virus & malware plus hijack this can't access hosts files [Sol
#1
Posted 30 May 2014 - 09:39 AM
Register to Remove
#2
Posted 01 June 2014 - 02:35 AM
Hello dlsmall03 and welcome to the WTT forum.
My name is Satchfan and I would be glad to help you with your computer problem.
Please read the following guidelines which will help to make cleaning your machine easier:
- please follow all instructions in the order posted
- please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
- all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
- if you don't understand something, please don't hesitate to ask for clarification before proceeding
- the fixes are specific to your problem and should only be used for this issue on this machine.
- please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!
IMPORTANT:
Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested
===================================================
Note: Please run these in the order given in the instructions.
===================================================
Download and run AdwCleaner
Download AdwCleaner from here and save it to your desktop.
- run AdwCleaner
- when it has finished, select Clean
- if it asks to reboot, allow the reboot
- on reboot a log will be produced; please attach the content of the log to your next reply.
===================================================
Download and run Junkware Removal Tool
Please download Junkware Removal Tool to your desktop.
- shut down your protection software now to avoid potential conflicts.
- run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
- the tool will open and start scanning your system
- please be patient as this can take a while to complete depending on your system's specifications
- on completion, a log (JRT.txt) is saved to your desktop and will automatically open
- post the contents of JRT.txt into your next message.
===================================================
Run OTL
- download OTL to your desktop.
- double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- click Scan all users.
- under Custom Scan paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
services.exe
/md5stop
%systemroot%\*. /rp /s
DRIVES
CREATERESTOREPOINT
- click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won’t take long.
- when the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
- you may need two posts to fit them both in.
Logs to include with next post:
AdwCleaner log
JRT.txt
OTL.txt
Extras.txt
Thanks
Satchfan
NINA - Proud graduate of the WTT Classroom
Member of UNITE
The help you receive here is free but if you feel I have helped, you may consider making a Donation.#3
Posted 01 June 2014 - 09:55 AM
adw cleaner log attached
Attached Files
#4
Posted 01 June 2014 - 10:13 AM
JRT text log attached
Attached Files
#5
Posted 01 June 2014 - 10:44 AM
extras and OTL log files attached
Attached Files
#6
Posted 01 June 2014 - 02:50 PM
Hi dlsmall03
Please do not attach any more logs, copy/paste them into the post.
I’d like you to run another couple of programs to check your computer further.
Run Security Check
Download Security Check by screen317 from here or here.
- save it to your Desktop.
- double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
- a Notepad document should open automatically called checkup.txt; please post the contents of that document.
===================================================
Run aswMBR
- download aswMBR.exe to your desktop.
- double click the aswMBR.exe to run it
- if asked, accept the AVAST virus definition download
- click the "Scan" button to start scan
- on completion of the scan click Save log, save it to your desktop and post in your next reply
Logs to include with next post:
checkup.txt
aswMBR log
Thanks
Satchfan
NINA - Proud graduate of the WTT Classroom
Member of UNITE
The help you receive here is free but if you feel I have helped, you may consider making a Donation.#7
Posted 02 June 2014 - 09:14 AM
tried to run Security Check; then tried to right click and run as Admin - both times I got this:
UNSUPPORTED OPERATING SYSTEM! ABORTED!
#8
Posted 02 June 2014 - 09:37 AM
here is aswmbr file - I can't tell if it was through scanning - hope so?
