Solved Vista Laptop Problem Like Brother's Compaq Desktop

broni · 2010/10/06

I still need Extras.txt

tvjohns · 2010/10/06

Extras Log Part 1

OTL Extras logfile created on: 10/5/2010 4:27:42 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Timothy\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.29 Gb Total Space | 59.36 Gb Free Space | 42.62% Space Free | Partition Type: NTFS
Drive D: | 9.76 Gb Total Space | 3.29 Gb Free Space | 33.74% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 232.88 Gb Total Space | 11.74 Gb Free Space | 5.04% Space Free | Partition Type: NTFS
Drive G: | 1.87 Gb Total Space | 1.61 Gb Free Space | 85.99% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TIMOTHY-PC
Current User Name: Timothy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3777651122-2117734261-3338017706-1000]
"EnableNotificationsRef" = 3
"EnableNotifications" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3777651122-2117734261-3338017706-500]
"EnableNotificationsRef" = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3DF2CD1F-53E6-46DF-A88F-27D97DE77049}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0350E846-6F58-4CDA-8ECC-C895DAC6DA8F}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{05BB904D-4EE6-43E3-BFC1-44740108825A}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{1617A5A2-041B-471D-9D87-1D67E3188311}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{1CD06BDF-95C2-455D-AC30-C8C2528FDDCF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{2C0835E6-0ED5-46B4-A73D-8E550678AFC1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{2E6A399B-A3F3-4F8D-945C-4CE0CCB7789A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{4638499C-B9DE-4BA3-8075-463700B7C9C5}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{508F726D-8A2B-44DC-B07C-41007FBC2D2D}" = protocol=17 | dir=in | app=c:\program files\lexmark 5300 series\lxdkmon.exe |
"{5AA764D0-4C4E-4B3D-9938-F3A10CB71357}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{6529CB61-93BA-4CF3-BC5F-009734792653}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{6A95939C-4F0D-46C8-8DE8-4D975AE6368D}" = protocol=17 | dir=in | app=c:\program files\lexmark 5300 series\lxdkfax.exe |
"{7E4A3CC5-833E-40C4-A205-860A10DB2F19}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{8F4A4547-B6E0-42D7-9B86-96EFCC703A23}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdkpswx.exe |
"{A787B4DB-BDD5-4F38-8B8D-89647CD3EB77}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{A873D863-2315-431A-B473-EFF6E6DF7EEE}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdkpswx.exe |
"{ABAC2DD4-E5B7-4E70-B09B-1EE0C0C0F7BA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{AF9C51E5-31A4-46D0-A3EB-0F21AB8E65D9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{B1793B72-56CE-445F-86E8-83B099413CA3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{C02B3245-3360-4CC2-97BC-5404D12C4808}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{C6CB5C31-9123-4F29-B477-0041F4714769}" = protocol=6 | dir=in | app=c:\program files\lexmark 5300 series\lxdkmon.exe |
"{DE32A21C-F9F1-4BCE-AF8C-7C4322E9794C}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{DEEC1409-18EC-47B9-8D58-AC5D72A3B7BA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{E120BA6F-A176-4AAC-B7B9-EFEF07D0B286}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{F4E72491-AF1A-4AF4-83E3-6E702BBC0C76}" = dir=in | app=e:\setup\hpznui01.exe |
"{F5DC5189-2680-4392-AA45-1B00DBFA86D5}" = protocol=6 | dir=in | app=c:\program files\lexmark 5300 series\lxdkfax.exe |
"{FA1A15A4-555F-4171-BFB7-B5360D7B62C5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |

tvjohns · 2010/10/06

Extras Log Part 2

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{DCDAB2ED-5741-4C30-A1A4-0FCB8A529001}" = WordPerfect Office X4
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0002E558-0ECD-A936-10A5-1B729DA43556}" = CCC Help Swedish
"{01386D1F-ADE7-43B4-A4E9-312FC5BC726F}_is1" = SWF Opener
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{09DB429C-A7FD-A497-AB63-474312DA319A}" = CCC Help Hungarian
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{0EB2E325-0E93-E290-0050-2C7DD347F1C8}" = Catalyst Control Center Localization Swedish
"{0F3841EE-E95D-A803-BEAD-BCEF7599E9E4}" = Catalyst Control Center Localization Russian
"{1235083F-52F9-44CC-9DF5-F9B7802BB9B7}" = ISO Recorder
"{1949C64B-A7B5-DEBF-77E2-1BDB7F2680AF}" = CCC Help Turkish
"{1DF03ECE-6AF4-414E-B118-C316F151A9A2}" = Corel WordPerfect Office - iFilter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B2E56B-3890-BE26-3A74-B7826095AEF4}" = Catalyst Control Center Localization Polish
"{25E7798D-2B75-10A0-EBDD-6C190984F63E}" = Catalyst Control Center Localization French
"{27F0AAD2-0C7D-7C60-7B2B-03591B325373}" = Catalyst Control Center Localization Italian
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{322206DC-9408-F212-D620-A8FB2036B2FB}" = CCC Help German
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{360DF404-E2A5-C0FC-8408-F2205F8F93F0}" = Catalyst Control Center Localization Turkish
"{3935969C-E8AC-0352-CE71-1ABDA33934ED}" = Catalyst Control Center Localization Hungarian
"{39600969-41C3-4658-876E-16F108FC5C92}" = ISO Recorder
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4394DC3A-5DAC-4C80-A86E-FF462D0AD653}" = Windows 7 Upgrade Advisor Beta
"{44C05309-60F4-410B-BC32-31733CFF1A41}" = Microsoft Digital Image Starter Edition 2006 Editor
"{46CE3A3E-ADE9-0C32-88DF-9F591BC51418}" = Catalyst Control Center Localization Spanish
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4873CC58-69D8-490D-9E5C-001DC2EE2000}" = WordPerfect Lightning
"{4873CC58-69D8-490D-9E5C-001DC2EE2010}" = WordPerfect Lightning - Messages
"{4873CC58-69D8-490D-9E5C-001DC2EE2020}" = WordPerfect Lightning - IPM
"{4873CC58-69D8-490D-9E5C-001DC2EE2100}" = WordPerfect Lightning - EN
"{495BA862-D59D-4676-C759-57269564E61E}" = CCC Help Japanese
"{49879A92-C58E-1519-0173-33DBC905264B}" = Catalyst Control Center Localization Danish
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4DE0B33E-019A-CDBA-C2D1-C66F8598EF15}" = ccc-core-static
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4FE542EB-FF0B-4739-94DD-25C8AE0AB251}" = Microsoft Digital Image Starter Edition 2006 Library
"{51C16BD0-9FFD-C784-A00B-91033B395CCD}" = CCC Help Chinese Standard
"{547962FC-1693-51BD-AE67-4A5624F248D7}" = Catalyst Control Center Localization Portuguese
"{54C7CFA4-9DDD-40c7-A58F-AF0E7916848C}" = HPPhotoGadget
"{5A30E7D9-5931-2E3B-24A5-1C61A8A32BEA}" = CCC Help Chinese Traditional
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{63AD467C-DD3C-6F83-BEAA-3AECD0A9ADE1}" = CCC Help Spanish
"{64FB04DB-0D65-379A-25AF-2364DD4CC808}" = CCC Help Thai
"{658F96CA-2453-4BF0-092E-940DA7B17771}" = Catalyst Control Center Localization Korean
"{65A3266C-E2B2-0516-6BD9-9646848582B6}" = CCC Help Finnish
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6D8E9408-AD5B-949A-BDAB-5E4CFB87F2D7}" = ccc-utility
"{6E7913EF-6D6F-CC09-F938-F90529786DD9}" = Catalyst Control Center Localization Chinese Traditional
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7452472E-FC85-4AEB-8B67-24C63ECCF5C8}" = LeapFrog Leapster2 Plugin
"{759601D2-35EC-F152-9F50-83D340AB103F}" = CCC Help Italian
"{778C1AE0-219C-9B6F-CA78-DA141B923863}" = Catalyst Control Center Graphics Full New
