Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Computer Crashes Intermittently

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Computer Crashes Intermittently

Unread postby grimwraith1 » July 9th, 2012, 10:29 pm

My computer runs fine, for a time. Then it will unexpectedly and randomly blue screen, perform a crash dump, and then restart. It's and E-Machine with Windows Vista 32-bit. Please help us resolve this issue, we are not sure what causes it, we do not know how to fix it. If any additional actions or information are required I will be glad to provide or perform.
PLEASE HELP


DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Janice at 22:23:37 on 2012-07-09
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.894.104 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\lxcgcoms.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Users\Janice\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uWindow Title = Internet Explorer, optimized for Bing and MSN
mStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=127.0.0.1:49859
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - Google Dictionary Compression sdch
BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - c:\programdata\wecarereminder\IEHelperv2.5.0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Facebook Update] "c:\users\janice\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11e_ActiveX.exe -update activex
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [D-Link Wireless G WDA-1320] c:\program files\d-link\wireless g wda-1320\AirGCFG.exe
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE}
IE: {85d1f590-48f4-11d9-9669-0800200c9a66}
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\windows\system32\wpclsp.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 74.128.19.102 74.128.17.114
TCP: Interfaces\{887D6F20-DA9C-4FC8-AF45-DFE9F1322BE7} : DhcpNameServer = 74.128.19.102 74.128.17.114
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\janice\appdata\roaming\mozilla\firefox\profiles\ynluekkg.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 49859
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\npjpi160_31.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\janice\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: XULRunner: {E4CE94FD-F1B4-426F-B753-8B0B5969295B} - c:\users\janice\appdata\local\{E4CE94FD-F1B4-426F-B753-8B0B5969295B}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: ASPCA App By We-Care.com: wecarereminder@bryan - %profile%\extensions\wecarereminder@bryan
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-3-27 36000]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2007-10-23 20352]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-8-5 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-8-5 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-12-9 116608]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-3-27 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-3-27 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-3-27 83392]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-4-30 21504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3ABv.sys [2007-10-23 738304]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\d-link\wireless g wda-1320\jswutilvst\jswpsapi.exe [2007-10-23 942080]
S3 netr73;Linksys Compact Wireless-G USB Adapter Driver for Vista;c:\windows\system32\drivers\netr73.sys [2006-12-29 247808]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-8-5 12872]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335; [x]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-11-29 136176]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-11-29 136176]
S4 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2012-1-23 92592]
.
=============== Created Last 30 ================
.
2012-07-09 15:45:08 6762896 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{434c88d5-8ab8-4712-b015-23417c9dcdaa}\mpengine.dll
2012-07-08 06:41:23 6762896 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-07-03 21:20:47 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{e87c9a57-e59f-401a-9dba-d346118e7860}\gapaengine.dll
2012-07-01 23:14:03 -------- d-----w- c:\users\janice\appdata\local\Facebook
2012-06-21 15:41:14 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 15:40:50 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 15:40:33 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 15:40:29 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-13 17:57:08 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 17:57:07 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 17:57:04 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 17:57:03 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 17:57:03 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-12 16:59:41 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2012-06-12 16:49:56 -------- d-----w- c:\program files\Registry Easy
.
==================== Find3M ====================
.
2012-05-18 10:59:48 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-19 00:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 00:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
============= FINISH: 22:25:49.45 ===============




DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 5/11/2007 9:47:22 AM
System Uptime: 7/9/2012 10:12:45 PM (0 hours ago)
.
Motherboard: ELITEGROUP | | MCP61PM-AM
Processor: AMD Athlon(tm) 64 Processor 3800+ | Socket AM2 | 2400/201mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 139 GiB total, 73.657 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 4.553 GiB free.
E: is CDROM (UDF)
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
7 Wonders II (remove only)
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 8.3.1
Adobe Shockwave Player 11
Agere Systems PCI-SV92PP Soft Modem
ANIWZCS2 Service
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASPCA Reminder by We-Care.com v5.0.5.1
Avira Free Antivirus
BigFix
Bonjour
BufferChm
D1600
D3DX10
Digital Media Reader
DivX Content Uploader
DivX Converter
DJ_SF_06_D1600_SW_Min
eMachines Connect
eMachines Game Console
eMachines Recovery Center Installer
Eusing Free Registry Cleaner
Facebook Video Calling 1.2.0.159
Family Feud 2
Galaxy of Games 201
Google Chrome
Google Desktop
Google Update Helper
Google Video Player
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Deskjet D1600 Printer Driver 14.0 Rel. 6
HPPhotoGadget
hpWLPGInstaller
iTunes
Java Auto Updater
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 31
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6 Update 1
L&H TTS3000 British English
LSI PCI-SV92PP Soft Modem
Malwarebytes' Anti-Malware version 1.51.2.1300
Marvell Miniport Driver
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Starter Edition 2006
Microsoft Digital Image Starter Edition 2006 Editor
Microsoft Digital Image Starter Edition 2006 Library
Microsoft Money 2006
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Mozilla Firefox (3.6.18)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Drivers
OGA Notifier 2.0.0048.0
OLYMPUS CAMEDIA Master 4.0
OpenMG Secure Module 4.7.00
Paint.NET v3.08
Penguins!
Polar Bowler
Polar Golfer
Power2Go 5.0
QuickTime
Real Alternative 1.52
Realtek High Definition Audio Driver
Registry Easy v5.6
SCRABBLE
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Segoe UI
SUPERAntiSpyware Free Edition
System Requirements Lab
TomTom HOME 2.8.3.2499
TomTom HOME Visual Studio Merge Modules
Toolbox
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Veetle TV
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Wireless G WDA-1320
XviD & MP3 Codec Pack (remove only)
XviD MPEG-4 Video Codec
Yahoo! Messenger
.
==== End Of File ===========================
grimwraith1
Active Member
 
Posts: 12
Joined: July 9th, 2012, 9:45 pm
Advertisement
Register to Remove

Re: Computer Crashes Intermittently

Unread postby askey127 » July 10th, 2012, 8:09 am

Hi grimwraith1,
When this happens, it is most frequently caused by one of these:
  • intermittent failure of the graphics card
  • Defective hard drive with one or more bad sectors
  • Defective RAM card
  • Intermittent failure in Power Supply
Less Likely:
  • Intermittent failure of motherboard
  • A fan in the box that is stopping or slowing down
  • blocked Air vent for one of the fans.
Let's check for the Hard drive first, then see the Event log from OTL's Extras.txt file for clues.
-----------------------------------------
Check hard Drive for Errors
Open Notepad... then copy and paste the following line into Notepad:
(Notepad is in Start, Programs, Accessories)
Code: Select all
cmd  /c  chkdsk  c:  |find  /v  "percent"  >> "%userprofile%\desktop\checkhd.txt"

Now Save the NotePad file like this:
  • Click on File from the top menu bar.
  • Select Save As, use Filename: testhd.bat and Save As Type: All Files.
  • Choose Desktop as the location
  • Click Save.
Right click on testhd.bat on your desktop and select Run As Administrator to run it. OK the UAC.
A Command Prompt box will pop up, then close after a couple minutes.
Please post the contents of the checkhd.txt file from your desktop.
If the file is very long, just copy and paste the LAST 20 or 30 lines into your reply.
---------------------------------------------
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
---------------------------------------------
Run a Scan with OTL
  • For Vista or Win7, right click the icon and choose "Run as administrator".
  • Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so.
    When the scan starts, OTL may appear to be frozen while it runs. Please be patient.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
The Extras.txt file will only appear as a running Notepad document the very first time you run OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Computer Crashes Intermittently

Unread postby grimwraith1 » July 10th, 2012, 5:18 pm

The type of the file system is NTFS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
1657 large file records processed.