OTL Extras logfile created on: 6/1/2014 11:24:07 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Linda\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16866)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
5.75 Gb Total Physical Memory | 3.77 Gb Available Physical Memory | 65.54% Memory free
11.50 Gb Paging File | 9.23 Gb Available in Paging File | 80.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.76 Gb Total Space | 301.80 Gb Free Space | 66.80% Space Free | Partition Type: NTFS
Drive D: | 14.00 Gb Total Space | 1.63 Gb Free Space | 11.65% Space Free | Partition Type: NTFS
Drive E: | 575.56 Mb Total Space | 10.59 Mb Free Space | 1.84% Space Free | Partition Type: UDF
Drive L: | 960.52 Mb Total Space | 955.13 Mb Free Space | 99.44% Space Free | Partition Type: FAT
Computer Name: LINDA-DESKTOP | User Name: Linda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-2137610184-1958078488-3510251021-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{005A181C-2131-4C37-97C7-5314609C7C49}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0157D9E0-4545-4CD7-835D-2810CD1B4A13}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{14CC2554-525B-4123-A78A-06D89BEA4A71}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{14D5CDE3-7A08-414F-BE9B-A1874C586172}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2BDD89E6-168D-45EB-BECA-066112DB42B4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3BFC506D-3DE8-4154-A940-B1571F0E5AD8}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{8206003B-16C0-4D4E-92C2-9424DFB1F625}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8455260B-D92D-49B9-84DA-FF2C5671FB88}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8B6F91CB-BAE0-4F20-A712-9258035F1A3F}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service\intuitupdateservice.exe |
"{A3FDF84C-431C-4DE7-B29B-697C1F5276C0}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A4D29BB0-EFFE-49A4-9EAA-D3687CF06D7F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B0BE2068-AFD3-4B25-8823-4D1E53E1DFDC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CD48F014-02B8-4419-82FC-FD503065B7BE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D2495DA7-6590-4561-9300-E302F8F1FA0E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F1FEF395-A323-458E-8703-7EE1FBA4795F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FCB3B857-3AF7-4F74-B03A-9DFCBCE0BE41}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FE9D9BBC-33B1-47F9-B788-607D0022CC31}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service\intuitupdater.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07BFEBB9-73FA-40AD-AEB9-BFC7D28EFF3B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{09132999-3E97-4817-8B2C-F63964604589}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0A9FDFE4-F7AF-4749-9C4C-C26E2783CB55}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{0FAC7871-3599-48EB-8E60-5C9BDA086867}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{148FC6E9-6C12-4182-8120-D61B654C3891}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{21A831AC-3FFD-41B7-B331-5CEEB21C6C8B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{24DE55B2-B6C0-49A8-9434-336916A5FD90}" = protocol=6 | dir=in | app=c:\users\linda\appdata\roaming\dropbox\bin\dropbox.exe |
"{2730AEAC-8F46-4A53-A6AA-1D78A46BAC31}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{2A76D6FE-301F-4A02-9A75-78572214EB1B}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{2CB30D2C-7E1D-4969-BD63-3EB8ACD8B8A4}" = protocol=17 | dir=in | app=c:\users\linda\appdata\roaming\dropbox\bin\dropbox.exe |
"{2E8B0E6D-A583-43C6-A079-5594B472272B}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{2EBBB959-2AFE-4D3E-861C-0DB7EE69DBD3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{352852FF-A2A6-4895-A081-163DE5C63018}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{35B44717-076C-46F6-A327-B2E281F9A1DB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3B5C269B-55B4-461C-B9DF-6FC39080E110}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{40D2E30C-6C7B-43CF-A54D-49686A3F73B6}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{4A5BECEA-9834-4260-B389-EEB87F157CA4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5367FC46-F933-4DB4-BD49-E68B289CF810}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{59675D43-D457-49AD-A355-A67A199CF671}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{5BE7505A-8390-4A25-A08C-E7785EB74129}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{6392BFE1-0A75-48B1-B88E-15ED684C0D34}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{65E474F7-C1F4-4DB2-A10D-FE74F5D4E3CE}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6C08AE90-0C83-42D5-8A23-ACC8804482D9}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{709FD4B7-DF83-4C25-83FC-53D361660E33}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{72D35C6A-EC6E-4E74-B35B-C253E53BD935}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{76322927-B01F-4AE5-ABD1-0C31A03E09D5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8108DC27-478C-49E2-BC53-168462C8FEBD}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{850BF13B-A9B4-44AF-BD04-1B8B2D558702}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8BA712DA-3CB1-4F5B-858F-A026F53C9B9B}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{8CCC3AC8-C710-4AB9-AABF-0B4FDC553DE4}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8DBB1A54-7741-434F-A166-EF36229B5494}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{96A2DD12-17D4-4528-9257-42141BFD185F}" = protocol=6 | dir=out | app=system |
"{A451BB67-2AB2-4B4B-81E6-5FC738FE5CAB}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{B0520CEE-ECDC-4BC1-BB7C-235FF3ADFF76}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B6C5836B-2628-4F7F-BD7E-7EE2FC8EC7C8}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{BF83D4C9-C8B4-458E-9538-1A7072C0DB0E}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{C1B4417A-4870-4BFA-AF39-AC0F090F5885}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D096000F-29A9-4B8C-BF2F-30A9F241ED27}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DB1B6300-4EA6-4CA6-8DE6-547C6A357462}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{DF8BDFBF-63AE-486F-BDEE-FE796433E005}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E114335C-EB9E-45FA-B781-E107FDB90CEB}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{E1CBA32B-5FD4-4BD4-B19A-AA5A66D480A0}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{E81B333E-EDEB-4CC2-B425-52DEDA50FED4}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{EA2316B8-B552-4188-AB3A-7BEE8FB1044C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EC80985D-55CE-4060-B088-7AA2AE4B6BC3}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{ED6BFD6C-F7B2-48EC-B728-3A5A68A0F064}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{F61D2D9B-9278-410D-BC4D-1CCA13303068}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F697794B-5EB1-4BD7-ADC0-BFE2715CFB86}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{F918EBBA-4B8A-4C7D-8872-59A84BBC78E6}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{FA618217-2553-4E86-B1B5-6FC9935A91BD}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"TCP Query User{7A961A2E-71C5-4EE0-A23D-F908744EFCF9}C:\program files (x86)\microsoft broadband networking\msbnutil.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft broadband networking\msbnutil.exe |
"TCP Query User{8C34243F-1C27-4D8B-A330-6555451D45C2}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{8EC5A19D-59D3-49D0-9752-5BAD2FF52892}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{9EB5284F-A92A-43AF-9E1A-ED36986744B1}C:\program files (x86)\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"TCP Query User{D39F654D-8997-4049-8C51-1A62017D7EE6}C:\users\linda\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\linda\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{EFF76449-D917-4762-A174-E83F29165939}C:\program files (x86)\microsoft broadband networking\msbnutil.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft broadband networking\msbnutil.exe |
"TCP Query User{F5B0C0DD-10B2-49A1-B2CF-EA71C13925E8}C:\program files (x86)\microsoft broadband networking\msbncfg.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft broadband networking\msbncfg.exe |
"TCP Query User{F9351CFF-C295-419C-97CC-60E756E84D0E}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{140467C5-B546-4B44-8419-9D699A3C3F8C}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{22EC0444-D8F7-495F-9930-B3A7B55A0724}C:\users\linda\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\linda\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{4A4278A1-4549-4498-8C1D-37024490C881}C:\program files (x86)\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"UDP Query User{73F722CC-41B7-449D-9437-20919BD6A78A}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{AF7828FC-5541-4E15-9B06-05AFD5D2B192}C:\program files (x86)\microsoft broadband networking\msbnutil.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft broadband networking\msbnutil.exe |
"UDP Query User{CEE6165D-5AC5-4BC6-9B5C-E32F8376CB66}C:\program files (x86)\microsoft broadband networking\msbncfg.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft broadband networking\msbncfg.exe |
"UDP Query User{D0F2B5E4-4223-4BA6-8B8F-91B7FA22851F}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{E86A24C3-18B5-4E62-A004-B3CB0AFFC993}C:\program files (x86)\microsoft broadband networking\msbnutil.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft broadband networking\msbnutil.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{5A68A656-979F-4168-8795-E2E368AA4DC2}" = iTunes
"{5F240DB8-0D74-4F13-86C3-929760392A8D}" = HP Remote Software
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{787136D2-F0F8-4625-AA3F-72D7795AC842}" = Apple Mobile Device Support
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{81E20D41-C277-4526-934D-F2380AF91B78}" = iCloud
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}" = PaperPort Image Printer 64-bit
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BBA09DF4-4519-4BD0-B203-A58CACB92DFA}" = DisplayKEY USB Cradle
"{D2E8F543-D23A-4A38-AFFC-4BDEBFBA6FDA}" = HP MediaSmart SmartMenu
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"CutePDF Writer Installation" = CutePDF Writer 2.8
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor for Windows" = Hardware Diagnostic Tools
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{004B8D14-7E3A-490A-ABB3-753535E169E3}" = Brother MFL-Pro Suite MFC-8690DW
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{0295F89F-F698-4101-9A7D-49F407EC2D82}" = HP Active Support Library
"{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}" = Quicken 2013
"{03BF5CB1-B72E-4CA6-A278-F65680F05420}" = HP Picasso Media Center Add-In
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{0D2E80C8-0875-43EB-9623-47118E2DFBCA}" = Quicken 2007
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime
"{1CC069FA-1A86-402E-9787-3F04E652C67A}" = HP Support Information
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.5.2.3456
"{267F32DB-AB1D-4F05-AAD1-D70D40216F66}" = Capgemini Screen Saver
"{26A24AE4-039D-4CA4-87B4-2F83217055FF}" = Java 7 Update 55
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{35505AE1-27E2-4206-B3BF-58771803B8D0}" = IncrediMail
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{52E225FC-FCB4-41F7-837B-6E37FB05BD7B}" = Adobe AIR
"{5AE5DB70-5CE6-4876-A83E-8246CC36FC28}" = Microsoft Office PowerPoint 2007 Get Started Tab
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{638547C2-2ABA-46F4-AE28-85FF6E83CB54}" = Microsoft Broadband Networking
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{68B52EFD-86CC-486E-A8D0-A3A1554CB5BC}" = Microsoft Office Word 2007 Get Started Tab
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{784BEA84-FA66-4B19-BB80-7B545F248AC6}" = HP Total Care Setup
"{788A0222-5690-4212-AA9C-C48FD0E1C9AE}" = Photo Notifier and Animation Creator
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARD_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_STANDARD_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_STANDARD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_STANDARD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96165A0E-F058-4303-B701-A91C219E3967}" = TurboTax 2010 wtniper
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC89170-000B-457D-91F1-53691F85B223}" = Python 2.6.1
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A26F8BBD-EC10-4bdc-8AD8-F146825A8A63}_is1" = Wondershare Dr.Fone (iPhone 4)(Build 1.0.0.33)
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AB706D91-2242-4E1D-B4D0-1ED35387F5A7}" = Microsoft Office Excel 2007 Get Started Tab
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.10)
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B84739A3-F943-47E4-95D8-96381EF5AC48}" = HP Customer Experience Enhancements
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}" = RealDownloader
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
"{D9DAD0FF-495A-472B-9F10-BAE430A26682}" = Apple Application Support
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E3CD4EA8-68BB-46E8-9E79-20A417A82C53}" = MicrosoftOfficeLiveMeeting2007
"{E4257ACA-7D3B-4FBA-8A37-E1F4699E91C7}" = WOT Services
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 6.0
"ATT-PRT22" = ATT-PRT22
"Avast" = avast! Free Antivirus
"Carbonite Backup" = Carbonite
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"HP Remote Solution" = HP Remote Solution
"IncrediMail" = IncrediMail 2.5
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"outlookset" = Outlook Setup Tool
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"pywin32-py2.6" = Python 2.6 pywin32-212
"RealPlayer 16.0" = RealPlayer
"Registry Mechanic_is1" = PC Tools Registry Mechanic 11.1
"sp44626" = sp44626
"STANDARD" = Microsoft Office Standard 2007
"Switch" = Switch Sound File Converter
"TurboTax 2010" = TurboTax 2010
"WildTangent hp Master Uninstall" = HP Games
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Mail Advisor" = Yahoo! Mail Advisor
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
"YTdetect" = Yahoo! Detect
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2137610184-1958078488-3510251021-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"GoToMeeting" = GoToMeeting 5.1.0.880
========== Last 20 Event Log Errors ==========
[ OSession Events ]
Error - 9/13/2011 10:57:58 PM | Computer Name = Linda-desktop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.
Error - 9/13/2011 10:58:00 PM | Computer Name = Linda-desktop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.
Error - 9/13/2011 10:58:02 PM | Computer Name = Linda-desktop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.
Error - 9/13/2011 10:58:27 PM | Computer Name = Linda-desktop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.
Error - 9/13/2011 10:58:29 PM | Computer Name = Linda-desktop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.
Error - 9/13/2011 10:58:31 PM | Computer Name = Linda-desktop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.
Error - 9/13/2011 10:58:33 PM | Computer Name = Linda-desktop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.
Error - 9/13/2011 10:58:35 PM | Computer Name = Linda-desktop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.
Error - 9/13/2011 10:58:37 PM | Computer Name = Linda-desktop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.
Error - 9/13/2011 10:58:38 PM | Computer Name = Linda-desktop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 6/1/2014 12:12:53 PM | Computer Name = Linda-desktop | Source = DCOM | ID = 10016
Description =
< End of report >
#9
Posted 02 June 2014 - 09:47 AM
Results of screen317's Security Check version 0.99.83
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Out of date HijackThis installed!
HijackThis 2.0.2
Java 7 Update 55
Adobe Flash Player 13.0.0.214
Adobe Reader 10.1.10 Adobe Reader out of Date!
Google Chrome 34.0.1847.137
Google Chrome 35.0.1916.114
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
#10
Posted 02 June 2014 - 09:49 AM
finally got checkup to run and sent results in previous reply
Register to Remove
#11
Posted 02 June 2014 - 09:55 AM
Well done getting that to work.
The other log you sent was OTL.txt. I need aswMBR.txt.
NINA - Proud graduate of the WTT Classroom
Member of UNITE
The help you receive here is free but if you feel I have helped, you may consider making a Donation.#12
Posted 02 June 2014 - 10:03 AM
I just got a blue screen and buzzing noises and a STOP warning - saying computer problems detected - then my computer shut down and restarted
#13
Posted 02 June 2014 - 10:05 AM
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-06-02 10:15:40
-----------------------------
10:15:40.641 OS Version: Windows x64 6.1.7601 Service Pack 1
10:15:40.641 Number of processors: 2 586 0x203
10:15:40.641 ComputerName: LINDA-DESKTOP UserName: Linda
10:15:42.613 Initialize success
10:15:46.117 AVAST engine defs: 14060200
10:18:09.970 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005c
10:18:09.970 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 8
10:18:10.094 Disk 0 MBR read successfully
10:18:10.110 Disk 0 MBR scan
10:18:10.110 Disk 0 unknown MBR code
10:18:10.110 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 462606 MB offset 63
10:18:10.157 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 14331 MB offset 947417310
10:18:10.204 Disk 0 scanning C:\Windows\system32\drivers
10:18:23.651 Service scanning
10:18:44.515 Modules scanning
10:18:44.515 Disk 0 trace - called modules:
10:18:44.531
10:18:46.887 AVAST engine scan C:\Windows
10:18:55.950 AVAST engine scan C:\Windows\system32
10:24:14.494 AVAST engine scan C:\Windows\system32\drivers
10:24:48.080 AVAST engine scan C:\Users\Linda
10:26:31.586 Disk 0 MBR has been saved successfully to "C:\Users\Linda\Desktop\MBR.dat"
10:26:31.597 The log file has been saved successfully to "C:\Users\Linda\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-06-02 10:15:40
-----------------------------
10:15:40.641 OS Version: Windows x64 6.1.7601 Service Pack 1
10:15:40.641 Number of processors: 2 586 0x203
10:15:40.641 ComputerName: LINDA-DESKTOP UserName: Linda
10:15:42.613 Initialize success
10:15:46.117 AVAST engine defs: 14060200
10:18:09.970 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005c
10:18:09.970 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 8
10:18:10.094 Disk 0 MBR read successfully
10:18:10.110 Disk 0 MBR scan
10:18:10.110 Disk 0 unknown MBR code
10:18:10.110 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 462606 MB offset 63
10:18:10.157 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 14331 MB offset 947417310
10:18:10.204 Disk 0 scanning C:\Windows\system32\drivers
10:18:23.651 Service scanning
10:18:44.515 Modules scanning
10:18:44.515 Disk 0 trace - called modules:
10:18:44.531
10:18:46.887 AVAST engine scan C:\Windows
10:18:55.950 AVAST engine scan C:\Windows\system32
10:24:14.494 AVAST engine scan C:\Windows\system32\drivers
10:24:48.080 AVAST engine scan C:\Users\Linda
10:26:31.586 Disk 0 MBR has been saved successfully to "C:\Users\Linda\Desktop\MBR.dat"
10:26:31.597 The log file has been saved successfully to "C:\Users\Linda\Desktop\aswMBR.txt"
10:34:54.443 Disk 0 MBR has been saved successfully to "C:\Users\Linda\Desktop\MBR.dat"
10:34:54.450 The log file has been saved successfully to "C:\Users\Linda\Desktop\aswMBR.txt"
#14
Posted 02 June 2014 - 01:37 PM
Run OTL
- double click on the icon to run it.
- copy/paste ALL the following text written inside the code box into the Custom Scans/Fixes box located at the bottom of OTL
:Services :OTL IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {9360262E-D7C8-48A8-A9BA-8D7EB5ADD981} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{849D5AB5-A2C5-4305-8DD0-39561C60A85E}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{9360262E-D7C8-48A8-A9BA-8D7EB5ADD981}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF IE - HKLM\..\SearchScopes\{849D5AB5-A2C5-4305-8DD0-39561C60A85E}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd IE - HKU\S-1-5-21-2137610184-1958078488-3510251021-1000\..\SearchScopes,DefaultScope = {53EC1C0D-C715-4B76-BD57-8F257CF15924} IE - HKU\S-1-5-21-2137610184-1958078488-3510251021-1000\..\SearchScopes\{53EC1C0D-C715-4B76-BD57-8F257CF15924}: "URL" = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8 IE - HKU\S-1-5-21-2137610184-1958078488-3510251021-1000\..\SearchScopes\{9360262E-D7C8-48A8-A9BA-8D7EB5ADD981}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR&pc=HPDTDF IE - HKU\S-1-5-21-2137610184-1958078488-3510251021-1000\..\SearchScopes\{B78AE30B-B90A-457B-BD12-33A4760B9BC5}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} FF - HKLM\Software\MozillaPlugins\@ei.CouponAlert_2p.com/Plugin: C:\Program Files (x86)\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll File not found O4 - HKLM..\Run: [] File not found O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: CabBuilder http://www.imgag.com/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.) [2013/09/23 12:55:32 | 000,000,036 | -H-- | C] () -- C:\Windows\SysWow64\f9t.dat Files ipconfig /flushdns /c :Commands [purity] [emptytemp] [Reboot]
- click the Run Fix button at the top
- let the program run unhindered, reboot when it is done
- please post the OTL fix log and new OTL log.
Logs to include in the next post:
OTL fix log
New OTL log
Can you tell me how your computer is running and what remaining problems are.
Satchfan
NINA - Proud graduate of the WTT Classroom
Member of UNITE
The help you receive here is free but if you feel I have helped, you may consider making a Donation.#15
Posted 02 June 2014 - 03:27 PM
did OTL but my user sign on disappeared, leaving only the other administrator; I couldn't get my user back and lost everything.
I then restored system back to yesterday before otl was installed. got my user ID back and got
error oxc0000022
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users