"{78AC18A2-12A9-4102-B0B7-C7558182D212}" = C6300
"{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}" = LeapFrog Connect
"{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = Gateway Recovery Center Installer
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C4AB8A-532A-ED1A-E09A-F4AD42116482}" = Catalyst Control Center Graphics Full Existing
"{84F1DAC1-E1BF-4A21-9D2B-DD3E12686A2C}" = Read in Microsoft Reader Add-in for Microsoft Word
"{878C05F8-97C4-0F5E-0C3F-0E61E4B3D217}" = CCC Help Greek
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{88D18C5E-5113-4A1E-8EC9-2B7E24688A14}" = PS_AIO_04_C6300_Software_Min
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A9B0682-04CE-DBF8-BC78-CB22F05D8C66}" = CCC Help French
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{938DB600-40A0-B699-5B42-DC9D61AB7BB4}" = CCC Help Korean
"{9426CB58-993A-79FF-55F3-98848521EBC5}" = Catalyst Control Center Localization Finnish
"{9603DE6D-4567-4b78-B941-849322373DE2}" = SolutionCenter
"{97AE00A8-1336-410F-B467-1C6623127BD6}" = DesignPro 5.0 Limited Edition
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.2
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}" = HPProductAssistant
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A0971531-1B42-06E0-8ECC-8EE08C0459D0}" = CCC Help Norwegian
"{A133AB8B-A1F6-78E8-E328-45A76A0468AE}" = Catalyst Control Center Localization Thai
"{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}" = Microsoft Works 6.0
"{A3A60756-C33D-27DB-B02E-76429268C190}" = Catalyst Control Center Localization Greek
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A4E38E54-26D5-90C6-B90B-466F152018A7}" = CCC Help Portuguese
"{A70B3041-50D7-005A-4FF3-36E93F6AB694}" = Catalyst Control Center Core Implementation
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF6D6F8A-CAA7-8222-14BC-0B22DDFADF1E}" = Catalyst Control Center Localization Chinese Standard
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{BA8DF709-6BAB-4092-91E0-4D67EFC12A98}" = HP Photosmart C6300 All-In-One Driver Software 12.0 Rel .4
"{BAF474E1-48BA-398A-07BE-ABB3C990E78B}" = Catalyst Control Center Localization Czech
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{BDC83FD3-1A0F-46FB-8852-5E9A94294143}" = Serif PagePlus 8.0 PDF Edition
"{C3A439E4-7303-491F-A678-CEA36A87D517}" = Microsoft Works Suite Add-in for Microsoft Word
"{C553BA7A-425C-2714-4501-6B6CB5A6B827}" = CCC Help Czech
"{CAC37C33-B7E6-46F2-6417-CE35D9A67139}" = Skins
"{CBFF2367-B391-5C21-B52B-AA3865E4EC91}" = Catalyst Control Center Localization Japanese
"{CD97508D-5478-A687-9DBE-7CB9BF9D470B}" = CCC Help Russian
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE4E9BCD-0F71-581D-07B0-E1BF99D0369D}" = CCC Help English
"{CE706D4B-0F0D-E88D-6D3F-511E1F95EF98}" = Catalyst Control Center Graphics Light
"{D1B6D42E-5616-BD1B-5819-EC933F93FBB7}" = CCC Help Polish
"{D4BD3E17-1948-3F83-A0EC-1672C0A7A7F7}" = Catalyst Control Center Localization Norwegian
"{D7670CA7-6936-4578-ADD1-0FE2EE2CCD05}" = RLDS Scripture and Church History Set
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529000}" = WordPerfect Office X4
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529001}" = WordPerfect Office X4 - ICA
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529010}" = WordPerfect Office X4 - Common
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529011}" = WordPerfect Office X4 - WP
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529012}" = WordPerfect Office X4 - QP
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529013}" = WordPerfect Office X4 - PR
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529014}" = WordPerfect Office X4 - Content
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529016}" = WordPerfect Office X4 - Skins
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529017}" = WordPerfect Office X4 - Filters
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529018}" = WordPerfect Office X4 - Graphics
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529023}" = WordPerfect Office X4 - System
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529030}" = WordPerfect Office X4 - Migration Manager
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529040}" = WordPerfect Office X4 - IPM
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529041}" = WordPerfect Office X4 - IPM EN
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529050}" = WordPerfect Office X4 - PerfectExperts
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529100}" = WordPerfect Office X4 - EN
"{DF19E545-6D54-1C97-A2CB-E9999C60AC93}" = CCC Help Dutch
"{E425773B-79C4-598E-E898-A8162D9A262A}" = Catalyst Control Center Localization Dutch
"{EB4000D9-3766-971E-E337-89706683D7D2}" = CCC Help Danish
"{EC481AEA-EEA3-1AD7-76F3-4A97E875CC3E}" = Catalyst Control Center Localization German
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F648FD09-7CEA-4257-BC68-A8389189FD51}" = GPBaseService2
"{F691A1F5-2789-46CE-A45A-57763198D384}" = FxVisor
"{F6EE49FD-B736-4888-A05A-115F3B1160FA}" = WordPerfect Lightning - MSOM
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{FF515342-20EE-3F8B-D1FA-DD605BE90FAF}" = Catalyst Control Center Graphics Previews Vista
"7-Zip" = 7-Zip 4.57
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"ATI Uninstaller" = ATI Uninstaller
"avast5" = avast! Free Antivirus
"CCleaner" = CCleaner (remove only)
"CodeStuff Starter" = CodeStuff Starter
"CutePDF Writer Installation" = CutePDF Writer 2.7
"EPSON Printer and Utilities" = EPSON Printer Software
"FileZilla Client" = FileZilla Client 3.2.6.1
"Gateway Game Console" = Gateway Game Console
"Gear Flash Downloader_is1" = Gear Flash Downloader 1.0
"Google Desktop" = Google Desktop
"GPL Ghostscript 8.63" = GPL Ghostscript 8.63
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 12.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"Icon Restore_is1" = Icon Restore 1.0
"iFinger 2.0" = iFinger 2.0
"InstallShield_{97AE00A8-1336-410F-B467-1C6623127BD6}" = DesignPro 5.0 Limited Edition
"IrfanView" = IrfanView (remove only)
"KeyNote_is1" = KeyNote 1.6.5
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.3.0 Full
"Leapster2Plugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"Mozilla Thunderbird (3.1.4)" = Mozilla Thunderbird (3.1.4)
"PC Pitstop Optimize3_is1" = PC Pitstop Optimize3 3.0
"PictureItSuiteTrial_v12" = Microsoft Digital Image Starter Edition 2006
"QuicktimeAlt_is1" = QuickTime Alternative 3.2.2
"Rainlendar2" = Rainlendar2 (remove only)
"Recuva" = Recuva (remove only)
"RegEditX" = RegEditX
"Revo Uninstaller" = Revo Uninstaller 1.83
"ShadowExplorer_is1" = ShadowExplorer 0.4
"Shop for HP Supplies" = Shop for HP Supplies
"Stickies 6.0c" = Stickies 6.0c
"SumatraPDF" = SumatraPDF
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TaxACT 2008" = TaxACT 2008
"TaxACT 2008 Missouri" = TaxACT 2008 Missouri
"TaxACT 2009" = TaxACT 2009
"TaxACT 2009 Missouri" = TaxACT 2009 Missouri
"The Restored Scriptures_is1" = The Restored Scriptures
"UnInstall Icon Restore_is1" = UnInstall Icon Restore 1.0
"UPCShell" = LeapFrog Connect
"Winamp" = Winamp (remove only)
"Works2002Setup" = Microsoft Works 2002 Setup Launcher
"WT017706" = Blackhawk Striker 2
"WT017716" = Blasterball 3
"WT017776" = Diner Dash
"WT017796" = FATE
"WT017906" = Penguins!
"WT017926" = Polar Bowler
"WT017936" = Polar Golfer
"WT017976" = SCRABBLE
"WT018016" = Tradewinds

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/22/2010 5:02:29 PM | Computer Name = Timothy-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 9/22/2010 6:11:17 PM | Computer Name = Timothy-PC | Source = EventSystem | ID = 4609
Description =

Error - 9/22/2010 6:17:08 PM | Computer Name = Timothy-PC | Source = Perflib | ID = 1008
Description =

Error - 9/22/2010 6:17:09 PM | Computer Name = Timothy-PC | Source = PerfNet | ID = 2004
Description =

Error - 9/22/2010 6:17:09 PM | Computer Name = Timothy-PC | Source = PerfNet | ID = 2002
Description =

Error - 9/22/2010 9:09:35 PM | Computer Name = Timothy-PC | Source = PerfNet | ID = 2004
Description =

Error - 9/22/2010 9:09:35 PM | Computer Name = Timothy-PC | Source = PerfNet | ID = 2002
Description =

Error - 9/22/2010 11:51:22 PM | Computer Name = Timothy-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 9/22/2010 11:53:14 PM | Computer Name = Timothy-PC | Source = EventSystem | ID = 4621
Description =

Error - 9/23/2010 3:25:29 PM | Computer Name = Timothy-PC | Source = Winlogon | ID = 4102
Description = Windows license is invalid. Error 0xC004F012. Policy Value 0x00000000.

[ Media Center Events ]
Error - 9/13/2007 3:08:01 PM | Computer Name = Timothy-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 11/10/2007 12:58:39 AM | Computer Name = Timothy-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/9/2007 2:42:49 PM | Computer Name = Timothy-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/19/2007 1:08:01 AM | Computer Name = Timothy-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/25/2008 7:30:40 PM | Computer Name = Timothy-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/3/2008 1:06:37 AM | Computer Name = Timothy-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/8/2008 12:30:01 AM | Computer Name = Timothy-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 8/28/2008 11:16:05 AM | Computer Name = Timothy-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 4/30/2009 12:14:55 AM | Computer Name = Timothy-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/9/2009 12:53:04 PM | Computer Name = Timothy-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 10/2/2010 8:34:30 AM | Computer Name = Timothy-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 10/2/2010 9:49:18 AM | Computer Name = Timothy-PC | Source = DCOM | ID = 10010
Description =

Error - 10/2/2010 5:22:48 PM | Computer Name = Timothy-PC | Source = HTTP | ID = 15016
Description =

Error - 10/2/2010 5:23:42 PM | Computer Name = Timothy-PC | Source = Print | ID = 72
Description = Windows could not initialize printer Lexmark 5300 Series (Copy 2)
because the print processor Lexmark 5300 Series Print Processor could not be found.
Please obtain and install a new version of the driver from the manufacturer (if
available), or choose an alternate driver that works with this print device.

Error - 10/4/2010 11:26:01 PM | Computer Name = Timothy-PC | Source = HTTP | ID = 15016
Description =

Error - 10/4/2010 11:26:49 PM | Computer Name = Timothy-PC | Source = Print | ID = 72
Description = Windows could not initialize printer Lexmark 5300 Series (Copy 2)
because the print processor Lexmark 5300 Series Print Processor could not be found.
Please obtain and install a new version of the driver from the manufacturer (if
available), or choose an alternate driver that works with this print device.

Error - 10/4/2010 11:34:18 PM | Computer Name = Timothy-PC | Source = HTTP | ID = 15016
Description =

Error - 10/4/2010 11:35:01 PM | Computer Name = Timothy-PC | Source = Print | ID = 72
Description = Windows could not initialize printer Lexmark 5300 Series (Copy 2)
because the print processor Lexmark 5300 Series Print Processor could not be found.
Please obtain and install a new version of the driver from the manufacturer (if
available), or choose an alternate driver that works with this print device.

Error - 10/4/2010 11:45:47 PM | Computer Name = Timothy-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 10/4/2010 11:54:08 PM | Computer Name = Timothy-PC | Source = Service Control Manager | ID = 7030
Description =

< End of report >

broni · 2010/10/06

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

===============================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbar present
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
[2010/09/20 12:58:04 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/09/20 12:57:42 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2010/02/05 18:17:49 | 000,000,008 | RHS- | C] () -- C:\ProgramData\BEBBD2573B.sys


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

IMPORTANT! UN-check Remove found threats

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

tvjohns · 2010/10/07

OTL "Custom Scans/Fixes" LOG:

All processes killed
Error: Unable to interpret <Code:> in the current context!
Error: Unable to interpret <---------> in the current context!
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{10CECF4F-A96E-4803-8AC2-F565FB29FF47} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10CECF4F-A96E-4803-8AC2-F565FB29FF47}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Toolbar\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
Folder C:\Program Files\AVG\ not found.
Folder C:\ProgramData\avg9\ not found.
File/Folder C:\ProgramData\*.tmp not found.
File/Folder C:\ProgramData\*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
File C:\ProgramData\BEBBD2573B.sys not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Timothy
->Temp folder emptied: 16086395 bytes
->Temporary Internet Files folder emptied: 6813127 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 236374715 bytes
->Flash cache emptied: 898 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 111202 bytes
RecycleBin emptied: 1730936 bytes

Total Files Cleaned = 249.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Timothy
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.14.1 log created on 10072010_234810

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

broni · 2010/10/08

Good
Go on...

tvjohns · 2010/10/08

Checkup.txt

Results of screen317's Security Check version 0.99.5
Windows Vista Service Pack 1 (UAC is enabled)
Out of date service pack!!
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner (remove only)
Java(TM) 6 Update 21
Adobe Flash Player 10.1.53.64
Adobe Reader 8
Out of date Adobe Reader installed!
Mozilla Firefox (3.0.19) Firefox Out of Date!
Mozilla Thunderbird (3.1.4)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

broni · 2010/10/08

We'll need to install SP2, when Eset scan comes out clean!

Update your Firefox.

Update Adobe Reader

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
On this page:

make sure, you have both boxes UN-checked AND (important!) click on Decline button

tvjohns · 2010/10/08

ESETScan Log:

C:\DOWNLOADS\PCWORLD DOWNLOADS\2008.10.19 PC World Downloads\HackCleanerV. 2.1\HCSetup.exe probably a variant of Win32/Genetik trojan
C:\SAVE\# UTILITIES\CD-DVD BURNERS\INFRA RECORDER\InfraRecorder 0.44.1.exe a variant of Win32/Adware.MarketScore.A application
C:\SAVE\0 0 0 PCWORLD STUFF\2010-0325\BetterPaste.exe.zip probably a variant of Win32/Agent.LEFDLPD trojan
C:\SAVE\MOZBACKUPS\Thunderbird 2.0.0.14\Thunderbird 2.0.0.14 (en-US) - 2008-07-14.pcv Win32/Bagle.BI worm
C:\SAVE\Portable Games\Stressed_Out.exe probably a variant of Win32/Agent.GZODBMX trojan
C:\Users\Timothy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\2cc4dd90-52535d6d a variant of Java/TrojanDownloader.Agent.NAC trojan
C:\Users\Timothy\Documents\Downloads\The Vice Busting Diet Plans Weight Loss Made Easy.exe Win32/TrojanDownloader.VB.OFT trojan
C:\Users\Timothy\Saved Games\Shoot holes in Windows.exe probably a variant of Win32/Agent.GZODBMX trojan
C:\Users\Timothy\Saved Games\Stressed_Out.exe probably a variant of Win32/Agent.GZODBMX trojan

tvjohns · 2010/10/08

Update Adobe Reader? Why this? Does my ver. 8 show as infected? Or just not secure enought against malware?

Don't mind uninstalling Adobe reader as I seldom use it, although I probably would want newer version just in case as I do use many PDF files. You recommend a good version or just get whatever is newest?

As for foxitreader, I've never cared much for it, though I haven't seen latest version. I do however use another substitute for Adobe: PDF-XChange Viewer, which has some very flexible edit features I use quite frequently.

Should there be any problem with PDF-XChange Viewer?

broni · 2010/10/08

Don't mind uninstalling Adobe reader as I seldom use it, although I probably would want newer version just in case as I do use many PDF files. You recommend a good version or just get whatever is newest?
Click to expand...

You didn't read my reply carefully enough.
I provided a link to the newest Adobe Reader download.
Adobe Reader has to be kept up to date, due to its security issues.
PDF-XChange Viewer will be fine as well.

===============================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL

:Services

:Reg

:Files
C:\DOWNLOADS\PCWORLD DOWNLOADS\2008.10.19 PC World Downloads\HackCleanerV. 2.1\HCSetup.exe 
C:\SAVE\# UTILITIES\CD-DVD BURNERS\INFRA RECORDER\InfraRecorder 0.44.1.exe 
C:\SAVE\0 0 0 PCWORLD STUFF\2010-0325\BetterPaste.exe.zip 
C:\SAVE\MOZBACKUPS\Thunderbird 2.0.0.14\Thunderbird 2.0.0.14 (en-US) - 2008-07-14.pcv 
C:\SAVE\Portable Games\Stressed_Out.exe 
C:\Users\Timothy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\2cc4dd90-52535d6d 
C:\Users\Timothy\Documents\Downloads\The Vice Busting Diet Plans Weight Loss Made Easy.exe 
C:\Users\Timothy\Saved Games\Shoot holes in Windows.exe 
C:\Users\Timothy\Saved Games\Stressed_Out.exe

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current (including Service Pack 2)

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how is your computer doing.

tvjohns · 2010/10/09

"We'll create fresh, clean restore point, using following OTL script..." Here's the OTL log:

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Timothy
->Temp folder emptied: 37682 bytes
->Temporary Internet Files folder emptied: 5111058 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 75477523 bytes
->Flash cache emptied: 456 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1268083 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 78.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Timothy
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.14.1 log created on 10092010_230630

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

broni · 2010/10/09

Go on....

tvjohns · 2010/10/10

Still going: Have run OTL with Cleanup button; installed WOT; installed Secunia PSI; plan to run MalwareBytes and TFC per your recommendations, etc.

Thanks again for all your help and patience!

broni · 2010/10/10

Well done

Good luck and stay safe

Log in or Sign up

Solved Vista Laptop Problem Like Brother's Compaq Desktop

broni Moderator Malware Analyst

tvjohns Inactive Thread Starter

tvjohns Inactive Thread Starter

broni Moderator Malware Analyst

tvjohns Inactive Thread Starter

broni Moderator Malware Analyst

tvjohns Inactive Thread Starter

broni Moderator Malware Analyst

tvjohns Inactive Thread Starter

tvjohns Inactive Thread Starter

broni Moderator Malware Analyst

tvjohns Inactive Thread Starter

broni Moderator Malware Analyst

tvjohns Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Vista Laptop Problem Like Brother's Compaq Desktop

broni Moderator Malware Analyst

tvjohns Inactive Thread Starter

tvjohns Inactive Thread Starter

broni Moderator Malware Analyst

tvjohns Inactive Thread Starter

broni Moderator Malware Analyst

tvjohns Inactive Thread Starter

broni Moderator Malware Analyst

tvjohns Inactive Thread Starter

tvjohns Inactive Thread Starter

broni Moderator Malware Analyst

tvjohns Inactive Thread Starter

broni Moderator Malware Analyst

tvjohns Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches