33 C:\Program Files (x86)\OpenOffice.org 3\program\xomi.dll MD5: 2e28e63cdeb0ea8af6fc3609b2a6f867 C:\Program Files (x86)\OpenOffice.org 3\URE\bin\bootstrap.uno.dll MD5: dc859f773666b1627cf403e195d566db C:\Program Files (x86)\OpenOffice.org 3\URE\bin\cppu3.dll MD5: 87ba15fceeaba95bf1eb2124b78f7960 C:\Program Files (x86)\OpenOffice.org 3\URE\bin\cppuhelper3MSC.dll MD5: 08cb606b8fd03134e89153a4905ac1e2 C:\Program Files (x86)\OpenOffice.org 3\URE\bin\jvmfwk3.dll MD5: efbfbf40df8289e67014c01527562767 C:\Program Files (x86)\OpenOffice.org 3\URE\bin\msci_uno.dll MD5: f5ea54585ebcb149032aa97da8a0fb25 C:\Program Files (x86)\OpenOffice.org 3\URE\bin\reg3.dll MD5: 433fbacd2970358badcc877f5679d072 C:\Program Files (x86)\OpenOffice.org 3\URE\bin\sal3.dll MD5: 96f3cfa6d00b874d4faf99788aec0dff C:\Program Files (x86)\OpenOffice.org 3\URE\bin\salhelper3MSC.dll MD5: e88c7c8c6488de7c2d938d44efee621a C:\Program Files (x86)\OpenOffice.org 3\URE\bin\stlport_vc7145.dll MD5: 42bc3f1656cc4fdc38b2c9f26d87bb5c C:\Program Files (x86)\OpenOffice.org 3\URE\bin\stocservices.uno.dll MD5: 4183715c3c299794e397af93f16f9bbd C:\Program Files (x86)\OpenOffice.org 3\URE\bin\store3.dll MD5: 5faafccb17fe2ad3849293fe9a27ac07 C:\Program Files (x86)\OpenOffice.org 3\URE\bin\uwinapi.dll MD5: b00743b9009bd4104c34dd0c09d49dd1 C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe MD5: 6e0f0ffc250941745be59d91e75191fe C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll MD5: bc2131adf3e4f0368314fd98212d35b8 C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\89539913ae4a7cd0cb6ca733d6bf699e\mscorlib.ni.dll MD5: 8015bb1f932d927d227e60496bb066fe C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\6c408c75363c244afcb954200b188199\System.Drawing.ni.dll MD5: 5ff64192089476a6364411d35e81c0f1 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\67f37e5fb5f244787700522285b1f6b8\System.Runtime.Remoting.ni.dll MD5: 1510d3897ccf3647c961d575df071d61 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\d3579b19ab4822a1ed465b1b332f9b3f\System.ServiceProcess.ni.dll MD5: e4c13377d54915349e842e72a15b786c C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\bdc91c67bab6062f540f003882e9c994\System.Windows.Forms.ni.dll MD5: 0869989b336b9eb29ac9c094153dd3ca C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\74e76c1f1037e289e2affd0099097519\System.Xml.ni.dll MD5: 999fd254c877192b5844dc71b44e8fcb C:\Windows\assembly\NativeImages_v2.0.50727_64\System\878cc5c7c2ea9fee5668149bf085afff\System.ni.dll MD5: 514d62ff061fae77866e0f570d1c4428 C:\Windows\Downloaded Program Files\mapviewer.ocx MD5: 961da8580cc1944081788b98ce41b5e3 C:\Windows\Downloaded Program Files\vzTCPConfig.dll MD5: 4f3dee025dfc4d8bb067fa952d040405 C:\Windows\system32\drivers\NISx64\1200000.080\SRTSP64.SYS MD5: f14935c467021f3293a099307cfc8e2a C:\Windows\system32\drivers\NISx64\1200000.080\SRTSPX64.SYS MD5: 3faecd859e7c784359e75d3cdb1f1cdb C:\Windows\System32\nvsvcr.dll The following file(s) must be uploaded for server-side scanning: C:\Program Files (x86)\OpenOffice.org 3\program\sotmi.dll C:\Program Files (x86)\OpenOffice.org 3\URE\bin\msci_uno.dll C:\Program Files (x86)\OpenOffice.org 3\program\sysmgr1.uno.dll C:\Program Files (x86)\OpenOffice.org 3\program\oleautobridge.uno.dll C:\Program Files (x86)\OpenOffice.org 3\program\cppcanvasmi.dll C:\Program Files (x86)\OpenOffice.org 3\program\sofficeapp.dll C:\Program Files (x86)\OpenOffice.org 3\program\behelper.uno.dll C:\Program Files (x86)\OpenOffice.org 3\URE\bin\reg3.dll C:\Program Files (x86)\OpenOffice.org 3\program\lngmi.dll C:\Program Files (x86)\OpenOffice.org 3\program\ucb1.dll C:\Program Files (x86)\OpenOffice.org 3\URE\bin\cppu3.dll C:\Program Files (x86)\OpenOffice.org 3\program\i18nisolang1MSC.dll C:\Program Files (x86)\OpenOffice.org 3\program\icuuc40.dll C:\Program Files (x86)\OpenOffice.org 3\program\svlmi.dll C:\Program Files (x86)\OpenOffice.org 3\program\fwemi.dll C:\Program Files (x86)\OpenOffice.org 3\program\oooimprovementmi.dll C:\Program Files (x86)\OpenOffice.org 3\program\ucbhelper4MSC.dll C:\Program Files (x86)\OpenOffice.org 3\URE\bin\stocservices.uno.dll C:\Program Files (x86)\OpenOffice.org 3\program\drawinglayermi.dll C:\Program Files (x86)\OpenOffice.org 3\program\vos3MSC.dll C:\Program Files (x86)\OpenOffice.org 3\program\utlmi.dll C:\Program Files (x86)\OpenOffice.org 3\program\canvastoolsmi.dll C:\Program Files (x86)\OpenOffice.org 3\program\sax.uno.dll C:\Program Files (x86)\OpenOffice.org 3\URE\bin\uwinapi.dll C:\Program Files (x86)\OpenOffice.org 3\URE\bin\salhelper3MSC.dll C:\Program Files (x86)\OpenOffice.org 3\program\tlmi.dll C:\Program Files (x86)\OpenOffice.org 3\program\avmediami.dll C:\Program Files (x86)\OpenOffice.org 3\program\localebe1.uno.dll C:\Program Files (x86)\OpenOffice.org 3\program\gomi.dll C:\Program Files (x86)\OpenOffice.org 3\program\i18nutilMSC.dll C:\Program Files (x86)\OpenOffice.org 3\URE\bin\cppuhelper3MSC.dll C:\Program Files (x86)\OpenOffice.org 3\URE\bin\jvmfwk3.dll C:\Program Files (x86)\OpenOffice.org 3\URE\bin\stlport_vc7145.dll C:\Program Files (x86)\OpenOffice.org 3\program\emsermi.dll C:\Program Files (x86)\OpenOffice.org 3\URE\bin\store3.dll C:\Program Files (x86)\OpenOffice.org 3\program\aggmi.dll C:\Program Files (x86)\OpenOffice.org 3\program\xcrmi.dll C:\Program Files (x86)\OpenOffice.org 3\URE\bin\bootstrap.uno.dll C:\Program Files (x86)\OpenOffice.org 3\program\i18npapermi.dll Upload started - 37 file(s) salhelper3MSC.dll (13312) i18nisolang1MSC.dll (25088) i18npapermi.dll (29184) localebe1.uno.dll (29696) behelper.uno.dll (30720) sysmgr1.uno.dll (37376) msci_uno.dll (51712) store3.dll (55296) i18nutilMSC.dll (66560) oooimprovementmi.dll (83968) uwinapi.dll (86016) jvmfwk3.dll (92160) stocservices.uno.dll (92672) reg3.dll (93184) vos3MSC.dll (94208) aggmi.dll (129024) cppu3.dll (142848) emsermi.dll (148992) sax.uno.dll (156672) ucb1.dll (197632) avmediami.dll (200192) sotmi.dll (256512) cppcanvasmi.dll (279040) oleautobridge.uno.dll (280576) gomi.dll (293376) sofficeapp.dll (348672) ucbhelper4MSC.dll (357888) cppuhelper3MSC.dll (431616) bootstrap.uno.dll (453120) utlmi.dll (463872) tlmi.dll (493568) canvastoolsmi.dll (498688) xcrmi.dll (530944) stlport_vc7145.dll (597504) svlmi.dll (734208) drawinglayermi.dll (845824) fwemi.dll (852992) Upload speed - 112 KB/s Upload finished - 37 uploaded, 0 failed The uploaded file(s) were found clean. Scan finished - communication took 84 sec Total traffic - 9.24 MB sent, 3.13 KB recvd Scanned 1676 files and modules - 167 seconds ==============================================================================
	to forum · permalink · 2011-11-27 03:55:25 ·
LoPhatPhuud Premium,VIP,MVM join:2002-01-06 Albuquerque, NM kudos:23	reply to cjski The logs are clean. MBAM is the premiere program for removing the Rogue programs. What is the program name from the alerts?
	to forum · permalink · 2011-11-27 11:33:41 ·
cjski The Wheel Weaves As The Wheel Will join:2001-01-04 Sun City, CA	I can't remember exactly what it said, but it popped up looking like a real windows system (Defender, Essentials ?) program with a shield icon in the task bar, and acted like it was scanning my system. I didn't click on anything but the x in the right-hand corner to close it, but it still kept popping up, and wouldn't let me access Restore, or Task Mgr... Now everything is running normal, and I did start the ESET scan last night, but it's been 7.5 hours and it's only 43% done...no infected files found yet... What is the AV program that came with my computer? Defender? Security Essentials? Should I have this running on my machine? Because I don't think I ever turned it on. Win7 machine
	to forum · permalink · 2011-11-27 13:01:14 ·
LoPhatPhuud Premium,VIP,MVM join:2002-01-06 Albuquerque, NM kudos:23 Reviews: ·Comcast	reply to cjski I suspect you went to a website with a script to try and trick you into downloading a rogue program. Norton Internet Security is fine and there is no reason to turn on Windows Defender (comes with Windows). Windows Defender is an anti-malware program, not an AntiVirus. You only want AntiVirus program running. All that remains is cleanup. Instructions are in the next post. -- When angry count four; when very angry, swear. Microsoft MVP/Consumer Security 2005-2011 Gladiator Security Forum
	to forum · permalink · 2011-11-27 13:33:30 ·
LoPhatPhuud Premium,VIP,MVM join:2002-01-06 Albuquerque, NM kudos:23 Reviews: ·Comcast	reply to cjski Cleaning Up: Delete TFC: Delete the TFC icon on your Desktop Delete OTL: Double click the OTL icon on your Desktop Press the 'Cleanup' button Delete Security Check: Delete the SecurityCheck icon on your Desktop Delete Malware Bytes: We recommend that you keep MalwareBytes (MBAM) and run it every week. There is no charge to keep the program however the real time protection will stop after the trial period. Be sure to update the definitions before each use. If you decide not to keep MBAM, use Add/Remove Programs to uninstall it. Other Programs: If we asked you to install any other programs that are not removed by the OTL cleanup procedure, we will provide separate removal instructions. -- When angry count four; when very angry, swear. Microsoft MVP/Consumer Security 2005-2011 Gladiator Security Forum
	to forum · permalink · 2011-11-27 13:33:58 ·
cjski The Wheel Weaves As The Wheel Will join:2001-01-04 Sun City, CA	Just as an aside, the ESET scanner did finish, no problems found, no log generated that I could see. Thanks for the help, again, LoPhat.
	to forum · permalink · 2011-11-27 14:04:32 ·

Broadband Tech > Security > Security Cleanup > Fake 'windows protection' alerts