0 bad file records processed.

0 EA records processed.

44 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
Index verification completed.
0 unindexed files processed.

CHKDSK is verifying security descriptors (stage 3 of 3)...
Security descriptor verification completed.
27498 data files processed.

CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Windows has checked the file system and found no problems.

145984182 KB total disk space.
69281616 KB in 153382 files.
90164 KB in 27499 indexes.
0 KB in bad sectors.
368554 KB in use by the system.
65536 KB occupied by the log file.
76243848 KB available on disk.

4096 bytes in each allocation unit.
36496045 total allocation units on disk.
19060962 allocation units available on disk.
Unable to obtain a handle to the event log.
grimwraith1
Active Member
 
Posts: 12
Joined: July 9th, 2012, 9:45 pm

Re: Computer Crashes Intermittently

Unread postby grimwraith1 » July 11th, 2012, 6:48 am

otl wont open/save logs. an error keeps occurring.
grimwraith1
Active Member
 
Posts: 12
Joined: July 9th, 2012, 9:45 pm

Re: Computer Crashes Intermittently

Unread postby askey127 » July 11th, 2012, 8:24 am

grimwraith1,
You have more than one antivirus installed.
That will cause all kinds of trouble.
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

Avira Free Antivirus
Adobe Reader 8.3.1
Registry Easy v5.6
Java Auto Updater
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 31
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6 Update 1

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
------------------------------------------------------------
Download and Install the latest version of Java Runtime Environment from here : http://www.oracle.com/technetwork/java/javase/downloads/index.html, and install it to your computer.
Under Java Platform, Standard Edition, labeled Java SE 7u5, click on the button labeled Download JRE. Do NOT choose the button labeled "Download JDK". If it won't allow you to get past the "Agree to the license" dialog, you will need to set your browser to temporarily allow scripts.
Check the button to agree to the license.
Select the link for your Platform Windows x86 offline for 32-bit, and click it.
Download it, choose Save, and save it to your desktop.
Then doubleclick it on your desktop, and it will install the newest version of Java for you to use.

During installation, be certain to Uncheck and Refuse any offer for "partner software" or toolbars.
When it finishes, you can remove the Installer from your desktop.
--------------------------------------------------------
Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
All versions numbered lower than 10.1 are vulnerable.
Go HERE to download AdbeRdr1013_en_US.exe
Save the file to your desktop and run it to install the latest version of Adobe Reader.
After the new Reader is installed, Open Adobe Reader X, as it is called, and OK the license.
Click on Edit and select Preferences.
On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
Click on the Security (Enhanced) category and Uncheck Automatically trust sites from my Win OS security zones.
Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
Click the OK button
When it finishes, you can remove the Installer from your desktop.
--------------------------------------------------------
Now see whether you can run the OTL scan and post the two logs, per the previous instructions.
Let me know how it goes.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Computer Crashes Intermittently

Unread postby grimwraith1 » July 12th, 2012, 10:12 am

It is still notifying me that "list index is out of bounds (21)" it always stops on Application Event Log Record 16684
I have attached a picture of the settings I am using with the program. Safelist was default for all settings. I click "Run Scan" each time the TOP LEFT BLUE BUTTON. Just trying to make sure all settings are correct. Also, uninstalled all listed programs, installed Java and ARX as per instructions and changed preferences, as per instructions.
EDIT: I found OTL.Txt but there is NO Extras.Txt
otl.jpg
You do not have the required permissions to view the files attached to this post.
Last edited by grimwraith1 on July 12th, 2012, 10:21 am, edited 1 time in total.
grimwraith1
Active Member
 
Posts: 12
Joined: July 9th, 2012, 9:45 pm

Re: Computer Crashes Intermittently

Unread postby grimwraith1 » July 12th, 2012, 10:15 am

OTL logfile created on: 7/12/2012 9:57:20 AM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Janice\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.76 Mb Total Physical Memory | 186.61 Mb Available Physical Memory | 20.88% Memory free
2.00 Gb Paging File | 1.16 Gb Available in Paging File | 58.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.22 Gb Total Space | 75.38 Gb Free Space | 54.15% Space Free | Partition Type: NTFS
Drive D: | 9.83 Gb Total Space | 4.55 Gb Free Space | 46.33% Space Free | Partition Type: NTFS
Drive E: | 1.33 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: JANICE-PC | User Name: Janice | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/10 17:18:58 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Janice\Desktop\OTL.exe
PRC - [2012/07/10 00:09:02 | 001,250,328 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/12/01 08:57:06 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/09/26 19:24:42 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2007/08/29 15:16:04 | 001,662,976 | ---- | M] (D-Link) -- C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe
PRC - [2007/05/11 20:49:29 | 000,065,536 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2007/04/29 22:54:44 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxcgcoms.exe
PRC - [2007/01/19 11:49:04 | 000,049,152 | ---- | M] (Wireless Service) -- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
PRC - [2007/01/18 02:46:56 | 004,349,952 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/11 06:40:29 | 004,051,456 | ---- | M] () -- C:\Users\Janice\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.3\libglesv2.dll
MOD - [2012/07/11 06:40:29 | 000,100,864 | ---- | M] () -- C:\Users\Janice\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.3\libegl.dll
MOD - [2012/07/10 00:09:00 | 000,438,296 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.57\ppgooglenaclpluginchrome.dll
MOD - [2012/07/10 00:08:59 | 003,972,120 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.57\pdf.dll
MOD - [2012/07/10 00:07:22 | 000,140,328 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.57\avutil-51.dll
MOD - [2012/07/10 00:07:21 | 000,262,184 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.57\avformat-54.dll
MOD - [2012/07/10 00:07:19 | 002,386,984 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.57\avcodec-54.dll
MOD - [2012/07/09 22:17:27 | 009,255,112 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
MOD - [2007/08/20 17:41:12 | 000,233,472 | ---- | M] () -- C:\Windows\System32\WlanApp.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (GoogleDesktopManager-051210-111108)
SRV - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/01/23 00:43:08 | 000,092,592 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011/12/01 08:57:06 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2008/05/05 18:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/26 19:24:42 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/08/02 12:06:10 | 000,942,080 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\D-Link\Wireless G WDA-1320\JSWUtilVst\jswpsapi.exe -- (jswpsapi)
SRV - [2007/05/11 20:49:29 | 000,065,536 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2007/04/29 22:54:44 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxcgcoms.exe -- (lxcg_device)
SRV - [2006/12/14 03:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 03:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 02:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{434C88D5-8AB8-4712-B015-23417C9DCDAA}\MpKsl98838fb5.sys -- (MpKsl98838fb5)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/12/01 08:56:58 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/12/01 08:56:58 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/12/09 18:14:43 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/09/05 15:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/08/13 16:07:12 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/06/20 01:04:00 | 007,468,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/01/26 03:02:02 | 000,140,832 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/10/12 03:00:44 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/10/12 02:56:22 | 000,490,776 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2007/07/27 12:06:08 | 000,020,352 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2007/06/30 04:10:54 | 000,738,304 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\A3ABv.sys -- (A3AB) D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB)
DRV - [2007/06/20 04:00:00 | 000,009,200 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/04/10 17:46:48 | 001,966,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX3000.sys -- (VX3000)
DRV - [2006/12/29 04:49:00 | 000,247,808 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2006/11/02 03:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel(R)
DRV - [2006/11/02 03:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/05/26 10:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [1999/09/10 12:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {13031016-55FD-48D7-B7FB-42FD5E105756}
IE - HKLM\..\SearchScopes\{13031016-55FD-48D7-B7FB-42FD5E105756}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-995996556-1816073739-136882781-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP
IE - HKU\S-1-5-21-995996556-1816073739-136882781-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-995996556-1816073739-136882781-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-995996556-1816073739-136882781-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-995996556-1816073739-136882781-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-995996556-1816073739-136882781-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-995996556-1816073739-136882781-1000\..\SearchScopes,DefaultScope = {C31896FF-86BC-48C4-99F1-EC64557B8F05}
IE - HKU\S-1-5-21-995996556-1816073739-136882781-1000\..\SearchScopes\{18C28D72-DF12-4AF1-BEF3-C1D8C50CA61B}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GWYE_en
IE - HKU\S-1-5-21-995996556-1816073739-136882781-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=xNa95aAK ... smOmKWo?q={searchTerms}
IE - HKU\S-1-5-21-995996556-1816073739-136882781-1000\..\SearchScopes\{C31896FF-86BC-48C4-99F1-EC64557B8F05}: "URL" = http://www.bing.com/search?q={searchTerms}&form=BIE9MI&pc=BIE9&src=IE-SearchBox
IE - HKU\S-1-5-21-995996556-1816073739-136882781-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}
IE - HKU\S-1-5-21-995996556-1816073739-136882781-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-995996556-1816073739-136882781-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKU\S-1-5-21-995996556-1816073739-136882781-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49859

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {E4CE94FD-F1B4-426F-B753-8B0B5969295B}:1.9.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: wecarereminder@bryan:5.0.8.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 49859
FF - prefs.js..network.proxy.no_proxies_on: "localho,t,127.0.0.1,*.local"
FF - prefs.js..network.proxy.type: 1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Janice\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/10 21:33:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/12 09:19:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{E4CE94FD-F1B4-426F-B753-8B0B5969295B}: C:\Users\Janice\AppData\Local\{E4CE94FD-F1B4-426F-B753-8B0B5969295B} [2010/11/29 21:13:16 | 000,000,000 | ---D | M]

[2010/12/12 21:22:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Janice\AppData\Roaming\mozilla\Extensions
[2010/07/04 08:22:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Janice\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2010/06/04 04:51:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Janice\AppData\Roaming\mozilla\Extensions\IMVUClientXUL@imvu.com
[2009/02/01 23:44:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Janice\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2012/03/17 08:36:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Janice\AppData\Roaming\mozilla\Firefox\Profiles\ynluekkg.default\extensions
[2011/01/02 19:16:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Janice\AppData\Roaming\mozilla\Firefox\Profiles\ynluekkg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/02 19:12:45 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Janice\AppData\Roaming\mozilla\Firefox\Profiles\ynluekkg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/12/26 12:04:10 | 000,000,000 | ---D | M] (ASPCA App By We-Care.com) -- C:\Users\Janice\AppData\Roaming\mozilla\Firefox\Profiles\ynluekkg.default\extensions\wecarereminder@bryan
[2012/07/11 22:53:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/04 16:14:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2010/11/29 21:13:16 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\JANICE\APPDATA\LOCAL\{E4CE94FD-F1B4-426F-B753-8B0B5969295B}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Janice\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Janice\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\Janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google Search = C:\Users\Janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: We-Care Reminder Lite = C:\Users\Janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.12_0\
CHR - Extension: Gmail = C:\Users\Janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - Reg Error: Value error. File not found
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [D-Link Wireless G WDA-1320] C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe (D-Link)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-995996556-1816073739-136882781-1000..\Run: [Facebook Update] C:\Users\Janice\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-995996556-1816073739-136882781-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-995996556-1816073739-136882781-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-995996556-1816073739-136882781-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-995996556-1816073739-136882781-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-995996556-1816073739-136882781-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-995996556-1816073739-136882781-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 74.128.19.102 74.128.17.114
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{887D6F20-DA9C-4FC8-AF45-DFE9F1322BE7}: DhcpNameServer = 74.128.19.102 74.128.17.114
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - Reg Error: Value error. File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-995996556-1816073739-136882781-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img4.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img4.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 05:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{1cd8a37d-d0e4-11dc-a795-001bb95aac84}\Shell\Auto\command - "" = upsetup.exe
O33 - MountPoints2\{1cd8a37d-d0e4-11dc-a795-001bb95aac84}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL upsetup.exe
O33 - MountPoints2\{1cd8a380-d0e4-11dc-a795-001bb95aac84}\Shell - "" = AutoRun
O33 - MountPoints2\{1cd8a380-d0e4-11dc-a795-001bb95aac84}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{2391f78b-4151-11dc-b341-001bb95aac84}\Shell\AutoRun\command - "" = J:\setupSNK.exe
O33 - MountPoints2\{2c6929e4-ce9e-11df-94e5-001bb95aac84}\Shell\AutoRun\command - "" = J:\rcaeasyrip_setup.exe
O33 - MountPoints2\{2c6929e4-ce9e-11df-94e5-001bb95aac84}\Shell\install\command - "" = J:\rcaeasyrip_setup.exe
O33 - MountPoints2\{2c6929e4-ce9e-11df-94e5-001bb95aac84}\Shell\usermanualEnglish\command - "" = J:\rcaeasyrip_setup.exe /pdf_English
O33 - MountPoints2\{2c6929e4-ce9e-11df-94e5-001bb95aac84}\Shell\usermanualFrench\command - "" = J:\rcaeasyrip_setup.exe /pdf_French
O33 - MountPoints2\{2c6929e4-ce9e-11df-94e5-001bb95aac84}\Shell\usermanualSpanish\command - "" = J:\rcaeasyrip_setup.exe /pdf_Spanish
O33 - MountPoints2\{7125c8be-7108-11e1-af79-001bb95aac84}\Shell - "" = AutoRun
O33 - MountPoints2\{7125c8be-7108-11e1-af79-001bb95aac84}\Shell\AutoRun\command - "" = J:\SETUP.EXE
O33 - MountPoints2\{7125c8be-7108-11e1-af79-001bb95aac84}\Shell\configure\command - "" = J:\SETUP.EXE
O33 - MountPoints2\{7125c8be-7108-11e1-af79-001bb95aac84}\Shell\install\command - "" = J:\SETUP.EXE
O33 - MountPoints2\{bb605673-83a0-11de-be40-001bb95aac84}\Shell - "" = AutoRun
O33 - MountPoints2\{bb605673-83a0-11de-be40-001bb95aac84}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{e8b72893-c98b-11de-8644-001bb95aac84}\Shell\Auto\command - "" = J:\upsetup.exe
O33 - MountPoints2\{e8b72893-c98b-11de-8644-001bb95aac84}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\upsetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/12 09:18:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/07/12 09:18:28 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/07/12 09:13:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/07/12 09:13:05 | 000,772,592 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/07/12 09:13:05 | 000,227,824 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/07/12 09:12:41 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/07/12 09:12:41 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/07/11 03:28:27 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/07/11 03:13:41 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/07/11 03:13:39 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/07/11 03:13:38 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/07/11 03:13:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/07/11 03:13:36 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/07/11 03:13:36 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/07/11 03:13:35 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/07/11 00:06:34 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012/07/10 17:18:47 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Janice\Desktop\OTL.exe
[2012/07/01 19:14:03 | 000,000,000 | ---D | C] -- C:\Users\Janice\AppData\Local\Facebook
[2012/06/21 11:41:15 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/21 11:41:14 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/21 11:40:50 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/21 11:40:50 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/21 11:40:49 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/21 11:40:33 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/21 11:40:29 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/06/12 12:59:53 | 000,000,000 | ---D | C] -- C:\Users\Janice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner
[2012/06/12 12:59:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner
[2012/06/12 12:59:41 | 000,000,000 | ---D | C] -- C:\Program Files\Eusing Free Registry Cleaner
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/12 10:08:00 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{32192C83-9E33-48DD-BAA9-C9C1AF567DDE}.job
[2012/07/12 10:07:05 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-995996556-1816073739-136882781-1000UA.job
[2012/07/12 09:53:31 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/12 09:53:31 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/12 09:52:41 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/12 09:50:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/12 09:20:09 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/12 09:19:28 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/07/12 09:12:06 | 000,227,824 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/07/12 09:12:05 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/07/12 09:12:05 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/07/12 09:12:04 | 000,772,592 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/07/12 09:12:03 | 000,687,600 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012/07/11 21:17:02 | 149,679,041 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/07/11 19:07:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-995996556-1816073739-136882781-1000Core.job
[2012/07/11 16:26:10 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/07/11 03:49:13 | 000,331,552 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/10 17:18:58 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Janice\Desktop\OTL.exe
[2012/07/10 17:13:42 | 000,000,081 | ---- | M] () -- C:\Users\Janice\Desktop\testhd.bat
[2012/07/04 10:21:30 | 000,060,495 | ---- | M] () -- C:\Users\Janice\Documents\Federal and Kentucky Court Systems Handout.pdf
[2012/06/22 20:15:43 | 000,057,793 | ---- | M] () -- C:\Users\Janice\Desktop\patti.jpg
[2012/06/22 17:13:09 | 000,060,942 | ---- | M] () -- C:\Users\Janice\Desktop\nolandad.jpg
[2012/06/21 20:26:26 | 000,027,434 | ---- | M] () -- C:\Users\Janice\Desktop\nolan.jpg
[2012/06/14 07:07:43 | 000,606,364 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/14 07:07:43 | 000,104,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/13 09:40:21 | 002,047,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/06/12 12:59:53 | 000,000,862 | ---- | M] () -- C:\Users\Janice\Desktop\Eusing Free Registry Cleaner.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/12 09:19:28 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/07/12 09:19:27 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/07/11 19:02:14 | 000,000,932 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-995996556-1816073739-136882781-1000UA.job
[2012/07/10 17:13:42 | 000,000,081 | ---- | C] () -- C:\Users\Janice\Desktop\testhd.bat
[2012/07/04 10:21:45 | 000,060,495 | ---- | C] () -- C:\Users\Janice\Documents\Federal and Kentucky Court Systems Handout.pdf
[2012/07/01 19:14:06 | 000,000,910 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-995996556-1816073739-136882781-1000Core.job
[2012/06/22 20:15:58 | 000,057,793 | ---- | C] () -- C:\Users\Janice\Desktop\patti.jpg
[2012/06/22 17:13:26 | 000,060,942 | ---- | C] () -- C:\Users\Janice\Desktop\nolandad.jpg
[2012/06/21 20:26:35 | 000,027,434 | ---- | C] () -- C:\Users\Janice\Desktop\nolan.jpg
[2012/06/12 12:59:53 | 000,000,862 | ---- | C] () -- C:\Users\Janice\Desktop\Eusing Free Registry Cleaner.lnk
[2011/12/08 13:44:09 | 000,158,533 | ---- | C] () -- C:\Windows\hphins33.dat.temp
[2011/06/15 21:02:29 | 000,136,536 | ---- | C] () -- C:\Windows\hphins33.dat
[2011/06/14 07:36:51 | 000,000,586 | ---- | C] () -- C:\Windows\hphmdl33.dat.temp
[2011/03/09 04:07:09 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/01/01 21:52:10 | 000,000,272 | ---- | C] () -- C:\ProgramData\~g7FqknQ1CJ3HuMp
[2011/01/01 21:52:10 | 000,000,152 | ---- | C] () -- C:\ProgramData\~g7FqknQ1CJ3HuMpr
[2011/01/01 21:52:02 | 000,000,336 | ---- | C] () -- C:\ProgramData\g7FqknQ1CJ3HuMp
[2011/01/01 21:07:17 | 000,000,144 | ---- | C] () -- C:\ProgramData\~iyWJH0JDr
[2011/01/01 21:07:16 | 000,000,272 | ---- | C] () -- C:\ProgramData\~iyWJH0JD
[2011/01/01 21:07:10 | 000,000,336 | ---- | C] () -- C:\ProgramData\iyWJH0JD
[2011/01/01 19:34:21 | 000,000,272 | ---- | C] () -- C:\ProgramData\~2YVchbMgpOhr
[2011/01/01 19:34:21 | 000,000,144 | ---- | C] () -- C:\ProgramData\~2YVchbMgpOhrr
[2011/01/01 19:34:08 | 000,000,344 | ---- | C] () -- C:\ProgramData\2YVchbMgpOhr
[2011/01/01 19:01:39 | 000,000,272 | ---- | C] () -- C:\ProgramData\~zkqu677tuYE3HX
[2011/01/01 19:01:39 | 000,000,144 | ---- | C] () -- C:\ProgramData\~zkqu677tuYE3HXr
[2011/01/01 19:01:28 | 000,000,392 | ---- | C] () -- C:\ProgramData\zkqu677tuYE3HX
[2011/01/01 18:41:12 | 000,000,272 | ---- | C] () -- C:\ProgramData\~psTHsUsiei1CxBu
[2011/01/01 18:41:12 | 000,000,144 | ---- | C] () -- C:\ProgramData\~psTHsUsiei1CxBur
[2011/01/01 18:41:10 | 000,000,336 | ---- | C] () -- C:\ProgramData\psTHsUsiei1CxBu
[2010/11/29 21:13:17 | 000,000,120 | ---- | C] () -- C:\Users\Janice\AppData\Local\Rzimap.dat
[2010/11/29 21:13:17 | 000,000,000 | ---- | C] () -- C:\Users\Janice\AppData\Local\Hnamif.bin
[2010/10/29 17:38:02 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/10/03 22:51:34 | 000,001,356 | ---- | C] () -- C:\Users\Janice\AppData\Local\d3d9caps.dat
[2007/12/26 16:16:45 | 067,819,722 | ---- | C] () -- C:\Users\Janice\A Charlie Brown Thanksgiving.avi
[2007/12/26 16:07:48 | 268,942,576 | ---- | C] () -- C:\Users\Janice\Cartoons - Peanuts - A Charlie Brown Christmas '65.mpg
[2007/12/25 22:50:35 | 000,000,632 | RHS- | C] () -- C:\Users\Janice\ntuser.pol
[2007/08/09 13:38:51 | 000,000,698 | ---- | C] () -- C:\Users\Janice\AppData\Roaming\wklnhst.dat
[2007/08/02 18:30:07 | 000,061,952 | ---- | C] () -- C:\Users\Janice\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2009/04/18 08:13:46 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\AVG7
[2012/03/18 14:54:53 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\DAEMON Tools Lite
[2007/10/24 17:57:44 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\DQSD
[2010/07/16 10:23:10 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\FrostWire
[2010/11/29 21:39:00 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\GetRightToGo
[2007/11/12 08:51:44 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Grisoft
[2009/11/21 08:42:57 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\LimeWire
[2011/12/26 12:03:21 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\OpenCandy
[2008/02/21 00:19:25 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Paltalk
[2007/08/02 18:38:09 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\SampleView
[2007/08/09 13:39:07 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Template
[2009/11/13 22:07:53 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Thinstall
[2010/07/04 08:22:21 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\TomTom
[2012/03/27 13:08:37 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\uTorrent
[2010/06/04 04:59:54 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Vivox
[2007/08/15 13:44:03 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\WildTangent
[2012/07/11 19:07:00 | 000,000,910 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-995996556-1816073739-136882781-1000Core.job
[2012/07/12 10:07:05 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-995996556-1816073739-136882781-1000UA.job
[2012/07/12 09:40:11 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/07/12 10:08:00 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{32192C83-9E33-48DD-BAA9-C9C1AF567DDE}.job

========== Purity Check ==========



< End of report >
grimwraith1
Active Member
 
Posts: 12
Joined: July 9th, 2012, 9:45 pm

Re: Computer Crashes Intermittently

Unread postby askey127 » July 12th, 2012, 4:24 pm

grimwraith1,
If you want to keep your PC out of trouble, there are a few practices you always need to follow:
  • Avoid P2P file sharing programs (uTorrent, Frostwire, etc.).
    These programs are insecure, and the shared files have hundreds of thousands of "planted" infections.
  • Avoid all Registry helpers/boosters/optimizers/cleaners, etc.
    They don't produce much of any significant benefit, and can corrupt or trash your machine.
  • Avoid installing toolbars if possible. They are almost always for the benefit of the purveyor, not you.
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

Eusing Free Registry Cleaner

Take extra care in answering questions posed by any Uninstaller.
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - Reg Error: Value error. File not found
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - Reg Error: Value error. File not found
    O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
    
    :Files
    C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
    C:\Users\Janice\AppData\Roaming\uTorrent
    C:\Users\Janice\AppData\Roaming\LimeWire
    C:\Users\Janice\AppData\Roaming\FrostWire
    C:\Users\Janice\Desktop\Eusing Free Registry Cleaner.lnk
    C:\Program Files\Eusing Free Registry Cleaner
    ipconfig /flushdns /c
    
    :Commands
    [PURITY]
    [emptyjava]
    [emptyflash] 
    [EMPTYTEMP]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Computer Crashes Intermittently

Unread postby grimwraith1 » July 12th, 2012, 6:07 pm

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\x-sdch\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1759355-3EEC-4C1E-B0F1-B719FE26E377}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}\ deleted successfully.
C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll moved successfully.
========== FILES ==========
File\Folder C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll not found.
C:\Users\Janice\AppData\Roaming\uTorrent\dlimagecache folder moved successfully.
C:\Users\Janice\AppData\Roaming\uTorrent\apps folder moved successfully.
C:\Users\Janice\AppData\Roaming\uTorrent folder moved successfully.
C:\Users\Janice\AppData\Roaming\LimeWire\xml\data folder moved successfully.
C:\Users\Janice\AppData\Roaming\LimeWire\xml folder moved successfully.
C:\Users\Janice\AppData\Roaming\LimeWire\promotion folder moved successfully.
C:\Users\Janice\AppData\Roaming\LimeWire\mozilla-profile\updates\0 folder moved successfully.
C:\Users\Janice\AppData\Roaming\LimeWire\mozilla-profile\updates folder moved successfully.
C:\Users\Janice\AppData\Roaming\LimeWire\mozilla-profile\extensions folder moved successfully.
C:\Users\Janice\AppData\Roaming\LimeWire\mozilla-profile\Cache folder moved successfully.
C:\Users\Janice\AppData\Roaming\LimeWire\mozilla-profile folder moved successfully.
C:\Users\Janice\AppData\Roaming\LimeWire\certificate folder moved successfully.
C:\Users\Janice\AppData\Roaming\LimeWire\browser\xulrunner\res\html folder moved successfully.
C:\Users\Janice\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts folder moved successfully.
C:\Users\Janice\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables folder moved successfully.
C:\Users\Janice\AppData\Roaming\LimeWire\browser\xulrunner\res\dtd folder moved successfully.
C:\Users\Janice\AppData\Roaming\LimeWire\browser\xulrunner\res folder moved successfully.
C:\Users\Janice\AppData\Roaming\LimeWire\browser\xulrunner\plugins folder moved successfully.
C:\Users\Janice\AppData\Roaming\LimeWire\browser\xulrunner\modules folder moved successfully.
C:\Users\Janice\AppData\Roaming\LimeWire\browser\xulrunner\greprefs folder moved successfully.
C:\Users\Janice\AppData\Roaming\LimeWire\browser\xulrunner\dictionaries folder moved successfully.
C:\Users\Janice\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\US\chrome folder moved successfully.
C:\Users\Janice\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\US folder moved successfully.
C:\Users\Janice\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\chrome folder moved successfully.
C:\Users\Janice\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile folder moved successfully.
C:\Users\Janice\AppData\Roaming\LimeWire\browser\xulrunner\defaults\pref folder moved successfully.
C:\Users\Janice\AppData\Roaming\LimeWire\browser\xulrunner\defaults\autoconfig folder moved successfully.
C:\Users\Janice\AppData\Roaming\LimeWire\browser\xulrunner\defaults folder moved successfully.
C:\Users\Janice\AppData\Roaming\LimeWire\browser\xulrunner\components folder moved successfully.
C:\Users\Janice\AppData\Roaming\LimeWire\browser\xulrunner\chrome folder moved successfully.
C:\Users\Janice\AppData\Roaming\LimeWire\browser\xulrunner folder moved successfully.
C:\Users\Janice\AppData\Roaming\LimeWire\browser folder moved successfully.
C:\Users\Janice\AppData\Roaming\LimeWire\.AppSpecialShare folder moved successfully.
C:\Users\Janice\AppData\Roaming\LimeWire folder moved successfully.
C:\Users\Janice\AppData\Roaming\FrostWire\xml\schemas folder moved successfully.
C:\Users\Janice\AppData\Roaming\FrostWire\xml\misc folder moved successfully.
C:\Users\Janice\AppData\Roaming\FrostWire\xml\data folder moved successfully.
C:\Users\Janice\AppData\Roaming\FrostWire\xml folder moved successfully.
C:\Users\Janice\AppData\Roaming\FrostWire\themes\frostwire_theme folder moved successfully.
C:\Users\Janice\AppData\Roaming\FrostWire\themes\frostwirePro_theme folder moved successfully.
C:\Users\Janice\AppData\Roaming\FrostWire\themes folder moved successfully.
C:\Users\Janice\AppData\Roaming\FrostWire\overlays folder moved successfully.
C:\Users\Janice\AppData\Roaming\FrostWire\.NetworkShare\Incomplete folder moved successfully.
C:\Users\Janice\AppData\Roaming\FrostWire\.NetworkShare folder moved successfully.
C:\Users\Janice\AppData\Roaming\FrostWire\.AppSpecialShare folder moved successfully.
C:\Users\Janice\AppData\Roaming\FrostWire folder moved successfully.
File\Folder C:\Users\Janice\Desktop\Eusing Free Registry Cleaner.lnk not found.
C:\Program Files\Eusing Free Registry Cleaner\Backup folder moved successfully.
C:\Program Files\Eusing Free Registry Cleaner folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Janice\Desktop\cmd.bat deleted successfully.
C:\Users\Janice\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Janice
->Java cache emptied: 763906 bytes

User: Public

Total Java Files Cleaned = 1.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Janice
->Flash cache emptied: 2835996 bytes

User: Public

Total Flash Files Cleaned = 3.00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Janice
->Temp folder emptied: 227798 bytes
->Temporary Internet Files folder emptied: 53120114 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 44083436 bytes
->Google Chrome cache emptied: 95165668 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 278935324 bytes
RecycleBin emptied: 57603906 bytes

Total Files Cleaned = 505.00 mb


OTL by OldTimer - Version 3.2.53.1 log created on 07122012_175743

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
grimwraith1
Active Member
 
Posts: 12
Joined: July 9th, 2012, 9:45 pm

Re: Computer Crashes Intermittently

Unread postby grimwraith1 » July 12th, 2012, 6:07 pm

Double Post >.<
grimwraith1
Active Member
 
Posts: 12
Joined: July 9th, 2012, 9:45 pm

Re: Computer Crashes Intermittently

Unread postby grimwraith1 » July 12th, 2012, 6:23 pm

OTL logfile created on: 7/12/2012 6:09:25 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Janice\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.76 Mb Total Physical Memory | 224.98 Mb Available Physical Memory | 25.17% Memory free
2.00 Gb Paging File | 1.20 Gb Available in Paging File | 60.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.22 Gb Total Space | 75.40 Gb Free Space | 54.16% Space Free | Partition Type: NTFS
Drive D: | 9.83 Gb Total Space | 4.55 Gb Free Space | 46.33% Space Free | Partition Type: NTFS
Drive E: | 1.33 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: JANICE-PC | User Name: Janice | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/10 17:18:58 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Janice\Desktop\OTL.exe
PRC - [2012/07/10 00:09:02 | 001,250,328 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/12/01 08:57:06 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/09/26 19:24:42 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2007/08/29 15:16:04 | 001,662,976 | ---- | M] (D-Link) -- C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe
PRC - [2007/05/11 20:49:29 | 000,065,536 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2007/04/29 22:54:44 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxcgcoms.exe
PRC - [2007/01/19 11:49:04 | 000,049,152 | ---- | M] (Wireless Service) -- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
PRC - [2007/01/18 02:46:56 | 004,349,952 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/11 06:40:29 | 004,051,456 | ---- | M] () -- C:\Users\Janice\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.3\libglesv2.dll
MOD - [2012/07/11 06:40:29 | 000,100,864 | ---- | M] () -- C:\Users\Janice\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.3\libegl.dll
MOD - [2012/07/10 00:09:00 | 000,438,296 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.57\ppgooglenaclpluginchrome.dll
MOD - [2012/07/10 00:08:59 | 003,972,120 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.57\pdf.dll
MOD - [2012/07/10 00:07:22 | 000,140,328 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.57\avutil-51.dll
MOD - [2012/07/10 00:07:21 | 000,262,184 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.57\avformat-54.dll
MOD - [2012/07/10 00:07:19 | 002,386,984 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.57\avcodec-54.dll
MOD - [2007/08/20 17:41:12 | 000,233,472 | ---- | M] () -- C:\Windows\System32\WlanApp.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (GoogleDesktopManager-051210-111108)
SRV - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/01/23 00:43:08 | 000,092,592 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011/12/01 08:57:06 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2008/05/05 18:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/26 19:24:42 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/08/02 12:06:10 | 000,942,080 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\D-Link\Wireless G WDA-1320\JSWUtilVst\jswpsapi.exe -- (jswpsapi)
SRV - [2007/05/11 20:49:29 | 000,065,536 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2007/04/29 22:54:44 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxcgcoms.exe -- (lxcg_device)
SRV - [2006/12/14 03:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 03:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 02:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{434C88D5-8AB8-4712-B015-23417C9DCDAA}\MpKsl98838fb5.sys -- (MpKsl98838fb5)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/12/01 08:56:58 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/12/01 08:56:58 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/12/09 18:14:43 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/09/05 15:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/08/13 16:07:12 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/06/20 01:04:00 | 007,468,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/01/26 03:02:02 | 000,140,832 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/10/12 03:00:44 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/10/12 02:56:22 | 000,490,776 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2007/07/27 12:06:08 | 000,020,352 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2007/06/30 04:10:54 | 000,738,304 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\A3ABv.sys -- (A3AB) D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB)
DRV - [2007/06/20 04:00:00 | 000,009,200 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/04/10 17:46:48 | 001,966,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX3000.sys -- (VX3000)
DRV - [2006/12/29 04:49:00 | 000,247,808 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2006/11/02 03:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel(R)
DRV - [2006/11/02 03:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/05/26 10:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [1999/09/10 12:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {13031016-55FD-48D7-B7FB-42FD5E105756}
IE - HKLM\..\SearchScopes\{13031016-55FD-48D7-B7FB-42FD5E105756}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {C31896FF-86BC-48C4-99F1-EC64557B8F05}
IE - HKCU\..\SearchScopes\{18C28D72-DF12-4AF1-BEF3-C1D8C50CA61B}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GWYE_en
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=xNa95aAK ... smOmKWo?q={searchTerms}
IE - HKCU\..\SearchScopes\{C31896FF-86BC-48C4-99F1-EC64557B8F05}: "URL" = http://www.bing.com/search?q={searchTerms}&form=BIE9MI&pc=BIE9&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49859

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {E4CE94FD-F1B4-426F-B753-8B0B5969295B}:1.9.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: wecarereminder@bryan:5.0.8.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 49859
FF - prefs.js..network.proxy.no_proxies_on: "localho,t,127.0.0.1,*.local"
FF - prefs.js..network.proxy.type: 1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Janice\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/10 21:33:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/12 09:19:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{E4CE94FD-F1B4-426F-B753-8B0B5969295B}: C:\Users\Janice\AppData\Local\{E4CE94FD-F1B4-426F-B753-8B0B5969295B} [2010/11/29 21:13:16 | 000,000,000 | ---D | M]

[2010/12/12 21:22:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Janice\AppData\Roaming\mozilla\Extensions
[2010/07/04 08:22:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Janice\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2010/06/04 04:51:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Janice\AppData\Roaming\mozilla\Extensions\IMVUClientXUL@imvu.com
[2009/02/01 23:44:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Janice\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2012/03/17 08:36:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Janice\AppData\Roaming\mozilla\Firefox\Profiles\ynluekkg.default\extensions
[2011/01/02 19:16:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Janice\AppData\Roaming\mozilla\Firefox\Profiles\ynluekkg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/02 19:12:45 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Janice\AppData\Roaming\mozilla\Firefox\Profiles\ynluekkg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/12/26 12:04:10 | 000,000,000 | ---D | M] (ASPCA App By We-Care.com) -- C:\Users\Janice\AppData\Roaming\mozilla\Firefox\Profiles\ynluekkg.default\extensions\wecarereminder@bryan
[2012/07/11 22:53:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/04 16:14:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2010/11/29 21:13:16 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\JANICE\APPDATA\LOCAL\{E4CE94FD-F1B4-426F-B753-8B0B5969295B}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Janice\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Janice\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\Janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google Search = C:\Users\Janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: We-Care Reminder Lite = C:\Users\Janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.12_0\
CHR - Extension: Gmail = C:\Users\Janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

Hosts file not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [D-Link Wireless G WDA-1320] C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe (D-Link)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Janice\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 74.128.19.102 74.128.17.114
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{887D6F20-DA9C-4FC8-AF45-DFE9F1322BE7}: DhcpNameServer = 74.128.19.102 74.128.17.114
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img4.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img4.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 05:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{1cd8a37d-d0e4-11dc-a795-001bb95aac84}\Shell\Auto\command - "" = upsetup.exe
O33 - MountPoints2\{1cd8a37d-d0e4-11dc-a795-001bb95aac84}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL upsetup.exe
O33 - MountPoints2\{1cd8a380-d0e4-11dc-a795-001bb95aac84}\Shell - "" = AutoRun
O33 - MountPoints2\{1cd8a380-d0e4-11dc-a795-001bb95aac84}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{2391f78b-4151-11dc-b341-001bb95aac84}\Shell\AutoRun\command - "" = J:\setupSNK.exe
O33 - MountPoints2\{2c6929e4-ce9e-11df-94e5-001bb95aac84}\Shell\AutoRun\command - "" = J:\rcaeasyrip_setup.exe
O33 - MountPoints2\{2c6929e4-ce9e-11df-94e5-001bb95aac84}\Shell\install\command - "" = J:\rcaeasyrip_setup.exe
O33 - MountPoints2\{2c6929e4-ce9e-11df-94e5-001bb95aac84}\Shell\usermanualEnglish\command - "" = J:\rcaeasyrip_setup.exe /pdf_English
O33 - MountPoints2\{2c6929e4-ce9e-11df-94e5-001bb95aac84}\Shell\usermanualFrench\command - "" = J:\rcaeasyrip_setup.exe /pdf_French
O33 - MountPoints2\{2c6929e4-ce9e-11df-94e5-001bb95aac84}\Shell\usermanualSpanish\command - "" = J:\rcaeasyrip_setup.exe /pdf_Spanish
O33 - MountPoints2\{7125c8be-7108-11e1-af79-001bb95aac84}\Shell - "" = AutoRun
O33 - MountPoints2\{7125c8be-7108-11e1-af79-001bb95aac84}\Shell\AutoRun\command - "" = J:\SETUP.EXE
O33 - MountPoints2\{7125c8be-7108-11e1-af79-001bb95aac84}\Shell\configure\command - "" = J:\SETUP.EXE
O33 - MountPoints2\{7125c8be-7108-11e1-af79-001bb95aac84}\Shell\install\command - "" = J:\SETUP.EXE
O33 - MountPoints2\{bb605673-83a0-11de-be40-001bb95aac84}\Shell - "" = AutoRun
O33 - MountPoints2\{bb605673-83a0-11de-be40-001bb95aac84}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{e8b72893-c98b-11de-8644-001bb95aac84}\Shell\Auto\command - "" = J:\upsetup.exe
O33 - MountPoints2\{e8b72893-c98b-11de-8644-001bb95aac84}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\upsetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/12 17:57:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/12 09:18:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/07/12 09:18:28 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/07/12 09:13:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/07/10 17:18:47 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Janice\Desktop\OTL.exe
[2012/07/01 19:14:03 | 000,000,000 | ---D | C] -- C:\Users\Janice\AppData\Local\Facebook

========== Files - Modified Within 30 Days ==========

[2012/07/12 18:20:04 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/12 18:18:00 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{32192C83-9E33-48DD-BAA9-C9C1AF567DDE}.job
[2012/07/12 18:07:38 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/12 18:07:38 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/12 18:05:20 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/12 18:04:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/12 18:03:58 | 150,711,233 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/07/12 16:07:01 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-995996556-1816073739-136882781-1000UA.job
[2012/07/12 09:19:28 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/07/11 19:07:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-995996556-1816073739-136882781-1000Core.job
[2012/07/11 16:26:10 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/07/11 03:49:13 | 000,331,552 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/10 17:18:58 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Janice\Desktop\OTL.exe
[2012/07/04 10:21:30 | 000,060,495 | ---- | M] () -- C:\Users\Janice\Documents\Federal and Kentucky Court Systems Handout.pdf
[2012/06/22 20:15:43 | 000,057,793 | ---- | M] () -- C:\Users\Janice\Desktop\patti.jpg
[2012/06/22 17:13:09 | 000,060,942 | ---- | M] () -- C:\Users\Janice\Desktop\nolandad.jpg
[2012/06/21 20:26:26 | 000,027,434 | ---- | M] () -- C:\Users\Janice\Desktop\nolan.jpg
[2012/06/14 07:07:43 | 000,606,364 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/14 07:07:43 | 000,104,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2012/07/12 09:19:28 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/07/12 09:19:27 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/07/11 19:02:14 | 000,000,932 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-995996556-1816073739-136882781-1000UA.job
[2012/07/04 10:21:45 | 000,060,495 | ---- | C] () -- C:\Users\Janice\Documents\Federal and Kentucky Court Systems Handout.pdf
[2012/07/01 19:14:06 | 000,000,910 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-995996556-1816073739-136882781-1000Core.job
[2012/06/22 20:15:58 | 000,057,793 | ---- | C] () -- C:\Users\Janice\Desktop\patti.jpg
[2012/06/22 17:13:26 | 000,060,942 | ---- | C] () -- C:\Users\Janice\Desktop\nolandad.jpg
[2012/06/21 20:26:35 | 000,027,434 | ---- | C] () -- C:\Users\Janice\Desktop\nolan.jpg
[2011/12/08 13:44:09 | 000,158,533 | ---- | C] () -- C:\Windows\hphins33.dat.temp
[2011/06/15 21:02:29 | 000,136,536 | ---- | C] () -- C:\Windows\hphins33.dat
[2011/06/14 07:36:51 | 000,000,586 | ---- | C] () -- C:\Windows\hphmdl33.dat.temp
[2011/03/09 04:07:09 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/01/01 21:52:10 | 000,000,272 | ---- | C] () -- C:\ProgramData\~g7FqknQ1CJ3HuMp
[2011/01/01 21:52:10 | 000,000,152 | ---- | C] () -- C:\ProgramData\~g7FqknQ1CJ3HuMpr
[2011/01/01 21:52:02 | 000,000,336 | ---- | C] () -- C:\ProgramData\g7FqknQ1CJ3HuMp
[2011/01/01 21:07:17 | 000,000,144 | ---- | C] () -- C:\ProgramData\~iyWJH0JDr
[2011/01/01 21:07:16 | 000,000,272 | ---- | C] () -- C:\ProgramData\~iyWJH0JD
[2011/01/01 21:07:10 | 000,000,336 | ---- | C] () -- C:\ProgramData\iyWJH0JD
[2011/01/01 19:34:21 | 000,000,272 | ---- | C] () -- C:\ProgramData\~2YVchbMgpOhr
[2011/01/01 19:34:21 | 000,000,144 | ---- | C] () -- C:\ProgramData\~2YVchbMgpOhrr
[2011/01/01 19:34:08 | 000,000,344 | ---- | C] () -- C:\ProgramData\2YVchbMgpOhr
[2011/01/01 19:01:39 | 000,000,272 | ---- | C] () -- C:\ProgramData\~zkqu677tuYE3HX
[2011/01/01 19:01:39 | 000,000,144 | ---- | C] () -- C:\ProgramData\~zkqu677tuYE3HXr
[2011/01/01 19:01:28 | 000,000,392 | ---- | C] () -- C:\ProgramData\zkqu677tuYE3HX
[2011/01/01 18:41:12 | 000,000,272 | ---- | C] () -- C:\ProgramData\~psTHsUsiei1CxBu
[2011/01/01 18:41:12 | 000,000,144 | ---- | C] () -- C:\ProgramData\~psTHsUsiei1CxBur
[2011/01/01 18:41:10 | 000,000,336 | ---- | C] () -- C:\ProgramData\psTHsUsiei1CxBu
[2010/11/29 21:13:17 | 000,000,120 | ---- | C] () -- C:\Users\Janice\AppData\Local\Rzimap.dat
[2010/11/29 21:13:17 | 000,000,000 | ---- | C] () -- C:\Users\Janice\AppData\Local\Hnamif.bin
[2010/10/29 17:38:02 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/10/03 22:51:34 | 000,001,356 | ---- | C] () -- C:\Users\Janice\AppData\Local\d3d9caps.dat
[2007/12/26 16:16:45 | 067,819,722 | ---- | C] () -- C:\Users\Janice\A Charlie Brown Thanksgiving.avi
[2007/12/26 16:07:48 | 268,942,576 | ---- | C] () -- C:\Users\Janice\Cartoons - Peanuts - A Charlie Brown Christmas '65.mpg
[2007/12/25 22:50:35 | 000,000,632 | RHS- | C] () -- C:\Users\Janice\ntuser.pol
[2007/08/09 13:38:51 | 000,000,698 | ---- | C] () -- C:\Users\Janice\AppData\Roaming\wklnhst.dat
[2007/08/02 18:30:07 | 000,061,952 | ---- | C] () -- C:\Users\Janice\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2009/04/18 08:13:46 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\AVG7
[2012/03/18 14:54:53 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\DAEMON Tools Lite
[2007/10/24 17:57:44 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\DQSD
[2010/11/29 21:39:00 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\GetRightToGo
[2007/11/12 08:51:44 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Grisoft
[2011/12/26 12:03:21 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\OpenCandy
[2008/02/21 00:19:25 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Paltalk
[2007/08/02 18:38:09 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\SampleView
[2007/08/09 13:39:07 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Template
[2009/11/13 22:07:53 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Thinstall
[2010/07/04 08:22:21 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\TomTom
[2010/06/04 04:59:54 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Vivox
[2007/08/15 13:44:03 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\WildTangent
[2012/07/11 19:07:00 | 000,000,910 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-995996556-1816073739-136882781-1000Core.job
[2012/07/12 16:07:01 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-995996556-1816073739-136882781-1000UA.job
[2012/07/12 09:40:11 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/07/12 18:18:00 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{32192C83-9E33-48DD-BAA9-C9C1AF567DDE}.job

========== Purity Check ==========



< End of report >
grimwraith1
Active Member
 
Posts: 12
Joined: July 9th, 2012, 9:45 pm

Re: Computer Crashes Intermittently

Unread postby askey127 » July 13th, 2012, 7:40 am

grimwraith1,
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :OTL
    FF - prefs.js..extensions.enabledItems: wecarereminder@bryan:5.0.8.5
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    CHR - Extension: We-Care Reminder Lite = C:\Users\Janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.12_0\
    [2009/04/18 08:13:46 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\AVG7
    [2007/11/12 08:51:44 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Grisoft
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
----------------------------------------------
At this point you should Defragment your C: Drive
Start > Programs > Accessories > System Tools > Disk Defragmenter
Don't bother with Analyze first, just highlight C: Drive and Defragment

If you prefer, you can use MyDefrag from here: http://www.mydefrag.com/Manual-DownloadAndInstall.html
Install it and run it.
It is somewhat more thorough than the Windows built-in defragmenter.
----------------------------------------------
You can setup to test RAM yourself, although you have to burn a CD to do it.
Good and complete instructions for the Windows Memory Diagnostic Tool are here:

http://forums.whatthetech.com/index.php ... pic=103823
----------------------------------------------

When you can, pull off the cover from the e-machine box, and make sure the plug-in cards on the motherboard are all seated firmly in their sockets.
You can temporarily start up the machine with the cover off as well, to make sure the fans are running, and none of the air vents are clogged with dust.

Are you seeing any more Blue Screens?

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Computer Crashes Intermittently

Unread postby Gary R » July 13th, 2012, 7:44 am

This topic has been moved to the Malware Removal room.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Computer Crashes Intermittently

Unread postby grimwraith1 » July 13th, 2012, 6:14 pm

All processes killed
========== OTL ==========
Prefs.js: wecarereminder@bryan:5.0.8.5 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
C:\Users\Janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.12_0\images folder moved successfully.
C:\Users\Janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.12_0 folder moved successfully.
C:\Users\Janice\AppData\Roaming\AVG7 folder moved successfully.
C:\Users\Janice\AppData\Roaming\Grisoft\AVG Antispyware 7.5\Reports folder moved successfully.
C:\Users\Janice\AppData\Roaming\Grisoft\AVG Antispyware 7.5\quarantine folder moved successfully.
C:\Users\Janice\AppData\Roaming\Grisoft\AVG Antispyware 7.5 folder moved successfully.
C:\Users\Janice\AppData\Roaming\Grisoft folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Janice\Desktop\cmd.bat deleted successfully.
C:\Users\Janice\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Janice
->Temp folder emptied: 75471 bytes
->Temporary Internet Files folder emptied: 1395033 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 86067853 bytes
->Flash cache emptied: 2898 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 20448 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 84.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.53.1 log created on 07132012_180701

Files\Folders moved on Reboot...
C:\Users\Janice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.

PendingFileRenameOperations files...
File C:\Users\Janice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!

Registry entries deleted on Reboot...
grimwraith1
Active Member
 
Posts: 12
Joined: July 9th, 2012, 9:45 pm

Re: Computer Crashes Intermittently

Unread postby grimwraith1 » July 13th, 2012, 10:33 pm

So far today, after all of this was done, it has not crashed. :) should clean the dust out as well... Couldn't check the RAM, don't have anything to download the program on to. Used the outside program to consolidate and defragment the hard drive.
grimwraith1
Active Member
 
Posts: 12
Joined: July 9th, 2012, 9:45 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 293 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware