1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Help!

Discussion in 'Virus & Other Malware Removal' started by kylejatl, Mar 30, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. kylejatl

    kylejatl Thread Starter

    Joined:
    May 15, 2004
    Messages:
    57
    I'm getting virus attacks on my computer; I don't know what service I was using but I just bought McAfee AnitVirus Internet Security, but when I try to run it I can a pop-up alert saying my application cannot be executed, it says something is infected. I've tried to run and install HJT to post a log file but it won't let me install it. Is there anything someone can help me with to get started and get around this issue? Thanks so much!
     
  2. kylejatl

    kylejatl Thread Starter

    Joined:
    May 15, 2004
    Messages:
    57
    I was able to finally download HJT ... here's my file. I appreciate your help!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:42:48 PM, on 3/30/2010
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v8.00 (8.00.6001.18882)
    Boot mode: Normal

    Running processes:
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Dell\DellDock\DellDock.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Windows\OEM02Mon.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\System32\WLTRAY.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Logitech\QuickCam\Quickcam.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
    C:\Program Files\Lexmark 2600 Series\ezprint.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Squeezebox\SqueezeTray.exe
    C:\Program Files\PictureMover\Bin\PictureMover.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\regedit.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
    O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [lxdnmon.exe] "C:\Program Files\Lexmark 2600 Series\lxdnmon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2600 Series\ezprint.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
    O4 - Startup: PictureMover.lnk = C:\Program Files\PictureMover\Bin\PictureMover.exe
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: Squeezebox Server Tray Tool.lnk = C:\Program Files\Squeezebox\SqueezeTray.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
    O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.winkflash.com/photo/loaders/ImageUploader5.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {FB1C9BD4-54A9-4996-9FAA-579DCC4204DF} (ParentWatchLive_3_01 Class) - https://www.parentwatch.com/centers/video/push-3-01-00.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
    O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdnserv.exe
    O23 - Service: lxdn_device - - C:\Windows\system32\lxdncoms.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: SqueezeMySQL - Unknown owner - C:\PROGRA~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 10384 bytes
     
  3. piano9playa5

    piano9playa5

    Joined:
    Jul 13, 2008
    Messages:
    132
    Hello, and welcome to TSG! Let's see if we can get those programs running again.


    Step № One
    Please download exeHelper to your Desktop.
    • Double-click on exeHelper to run the fix.
    • A black window should pop up, press any key to close once the fix is completed.
    • Post the contents of exehelperlog (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)


    Step № Two
    Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Then click the Quick Scan button at the top. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

    Logs&Info
    Remember to post back the following logs:
    1. exehelperlog.txt
    2. OTL.txt
    3. Extras.txt
     
  4. kylejatl

    kylejatl Thread Starter

    Joined:
    May 15, 2004
    Messages:
    57
    OTL.txt:

    OTL logfile created on: 3/30/2010 8:36:03 PM - Run 1
    OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\K2\Downloads
    Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18882)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
    6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 220.58 Gb Total Space | 73.71 Gb Free Space | 33.42% Space Free | Partition Type: NTFS
    Drive D: | 9.77 Gb Total Space | 5.36 Gb Free Space | 54.89% Space Free | Partition Type: NTFS
    Drive E: | 123.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: K2-PC
    Current User Name: K2
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 14 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/03/30 20:33:02 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\K2\Downloads\OTL.exe
    PRC - [2009/11/21 18:20:52 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    PRC - [2009/10/20 09:13:52 | 002,351,191 | ---- | M] (SlimDevices - A Logitech Company) -- C:\Program Files\Squeezebox\SqueezeTray.exe
    PRC - [2009/10/20 09:13:32 | 004,149,248 | ---- | M] () -- C:\Program Files\Squeezebox\server\Bin\MSWin32-x86-multi-thread\mysqld.exe
    PRC - [2009/05/21 11:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/08/14 17:15:46 | 002,407,184 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
    PRC - [2008/08/14 17:11:48 | 000,565,008 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
    PRC - [2008/08/14 17:11:14 | 000,447,248 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
    PRC - [2008/08/14 01:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    PRC - [2008/08/13 09:11:00 | 000,413,696 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\PictureMover\Bin\PictureMover.exe
    PRC - [2008/07/26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
    PRC - [2008/07/26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe
    PRC - [2008/05/13 16:33:10 | 001,058,088 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
    PRC - [2008/05/04 04:25:32 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
    PRC - [2008/05/04 04:25:26 | 000,167,936 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
    PRC - [2008/05/04 04:25:26 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
    PRC - [2008/05/04 04:25:26 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
    PRC - [2008/04/28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
    PRC - [2008/03/27 10:13:23 | 000,107,176 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 2600 Series\ezprint.exe
    PRC - [2008/03/27 10:13:18 | 000,660,136 | ---- | M] () -- C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
    PRC - [2008/03/04 00:05:24 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
    PRC - [2008/02/27 18:07:26 | 000,594,600 | ---- | M] ( ) -- C:\Windows\System32\lxdncoms.exe
    PRC - [2008/02/27 18:07:14 | 000,098,984 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\spool\drivers\w32x86\3\lxdnserv.exe
    PRC - [2008/01/20 21:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
    PRC - [2007/12/21 10:58:06 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
    PRC - [2007/11/12 06:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
    PRC - [2007/11/12 06:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
    PRC - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2007/03/21 13:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2006/11/03 18:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/03/30 20:33:02 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\K2\Downloads\OTL.exe
    MOD - [2008/07/26 08:25:24 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\Windows\Temp\logishrd\LVPrcInj01.dll
    MOD - [2008/01/20 21:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2009/11/21 18:20:52 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
    SRV - [2009/10/20 09:13:32 | 004,149,248 | ---- | M] () [Auto | Running] -- C:\Program Files\Squeezebox\server\Bin\MSWin32-x86-multi-thread\mysqld.exe -- (SqueezeMySQL)
    SRV - [2008/08/28 00:01:53 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
    SRV - [2008/08/14 01:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
    SRV - [2008/07/26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
    SRV - [2008/07/26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
    SRV - [2008/04/28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
    SRV - [2008/02/27 18:07:26 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdncoms.exe -- (lxdn_device)
    SRV - [2008/02/27 18:07:14 | 000,098,984 | ---- | M] () [Auto | Running] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe -- (lxdnCATSCustConnectService)
    SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/11/12 06:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
    SRV - [2007/11/12 06:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
    SRV - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080828
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
    FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1
    FF - prefs.js..network.proxy.no_proxies_on: "*.local"

    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/01 00:31:05 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/01 00:31:05 | 000,000,000 | ---D | M]

    [2009/06/25 22:43:21 | 000,000,000 | ---D | M] -- C:\Users\K2\AppData\Roaming\Mozilla\Extensions
    [2010/03/30 19:07:35 | 000,000,000 | ---D | M] -- C:\Users\K2\AppData\Roaming\Mozilla\Firefox\Profiles\cg7n13dy.default\extensions
    [2009/09/07 04:39:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\K2\AppData\Roaming\Mozilla\Firefox\Profiles\cg7n13dy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2009/06/25 22:47:22 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\K2\AppData\Roaming\Mozilla\Firefox\Profiles\cg7n13dy.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    [2009/06/25 22:43:15 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

    O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
    O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 2600 Series\ezprint.exe (Lexmark International Inc.)
    O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
    O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
    O4 - HKLM..\Run: [lxdnmon.exe] C:\Program Files\Lexmark 2600 Series\lxdnmon.exe ()
    O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
    O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - Startup: C:\Users\K2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    O4 - Startup: C:\Users\K2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk = C:\Program Files\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
    O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.winkflash.com/photo/loaders/ImageUploader5.cab (Image Uploader Control)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {FB1C9BD4-54A9-4996-9FAA-579DCC4204DF} https://www.parentwatch.com/centers/video/push-3-01-00.cab (ParentWatchLive_3_01 Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\Users\K2\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\K2\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2008/07/15 14:40:07 | 000,000,045 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
    O33 - MountPoints2\{e475f63c-748f-11dd-acf3-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{e475f63c-748f-11dd-acf3-806e6f6e6963}\Shell\AutoRun\command - "" = E:\langsel.exe -- [2009/05/27 15:52:12 | 000,522,768 | R--- | M] (McAfee, Inc.)
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 14 Days ==========

    [2010/03/30 19:42:34 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2010/03/27 23:12:12 | 000,000,000 | ---D | C] -- C:\Users\K2\AppData\Local\odlabb
    [2009/06/03 10:56:45 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDNhcp.dll
    [2009/06/03 10:56:45 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdninpa.dll
    [2009/06/03 10:56:44 | 001,101,824 | ---- | C] ( ) -- C:\Windows\System32\lxdnserv.dll
    [2009/06/03 10:56:44 | 000,843,776 | ---- | C] ( ) -- C:\Windows\System32\lxdnusb1.dll
    [2009/06/03 10:56:44 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\lxdnpmui.dll
    [2009/06/03 10:56:44 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdniesc.dll
    [2009/06/03 10:56:44 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdnprox.dll
    [2009/06/03 10:56:43 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdnhbn3.dll
    [2009/06/03 10:56:43 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\lxdnlmpm.dll
    [2009/06/03 10:56:42 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxdncomc.dll
    [2009/06/03 10:56:42 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxdncomm.dll
    [2 C:\Users\K2\Desktop\*.tmp files -> C:\Users\K2\Desktop\*.tmp -> ]
    [1 C:\Users\K2\Documents\*.tmp files -> C:\Users\K2\Documents\*.tmp -> ]

    ========== Files - Modified Within 14 Days ==========

    [2010/03/30 20:37:53 | 002,359,296 | -HS- | M] () -- C:\Users\K2\NTUSER.DAT
    [2010/03/30 20:35:03 | 000,001,732 | -H-- | M] () -- C:\Users\K2\Documents\Default.rdp
    [2010/03/30 19:42:34 | 000,001,876 | ---- | M] () -- C:\Users\K2\Desktop\HijackThis.lnk
    [2010/03/30 18:54:46 | 000,820,084 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2010/03/30 18:54:46 | 000,179,584 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2010/03/30 18:54:46 | 000,004,880 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
    [2010/03/30 18:48:44 | 000,000,680 | ---- | M] () -- C:\Users\K2\AppData\Local\d3d9caps.dat
    [2010/03/30 18:47:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/03/30 18:47:22 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/03/30 18:47:19 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2010/03/30 18:47:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/03/30 18:47:14 | 3210,784,768 | -HS- | M] () -- C:\hiberfil.sys
    [2010/03/23 23:28:46 | 000,054,784 | ---- | M] () -- C:\Users\K2\Desktop\WDRA Final Rosters - 2009.xls
    [2010/03/23 23:08:54 | 000,011,692 | ---- | M] () -- C:\Users\K2\Desktop\Stuff for Kori.docx
    [2010/03/21 02:09:27 | 000,524,288 | -HS- | M] () -- C:\Users\K2\NTUSER.DAT{f77107b7-ae0e-11de-94c4-00219be71191}.TMContainer00000000000000000001.regtrans-ms
    [2010/03/21 02:09:27 | 000,065,536 | -HS- | M] () -- C:\Users\K2\NTUSER.DAT{f77107b7-ae0e-11de-94c4-00219be71191}.TM.blf
    [2 C:\Users\K2\Desktop\*.tmp files -> C:\Users\K2\Desktop\*.tmp -> ]
    [1 C:\Users\K2\Documents\*.tmp files -> C:\Users\K2\Documents\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/03/30 19:42:34 | 000,001,876 | ---- | C] () -- C:\Users\K2\Desktop\HijackThis.lnk
    [2010/03/23 23:28:43 | 000,054,784 | ---- | C] () -- C:\Users\K2\Desktop\WDRA Final Rosters - 2009.xls
    [2010/03/23 20:32:41 | 000,011,692 | ---- | C] () -- C:\Users\K2\Desktop\Stuff for Kori.docx
    [2009/06/03 10:58:36 | 000,348,160 | ---- | C] () -- C:\Windows\System32\lxdncoin.dll
    [2009/06/03 10:57:12 | 000,000,252 | ---- | C] () -- C:\ProgramData\FastPics.log
    [2009/06/03 10:56:53 | 000,000,044 | ---- | C] () -- C:\Windows\System32\lxdnrwrd.ini
    [2009/06/03 10:56:45 | 000,348,160 | ---- | C] () -- C:\Windows\System32\LXDNinst.dll
    [2009/06/03 10:56:43 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdngrd.dll
    [2009/03/02 20:31:10 | 000,000,680 | ---- | C] () -- C:\Users\K2\AppData\Local\d3d9caps.dat
    [2009/02/22 16:56:20 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2009/01/17 20:37:06 | 000,026,624 | ---- | C] () -- C:\Users\K2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/08/28 02:27:33 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
    [2008/08/28 02:27:33 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
    [2008/08/28 02:27:33 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
    [2008/08/28 02:27:33 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
    [2008/08/28 02:27:33 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
    [2008/08/28 02:27:29 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
    [2008/08/27 23:51:49 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
    [2008/07/26 14:42:52 | 000,066,482 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
    [2008/07/26 08:25:02 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
    [2007/11/28 12:51:49 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdnvs.dll
    [2007/11/20 19:02:39 | 000,782,336 | ---- | C] () -- C:\Windows\System32\lxdndrs.dll
    [2007/11/20 18:44:48 | 000,081,920 | ---- | C] () -- C:\Windows\System32\lxdncaps.dll
    [2007/10/02 17:51:09 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdncnv4.dll
    [2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
    [2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

    ========== LOP Check ==========

    [2009/04/27 15:41:20 | 000,000,000 | ---D | M] -- C:\Users\K2\AppData\Roaming\CopyTrans
    [2009/04/27 15:39:56 | 000,000,000 | ---D | M] -- C:\Users\K2\AppData\Roaming\CopyTransControlCenter
    [2009/04/27 16:02:04 | 000,000,000 | ---D | M] -- C:\Users\K2\AppData\Roaming\CopyTransPhoto
    [2009/03/08 18:25:55 | 000,000,000 | ---D | M] -- C:\Users\K2\AppData\Roaming\Leadertech
    [2009/05/29 20:59:15 | 000,000,000 | ---D | M] -- C:\Users\K2\AppData\Roaming\PictureMover
    [2009/04/25 21:40:41 | 000,000,000 | ---D | M] -- C:\Users\K2\AppData\Roaming\SharePod
    [2009/04/06 21:17:29 | 000,000,000 | ---D | M] -- C:\Users\K2\AppData\Roaming\TaxCut
    [2009/03/08 17:56:46 | 000,000,000 | ---D | M] -- C:\Users\K2\AppData\Roaming\tmp
    [2010/03/11 04:19:23 | 000,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========


    < End of report >
     
  5. kylejatl

    kylejatl Thread Starter

    Joined:
    May 15, 2004
    Messages:
    57
    Extra.txt:

    OTL Extras logfile created on: 3/30/2010 8:36:03 PM - Run 1
    OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\K2\Downloads
    Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18882)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
    6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 220.58 Gb Total Space | 73.71 Gb Free Space | 33.42% Space Free | Partition Type: NTFS
    Drive D: | 9.77 Gb Total Space | 5.36 Gb Free Space | 54.89% Space Free | Partition Type: NTFS
    Drive E: | 123.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: K2-PC
    Current User Name: K2
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 14 Days
    Output = Standard
    Quick Scan

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "9000:TCP" = 9000:TCP:*:Enabled:Squeezebox Server 9000 tcp (UI)
    "9001:TCP" = 9001:TCP:*:Enabled:Squeezebox Server 9001 tcp (UI)
    "9002:TCP" = 9002:TCP:*:Enabled:Squeezebox Server 9002 tcp (UI)
    "9003:TCP" = 9003:TCP:*:Enabled:Squeezebox Server 9003 tcp (UI)
    "9004:TCP" = 9004:TCP:*:Enabled:Squeezebox Server 9004 tcp (UI)
    "9005:TCP" = 9005:TCP:*:Enabled:Squeezebox Server 9005 tcp (UI)
    "9006:TCP" = 9006:TCP:*:Enabled:Squeezebox Server 9006 tcp (UI)
    "9007:TCP" = 9007:TCP:*:Enabled:Squeezebox Server 9007 tcp (UI)
    "9008:TCP" = 9008:TCP:*:Enabled:Squeezebox Server 9008 tcp (UI)
    "9009:TCP" = 9009:TCP:*:Enabled:Squeezebox Server 9009 tcp (UI)
    "9010:TCP" = 9010:TCP:*:Enabled:Squeezebox Server 9010 tcp (UI)
    "9100:TCP" = 9100:TCP:*:Enabled:Squeezebox Server 9100 tcp (UI)
    "8000:TCP" = 8000:TCP:*:Enabled:Squeezebox Server 8000 tcp (UI)
    "10000:TCP" = 10000:TCP:*:Enabled:Squeezebox Server 10000 tcp (UI)
    "9090:TCP" = 9090:TCP:*:Enabled:Squeezebox Server 9090 tcp (UI)
    "3483:UDP" = 3483:UDP:*:Enabled:Squeezebox Server 3483 udp
    "3483:TCP" = 3483:TCP:*:Enabled:Squeezebox Server 3483 tcp

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "9000:TCP" = 9000:TCP:*:Enabled:Squeezebox Server 9000 tcp (UI)
    "9001:TCP" = 9001:TCP:*:Enabled:Squeezebox Server 9001 tcp (UI)
    "9002:TCP" = 9002:TCP:*:Enabled:Squeezebox Server 9002 tcp (UI)
    "9003:TCP" = 9003:TCP:*:Enabled:Squeezebox Server 9003 tcp (UI)
    "9004:TCP" = 9004:TCP:*:Enabled:Squeezebox Server 9004 tcp (UI)
    "9005:TCP" = 9005:TCP:*:Enabled:Squeezebox Server 9005 tcp (UI)
    "9006:TCP" = 9006:TCP:*:Enabled:Squeezebox Server 9006 tcp (UI)
    "9007:TCP" = 9007:TCP:*:Enabled:Squeezebox Server 9007 tcp (UI)
    "9008:TCP" = 9008:TCP:*:Enabled:Squeezebox Server 9008 tcp (UI)
    "9009:TCP" = 9009:TCP:*:Enabled:Squeezebox Server 9009 tcp (UI)
    "9010:TCP" = 9010:TCP:*:Enabled:Squeezebox Server 9010 tcp (UI)
    "9100:TCP" = 9100:TCP:*:Enabled:Squeezebox Server 9100 tcp (UI)
    "8000:TCP" = 8000:TCP:*:Enabled:Squeezebox Server 8000 tcp (UI)
    "10000:TCP" = 10000:TCP:*:Enabled:Squeezebox Server 10000 tcp (UI)
    "9090:TCP" = 9090:TCP:*:Enabled:Squeezebox Server 9090 tcp (UI)
    "3483:UDP" = 3483:UDP:*:Enabled:Squeezebox Server 3483 udp
    "3483:TCP" = 3483:TCP:*:Enabled:Squeezebox Server 3483 tcp

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{33BD21D6-C28D-4AFA-A9BD-9836C98C4AF7}" = rport=445 | protocol=6 | dir=out | app=system |
    "{409C3CA0-6309-4473-A3EB-8A9B2A999802}" = rport=139 | protocol=6 | dir=out | app=system |
    "{448D0B3B-D351-4BAB-9DC6-1F985FDDB3F7}" = lport=445 | protocol=6 | dir=in | app=system |
    "{60F6C83B-9E69-487F-9EA4-E186A613EE88}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{73C5EA38-A232-4570-8DDB-C6D70BE94640}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{7B2C18A0-88BA-436F-9563-45526BD1CA31}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{A0699397-AF13-4947-80B5-0CE2B4EA313A}" = rport=138 | protocol=17 | dir=out | app=system |
    "{A5D61240-229F-4B4E-AC9C-5B5680A4244D}" = rport=137 | protocol=17 | dir=out | app=system |
    "{A6DE06B7-0C9C-4C44-9FF7-E59E7B06852E}" = lport=137 | protocol=17 | dir=in | app=system |
    "{A93AB768-9285-4C73-BFD5-29AD94AE62BC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{AB6BCCDA-340D-4DCE-AD61-8A43711D451D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{B04ABC41-47AF-41C4-9FB7-41BAD99BE341}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
    "{B72FF5F1-EF61-4F23-97D9-8D3646DE474C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
    "{BD80CB5C-D4B9-45BA-BD13-E26DF4C6E1E5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{E03D1F9A-F6D8-4F45-8D1A-C12BC239D465}" = lport=139 | protocol=6 | dir=in | app=system |
    "{EC4C0FAE-1A7F-4874-85F5-7AC8B5CDB6EE}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{EE4CA82B-CB3F-4A34-8167-CDF071A5B1F8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{F6BA3738-45DF-4456-B08C-5FCC85445A03}" = lport=138 | protocol=17 | dir=in | app=system |
    "{F9A5BF92-4A4A-415D-8FF3-28385A729B10}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{01C95F6D-0533-45AF-B448-164B8DC2AF32}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{02B00CF7-F2C5-4D92-A001-7ABF9D023FE3}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
    "{0A775A9F-3EFC-40B8-B5C0-04A44F7351ED}" = protocol=17 | dir=in | app=c:\windows\system32\lxdncoms.exe |
    "{0F8E1931-EECE-473C-B92E-8904B82A4338}" = protocol=1 | dir=in | [email protected],-28543 |
    "{202E6786-7597-4BA6-BC58-DABE757826BC}" = dir=in | app=c:\program files\squeezebox\server\squeezesvr.exe |
    "{28A4CB82-4D4B-4858-B56A-A8206595AEC3}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
    "{29793D22-71DF-4C3F-9EC7-F35C8568F67E}" = protocol=58 | dir=out | [email protected],-28546 |
    "{313ADD9B-D06B-40A1-933F-C011443F9993}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{4B0A1594-60D3-4703-BE45-701E9CFDB8CA}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdntime.exe |
    "{54272D3D-FAF6-41E0-9617-8FE10BD41977}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
    "{5477B784-C183-4268-9F43-0156F1F93B37}" = protocol=6 | dir=in | app=c:\windows\system32\lxdncoms.exe |
    "{5AE6722C-16CA-4A4B-A6CB-501ED9C78B8D}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdntime.exe |
    "{5BAF2052-F7AC-411F-BE8F-FD3A597199EE}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
    "{613C7556-A35E-4393-9DA8-0705925AB1DD}" = protocol=6 | dir=in | app=c:\program files\lexmark 2600 series\lxdnmon.exe |
    "{67B1250D-A0FC-4784-9041-3B4EA759E419}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{71F838BF-0410-41F7-9D59-DE90F0EDA8AA}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdnpswx.exe |
    "{81BDE524-D452-4321-BDC9-1D68ACB1ED4D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{8456FA67-F0E2-413C-901F-7B12F4937DD4}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
    "{9308F8F0-5A57-4BB5-9B05-8522100D4CBA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{9E11F1F2-ED88-4987-9146-205B80C2E9E5}" = protocol=58 | dir=in | [email protected],-28545 |
    "{A38C6CA4-EB46-4375-A65C-C897BE94ADD0}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
    "{A3F77563-798B-454D-8CF4-3B795B1A08AC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{A8C60DB0-F9D4-4758-BD33-331DAE4FB34A}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdnjswx.exe |
    "{ADD53535-4A5A-452E-939A-37023561C2F4}" = protocol=17 | dir=in | app=c:\program files\lexmark 2600 series\lxdnmon.exe |
    "{B0406A7F-3A1A-4FFE-99BC-7B8AE62E89FE}" = protocol=1 | dir=out | [email protected],-28544 |
    "{CDE27DD7-DDDE-4E6F-8898-3FA92F6DAAE5}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdnpswx.exe |
    "{D98F9B89-E485-423F-A28B-5A6C1DD309C9}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdnjswx.exe |
    "{DBB29245-7175-4953-BA5C-436CF62E864C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{E10FA83B-1551-459D-B75E-56CEB5A0F179}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "TCP Query User{1EDF7C47-5781-43B2-917E-965A15AE6AEE}C:\program files\lexmark 2600 series\lxdnmon.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 2600 series\lxdnmon.exe |
    "TCP Query User{764D11C9-9507-4A9E-B801-FEE8888FCCBD}C:\program files\smartparts\smartparts desktop\optipix.exe" = protocol=6 | dir=in | app=c:\program files\smartparts\smartparts desktop\optipix.exe |
    "UDP Query User{18C98817-54C2-4320-A407-B038FD738E9D}C:\program files\lexmark 2600 series\lxdnmon.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 2600 series\lxdnmon.exe |
    "UDP Query User{4E5ACFC3-A320-43E4-A5BB-0CD9C6D0BD2C}C:\program files\smartparts\smartparts desktop\optipix.exe" = protocol=17 | dir=in | app=c:\program files\smartparts\smartparts desktop\optipix.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
    "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
    "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
    "{294EAADF-E50F-4DD8-AD8D-19587EA10512}" = Modem Diagnostic Tool
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
    "{3AF8FCCD-F51A-4014-9002-F195E1CBC876}" = Logitech QuickCam
    "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
    "{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
    "{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
    "{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online
    "{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module
    "{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
    "{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
    "{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{98BAC573-DBE2-49de-9A23-597CFD95E474}" = PictureMover
    "{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
    "{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
    "{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
    "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
    "{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
    "{AFB1DFA5-FB56-4C9F-97A0-1607BC14BC0C}" = Smartparts Desktop
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
    "{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
    "{BBB33AD6-BCF7-4002-B6A0-6DC679AE5C18}" = TaxCut Premium + State + Efile 2008
    "{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
    "{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module
    "{C39A4E1F-9AF1-4FE1-A80E-A5B867FABB42}" = Dell Best of Web
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype&#8482; 4.1
    "{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
    "{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
    "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
    "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
    "{E6A64398-84A0-4499-B44B-2DBD3D1E9E7E}" = TaxCut Georgia 2008
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
    "{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Advanced Audio FX Engine" = Advanced Audio FX Engine
    "Advanced Video FX Engine" = Advanced Video FX Engine
    "Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
    "Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
    "Dell Webcam Center" = Dell Webcam Center
    "Dell Webcam Manager" = Dell Webcam Manager
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "GenoPro" = GenoPro 2.0.1.6
    "Google Desktop" = Google Desktop
    "GoToAssist" = GoToAssist 8.0.0.514
    "HijackThis" = HijackThis 2.0.2
    "Lexmark 2600 Series" = Lexmark 2600 Series
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox (3.0.18)" = Mozilla Firefox (3.0.18)
    "Picasa 3" = Picasa 3
    "Squeezebox Server_is1" = Squeezebox Server 7.4.1

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 3/24/2010 10:06:12 PM | Computer Name = K2-PC | Source = LoadPerf | ID = 3012
    Description =

    Error - 3/24/2010 10:06:12 PM | Computer Name = K2-PC | Source = LoadPerf | ID = 3011
    Description =

    Error - 3/24/2010 10:56:57 PM | Computer Name = K2-PC | Source = LoadPerf | ID = 3012
    Description =

    Error - 3/24/2010 10:56:57 PM | Computer Name = K2-PC | Source = LoadPerf | ID = 3011
    Description =

    Error - 3/24/2010 11:24:01 PM | Computer Name = K2-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 3/24/2010 11:30:02 PM | Computer Name = K2-PC | Source = LoadPerf | ID = 3012
    Description =

    Error - 3/24/2010 11:30:02 PM | Computer Name = K2-PC | Source = LoadPerf | ID = 3011
    Description =

    Error - 3/25/2010 12:01:42 AM | Computer Name = K2-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 3/25/2010 12:07:10 AM | Computer Name = K2-PC | Source = LoadPerf | ID = 3012
    Description =

    Error - 3/25/2010 12:07:10 AM | Computer Name = K2-PC | Source = LoadPerf | ID = 3011
    Description =

    [ Broadcom Wireless LAN Events ]
    Error - 3/21/2010 2:01:02 PM | Computer Name = K2-PC | Source = WLAN-Tray | ID = 0
    Description = 13:01:02, Sun, Mar 21, 10 Error - Unable to gain access to user store


    Error - 3/21/2010 10:18:38 PM | Computer Name = K2-PC | Source = WLAN-Tray | ID = 0
    Description = 21:18:37, Sun, Mar 21, 10 Error - Unable to gain access to user store


    Error - 3/21/2010 11:10:11 PM | Computer Name = K2-PC | Source = WLAN-Tray | ID = 0
    Description = 22:10:10, Sun, Mar 21, 10 Error - Unable to gain access to user store


    Error - 3/22/2010 6:42:02 PM | Computer Name = K2-PC | Source = WLAN-Tray | ID = 0
    Description = 17:42:01, Mon, Mar 22, 10 Error - Unable to gain access to user store


    Error - 3/22/2010 8:44:44 PM | Computer Name = K2-PC | Source = WLAN-Tray | ID = 0
    Description = 19:44:44, Mon, Mar 22, 10 Error - Unable to gain access to user store


    Error - 3/24/2010 2:51:52 PM | Computer Name = K2-PC | Source = WLAN-Tray | ID = 0
    Description = 13:51:51, Wed, Mar 24, 10 Error - Unable to gain access to user store


    Error - 3/24/2010 3:53:10 PM | Computer Name = K2-PC | Source = WLAN-Tray | ID = 0
    Description = 14:53:10, Wed, Mar 24, 10 Error - Unable to gain access to user store


    Error - 3/24/2010 8:59:06 PM | Computer Name = K2-PC | Source = WLAN-Tray | ID = 0
    Description = 19:59:06, Wed, Mar 24, 10 Error - Unable to gain access to user store


    Error - 3/24/2010 10:00:24 PM | Computer Name = K2-PC | Source = WLAN-Tray | ID = 0
    Description = 21:00:24, Wed, Mar 24, 10 Error - Unable to gain access to user store


    Error - 3/24/2010 11:24:15 PM | Computer Name = K2-PC | Source = WLAN-Tray | ID = 0
    Description = 22:24:14, Wed, Mar 24, 10 Error - Unable to gain access to user store


    [ Media Center Events ]
    Error - 2/13/2009 9:27:39 PM | Computer Name = K2-PC | Source = MCUpdate | ID = 0
    Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
    due to an abandoned mutex.'.

    Error - 4/17/2009 3:30:25 PM | Computer Name = K2-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 5/18/2009 11:50:14 PM | Computer Name = K2-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 5/23/2009 4:14:51 PM | Computer Name = K2-PC | Source = MCUpdate | ID = 0
    Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
    due to an abandoned mutex.'.

    Error - 6/4/2009 12:20:39 AM | Computer Name = K2-PC | Source = MCUpdate | ID = 0
    Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
    due to an abandoned mutex.'.

    Error - 6/9/2009 9:59:24 PM | Computer Name = K2-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 7/25/2009 1:52:09 PM | Computer Name = K2-PC | Source = MCUpdate | ID = 0
    Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
    due to an abandoned mutex.'.

    Error - 8/22/2009 10:10:50 AM | Computer Name = K2-PC | Source = MCUpdate | ID = 0
    Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
    due to an abandoned mutex.'.

    [ System Events ]
    Error - 1/11/2009 11:02:43 AM | Computer Name = K2-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 1/11/2009 11:02:43 AM | Computer Name = K2-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 1/11/2009 11:02:43 AM | Computer Name = K2-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 1/12/2009 5:00:14 AM | Computer Name = K2-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 1/12/2009 5:00:14 AM | Computer Name = K2-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 1/12/2009 5:00:14 AM | Computer Name = K2-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 1/12/2009 5:00:15 AM | Computer Name = K2-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 1/12/2009 5:00:16 AM | Computer Name = K2-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 1/12/2009 5:00:17 AM | Computer Name = K2-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 1/12/2009 5:00:18 AM | Computer Name = K2-PC | Source = Service Control Manager | ID = 7000
    Description =


    < End of report >
     
  6. kylejatl

    kylejatl Thread Starter

    Joined:
    May 15, 2004
    Messages:
    57
    Here's the exehelperlog - thank you so much ... computer is already running better - you guys are lifesavers!

    exeHelper by Raktor
    Build 20100329
    Run at 20:03:27 on 03/30/10
    Now searching...
    Checking for numerical processes...
    Checking for sysguard processes...
    Checking for bad processes...
    Checking for bad files...
    Checking for bad registry entries...
    Resetting filetype association for .exe
    Resetting filetype association for .com
    Resetting userinit and shell values...
    Resetting policies...
    --Finished--
     
  7. piano9playa5

    piano9playa5

    Joined:
    Jul 13, 2008
    Messages:
    132
    Hello.
    Are you experiencing any problems? Slowness, pop-ups, etc.



    Step &#8470; One

    Run OTL (Double click to run)

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

      Code:
      :OTL
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyEnable" = 1
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyOverride" = <local>
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyServer" = http=127.0.0.1:5555
       [2010/03/27 23:12:12 | 000,000,000 | ---D | C] --  C:\Users\K2\AppData\Local\odlabb
      [2009/02/22 16:56:20 | 000,000,048 | -H-- | C] () --  C:\ProgramData\ezsidmv.dat
      
      :Commands
      [purity]
      [emptytemp]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, and accept to reboot when it's finished.
    • During start-up, a log will open. Paste the contents of it back here
    • Open OTL again.
      • Click the Quick Scan button.
      • Post the log it produces in your next reply.



    Step &#8470; Two
    Please download Malwarebytes' Anti-Malware from Here or Here

    • Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.

    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.




    Logs&Info
    Remember to post back the following logs:
    1. MalwareBytes' Anti-Malware Log
    2. OTL.txt
    3. OTL Fix Results
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/913668

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice