Page 1 of 3 123 LastLast
Results 1 to 10 of 21

Thread: PC Shield Virus

  1. #1
    Junior Member
    Join Date
    Sep 2010
    Posts
    11

    Exclamation PC Shield Virus

    My computer has contracted the pc shield virus. I currently can't use the internet as it won't allow me to bring up the spybot web site. It does automatically bring up the www.viagra.com site Anyway, I can't download the ERUNT program to back up the registry. I also can't download the DDS. I've unsure what to do so I'm asking for help. Not sure what the next move is.

    Need Help!!
    Last edited by tashi; 2010-09-01 at 22:28. Reason: Disabled link

  2. #2
    Senior Member
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi Steveo4571, welcome to the forum.

    To make cleaning this machine easier
    • Please do not uninstall/install any programs unless asked to
      It is more difficult when files/programs are appearing in/disappearing from the logs.
    • Please do not run any scans other than those requested
    • Please follow all instructions in the order posted
    • All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
    • Do not attach any logs/reports, etc.. unless specifically requested to do so.
    • If you have problems with or do not understand the instructions, Please ask before continuing.
    • Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.


    Since you are able to post, I'm guessing you have access to another computer.

    Do you have a usb storage device such as a flashdrive we can use to transfer some tools to the infected computer?

    A blank CD will also work.

    If using a USB device please follow these instructions to protect it from infection. No need to do this if you are using a CD.

    On the Clean computer

    Download Flash_Disinfector.exe by sUBs and save it to your desktop.
    • attach the USB storage device to the computer.
    • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
    • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
    • Wait until it has finished scanning and then exit the program.

    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.


    Now for the tools.

    Go HERE to get a randomly named copy of GMER. Scroll down to the Download section and click Download EXE. Save it to your desktop.

    Next

    Download OTL to your desktop.

    Next

    Open a new Notepad session
    • Click the Start button, click run
    • in the run box type notepad
    • click ok
    • In the notepad, Click "Format" and be certain that Word Wrap is not checked.
    • Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE


    Code:
    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    In the notepad
    • Click File, Save as..., and set the Save in to your Desktop
    • In the filename box, type (including quotation marks) as the filename: "custom.txt"
    • Click save


    Transfer the 3 files to the USB storage device or CD.


    On the infected computer

    • Attach the USB storage device or insert the CD.
    • Tranfer the files you saved directly to the infected computer's Desktop



    Running GMER

    Before scanning with GMER, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

    • Double click on the file you downloaded. If asked to allow gmer.sys driver to load, please consent .
    • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.


      Click the image to enlarge it
    • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
      • IAT/EAT
      • Drives/Partition other than Systemdrive (typically C:\)
      • Show All (don't miss this one)
    • Then click the Scan button & wait for it to finish.
    • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
    • Save it where you can easily find it, such as your desktop, and post it in your next reply.

    **Caution**
    Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


    If GMER will not run in normal windows, please run it in Saffe Mode


    Next, running OTL
    • Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output
    • Check the boxes beside LOP Check and Purity Check.
    • In the window under Custom Scans/Fixes copy and paste the text from the custom.txt you saved earlier.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

    Transfer the GMER.txt, OTL,txt and Extra.txt to the usb device or CD. Please post them in your next reply .

    Thanks

  3. #3
    Senior Member
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi,

    Do you still need help with this?

    Thanks

  4. #4
    Junior Member
    Join Date
    Sep 2010
    Posts
    11

    Default Sorry was out of town

    I was out of town for three days and just saw your post. Sorry for the delay but I should be able to follow the instructions from your initial thread today. Thanks for getting back to me.

  5. #5
    Senior Member
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi,

    Member of UNITE and ASAP

  6. #6
    Junior Member
    Join Date
    Sep 2010
    Posts
    11

    Default Having Trouble with GMER

    OK, I copied the files from the earlier post to a CD and put them on the desktop of the infected computer. When I clicked on GMER the options on the right hand side of the page were gray'ed out and not selected? I tried it in both regular mode and safe mode with no luck.

  7. #7
    Senior Member
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi Steveo4571,

    You may have gotten a corrupt download. Did you antivirus progam give a warning when you downloaded GMER? It may also been corrupted when you transfered it to the CD.

    If you still have GMER on the clean computer you downloaded it to, you may want to try running it on that computer. Don't do the scan just open the program and see if it will do the first brief little scan or if the boxes are grayed out. If they are you will need to get a new copy.

    While you are trying that please run the OTL scan. We may be able to see enough to get the infected computer back online. It's much easier to deal directly with the infected computer.

    Thanks
    Member of UNITE and ASAP

  8. #8
    Junior Member
    Join Date
    Sep 2010
    Posts
    11

    Default Otl

    I checked the GMER on the disk and the computer I downloaded it to and it looked fine. When I tried it again on my infected machine it still grayed out the options at the right hand side of the page. Bummer.

    I was able to run the OTL program and here is the output from the scans.

    OTL
    OTL logfile created on: 9/8/2010 3:50:40 PM - Run 1
    OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Steve\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18943)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 38.00% Memory free
    4.00 Gb Paging File | 2.00 Gb Available in Paging File | 52.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 450.71 Gb Total Space | 258.08 Gb Free Space | 57.26% Space Free | Partition Type: NTFS
    Drive D: | 15.00 Gb Total Space | 4.60 Gb Free Space | 30.64% Space Free | Partition Type: NTFS
    Drive E: | 0.91 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: MELDRUM-STUDIO
    Current User Name: Steve
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Include 64bit Scans
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Steve\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files (x86)\SOS\SOSNF\sosnflsv.exe (Solid Oak Software)
    PRC - C:\Program Files (x86)\SOS\SOSNF\sosnfusv.exe (Solid Oak Software)
    PRC - C:\Program Files (x86)\SOS\SOSNF\sosnffsv.exe (Solid Oak Software)
    PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    PRC - C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
    PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
    PRC - C:\Program Files (x86)\SelectRebates\SelectRebates.exe ()
    PRC - C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe ()
    PRC - C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe ()
    PRC - c:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    PRC - C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
    PRC - c:\Program Files (x86)\McAfee\MSC\mcupdmgr.exe (McAfee, Inc.)
    PRC - C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
    PRC - c:\Program Files (x86)\McAfee\MSC\mcupdui.exe (McAfee, Inc.)
    PRC - C:\Program Files (x86)\McAfee\MSK\msksrver.exe (McAfee, Inc.)
    PRC - C:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
    PRC - C:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
    PRC - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
    PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
    PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe ()
    PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks)
    PRC - C:\Program Files (x86)\Dell Remote Access\ezi_ra.exe (Dell Inc.)
    PRC - c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe (Dell Inc.)
    PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)


    ========== Modules (SafeList) ==========

    MOD - C:\Users\Steve\Desktop\OTL.exe (OldTimer Tools)
    MOD - C:\WINDOWS\SysWOW64\wpdshext.dll (Microsoft Corporation)
    MOD - C:\WINDOWS\SysWOW64\msi.dll (Microsoft Corporation)
    MOD - C:\WINDOWS\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\GdiPlus.dll (Microsoft Corporation)
    MOD - C:\WINDOWS\SysWOW64\msscript.ocx (Microsoft Corporation)
    MOD - C:\WINDOWS\SysWOW64\sfc_os.dll (Microsoft Corporation)
    MOD - C:\WINDOWS\SysWOW64\sfc.dll (Microsoft Corporation)
    MOD - C:\WINDOWS\SysWOW64\msiltcfg.dll (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - (lxea_device) -- C:\Windows\SysNative\lxeacoms.exe ( )
    SRV:64bit: - (lxeaCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxeaserv.exe ()
    SRV:64bit: - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
    SRV:64bit: - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
    SRV:64bit: - (AERTFilters) -- C:\Windows\SysNative\AERTSr64.exe (Andrea Electronics Corporation)
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (SOSNFLSV) -- C:\Program Files (x86)\SOS\SOSNF\sosnflsv.exe (Solid Oak Software)
    SRV - (sosnfusv) -- C:\Program Files (x86)\SOS\SOSNF\sosnfusv.exe (Solid Oak Software)
    SRV - (SOSNFFSV) -- C:\Program Files (x86)\SOS\SOSNF\sosnffsv.exe (Solid Oak Software)
    SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    SRV - (mcmscsvc) -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
    SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
    SRV - (GameConsoleService) -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.)
    SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
    SRV - (clr_optimization_v4.0.30319_64) -- C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (lxea_device) -- C:\Windows\SysWow64\lxeacoms.exe ( )
    SRV - (MpfService) -- C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
    SRV - (McSysmon) -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
    SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
    SRV - (MSK80Service) -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
    SRV - (McProxy) -- C:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
    SRV - (McNASvc) -- C:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
    SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
    SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks)
    SRV - (hnmsvc) -- c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe (Dell Inc.)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
    DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
    DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
    DRV:64bit: - (MPFP) -- C:\Windows\SysNative\Drivers\Mpfp.sys (McAfee, Inc.)
    DRV:64bit: - (sosnf64) -- C:\Windows\SysNative\drivers\sosnf64.sys (NetFilterSDK.com)
    DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
    DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.)
    DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.)
    DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
    DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
    DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
    DRV:64bit: - (mfesmfk) -- C:\Windows\SysNative\drivers\mfesmfk.sys (McAfee, Inc.)
    DRV:64bit: - (mferkdk) -- C:\Windows\SysNative\drivers\mferkdk.sys (McAfee, Inc.)
    DRV:64bit: - (mfebopk) -- C:\Windows\SysNative\drivers\mfebopk.sys (McAfee, Inc.)
    DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek )
    DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
    DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys (Microsoft Corporation)
    DRV:64bit: - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\SysNative\DRIVERS\LV302V64.SYS (Logitech Inc.)
    DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
    DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys (Intel Corporation)
    DRV:64bit: - (RtNdPt60) -- C:\Windows\SysNative\DRIVERS\RtNdPt60.sys (Windows (R) Codename Longhorn DDK provider)
    DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys (Intel Corporation)
    DRV:64bit: - (Packet) -- C:\Windows\SysNative\DRIVERS\packet.sys (SingleClick Systems)
    DRV:64bit: - (e1express) Intel(R) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation)
    DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
    DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
    DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
    DRV - (Packet) -- C:\WINDOWS\SysWOW64\drivers\packet.sys (SingleClick Systems)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ww2.cox.com/myconnection/arizona/home.cox
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>



    O1 HOSTS File: ([2006/09/18 14:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho64.dll ()
    O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll (Google Inc.)
    O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
    O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho.dll ()
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
    O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
    O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O2 - BHO: (ShopAtHomeIEHelper Class) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
    O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (ShopAtHome Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome)
    O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome)
    O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe ()
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [lxeamon.exe] C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe ()
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [Skytel] File not found
    O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [WPCUMI] C:\Windows\SysNative\WpcUmi.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
    O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
    O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [SelectRebates] C:\Program Files (x86)\SelectRebates\SelectRebates.exe ()
    O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/...Uploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activ...eX_Control.cab (Photo Upload Plugin Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/...nAxControl.CAB (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
    O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
    O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img11.jpg
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img11.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/04/30 14:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
    O33 - MountPoints2\{1a83b1fd-98ce-11de-a9b2-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{1a83b1fd-98ce-11de-a9b2-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.EXE -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)
    Drivers32:64bit: aux1 - wdmaud.drv (Microsoft Corporation)
    Drivers32:64bit: aux2 - wdmaud.drv (Microsoft Corporation)
    Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
    Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation)
    Drivers32:64bit: midi2 - wdmaud.drv (Microsoft Corporation)
    Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
    Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
    Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation)
    Drivers32:64bit: mixer2 - wdmaud.drv (Microsoft Corporation)
    Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
    Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
    Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
    Drivers32:64bit: MSVideo - vfwwdm32.dll (Microsoft Corporation)
    Drivers32:64bit: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
    Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
    Drivers32:64bit: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
    Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
    Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
    Drivers32:64bit: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
    Drivers32:64bit: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
    Drivers32:64bit: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
    Drivers32:64bit: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
    Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
    Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation)
    Drivers32:64bit: wave2 - wdmaud.drv (Microsoft Corporation)
    Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
    Drivers32: aux - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
    Drivers32: aux1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
    Drivers32: aux2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
    Drivers32: midi - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
    Drivers32: midi1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
    Drivers32: midi2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
    Drivers32: midimapper - C:\Windows\SysWow64\midimap.dll (Microsoft Corporation)
    Drivers32: mixer - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
    Drivers32: mixer1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
    Drivers32: mixer2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
    Drivers32: msacm.imaadpcm - C:\Windows\SysWow64\imaadp32.acm (Microsoft Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.msadpcm - C:\Windows\SysWow64\msadp32.acm (Microsoft Corporation)
    Drivers32: msacm.msg711 - C:\Windows\SysWow64\msg711.acm (Microsoft Corporation)
    Drivers32: msacm.msgsm610 - C:\Windows\SysWow64\msgsm32.acm (Microsoft Corporation)
    Drivers32: msacm.siren - C:\Windows\SysWow64\sirenacm.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)
    Drivers32: vidc.iyuv - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
    Drivers32: vidc.mrle - C:\Windows\SysWow64\msrle32.dll (Microsoft Corporation)
    Drivers32: vidc.msvc - C:\Windows\SysWow64\msvidc32.dll (Microsoft Corporation)
    Drivers32: vidc.uyvy - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
    Drivers32: vidc.yuy2 - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
    Drivers32: vidc.yvu9 - C:\Windows\SysWow64\tsbyuv.dll (Microsoft Corporation)
    Drivers32: vidc.yvyu - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
    Drivers32: wave - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
    Drivers32: wave1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
    Drivers32: wave2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
    Drivers32: wavemapper - C:\Windows\SysWow64\msacm32.drv (Microsoft Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/09/07 16:42:03 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
    [2010/09/01 10:13:24 | 000,242,176 | ---- | C] (Security Suites Corporation) -- C:\Users\Steve\AppData\Local\syssvc.exe
    [2010/08/29 08:09:03 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\sryipycgi
    [2010/08/13 04:51:43 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010/08/13 04:51:33 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2010/08/12 13:27:05 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
    [2010/08/12 13:27:05 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
    [2010/08/12 13:26:40 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
    [2010/08/12 13:26:37 | 004,697,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
    [2010/08/12 13:26:24 | 002,335,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
    [2010/08/12 13:26:22 | 000,706,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2010/08/12 13:26:22 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
    [2010/08/12 13:26:22 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
    [2010/08/12 13:26:21 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2010/08/12 13:26:21 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2010/08/12 13:26:21 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
    [2010/08/12 13:26:21 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2010/08/12 13:26:21 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
    [2010/08/12 13:26:21 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2010/08/12 13:26:21 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
    [2010/08/12 13:26:21 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
    [2010/08/12 13:26:20 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
    [2010/08/12 13:26:20 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
    [2010/08/12 13:26:20 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2010/08/12 13:26:20 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2010/08/12 13:26:20 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
    [2010/08/12 13:26:20 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
    [2010/08/12 13:26:20 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
    [2010/08/12 13:26:20 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
    [2010/08/12 13:26:20 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
    [2010/08/12 13:26:20 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
    [2010/08/12 13:26:20 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
    [2010/01/19 18:26:58 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\Steve\AppData\Roaming\DataSafeDotNet.exe
    [2009/12/06 16:04:11 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeapmui.dll
    [2009/12/06 16:04:11 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeainpa.dll
    [2009/12/06 16:04:11 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaiesc.dll
    [2009/12/06 16:04:10 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaserv.dll
    [2009/12/06 16:04:10 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeausb1.dll
    [2009/12/06 16:04:10 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacomc.dll
    [2009/12/06 16:04:10 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeahbn3.dll
    [2009/12/06 16:04:10 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxealmpm.dll
    [2009/12/06 16:04:10 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacomm.dll
    [54 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [54 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/09/08 15:53:00 | 000,000,442 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2E5CE89E-2BF1-40A8-926B-4F496328B539}.job
    [2010/09/08 15:53:00 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0B32DC5F-32A3-40BC-B76A-3728F5A1E558}.job
    [2010/09/08 15:50:18 | 002,097,152 | -HS- | M] () -- C:\Users\Steve\ntuser.dat
    [2010/09/08 15:48:11 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/09/08 15:48:11 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/09/08 15:48:04 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2010/09/08 15:36:59 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2010/09/08 15:36:37 | 000,018,179 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
    [2010/09/08 15:36:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/09/07 16:47:10 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\RtlNICDiagVistaStart.job
    [2010/09/07 16:46:38 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2010/09/07 16:46:35 | 2110,971,904 | -HS- | M] () -- C:\hiberfil.sys
    [2010/09/07 16:45:10 | 000,524,288 | -HS- | M] () -- C:\Users\Steve\ntuser.dat{0cb78998-bad9-11df-b872-c57b523032ea}.TMContainer00000000000000000002.regtrans-ms
    [2010/09/07 16:45:10 | 000,524,288 | -HS- | M] () -- C:\Users\Steve\ntuser.dat{0cb78998-bad9-11df-b872-c57b523032ea}.TMContainer00000000000000000001.regtrans-ms
    [2010/09/07 16:45:10 | 000,065,536 | -HS- | M] () -- C:\Users\Steve\ntuser.dat{0cb78998-bad9-11df-b872-c57b523032ea}.TM.blf
    [2010/09/07 07:12:26 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
    [2010/09/07 07:11:28 | 000,293,376 | ---- | M] () -- C:\Users\Steve\Desktop\3uo48hx0.exe
    [2010/09/01 10:13:26 | 000,242,176 | ---- | M] (Security Suites Corporation) -- C:\Users\Steve\AppData\Local\syssvc.exe
    [2010/08/29 20:50:25 | 000,524,288 | -HS- | M] () -- C:\Users\Steve\ntuser.dat{078f975f-a676-11de-8dcf-0021705e1149}.TMContainer00000000000000000001.regtrans-ms
    [2010/08/29 20:50:25 | 000,065,536 | -HS- | M] () -- C:\Users\Steve\ntuser.dat{078f975f-a676-11de-8dcf-0021705e1149}.TM.blf
    [2010/08/29 15:09:55 | 000,023,552 | ---- | M] () -- C:\Users\Steve\Desktop\U-14 Girls Fall 2010.xls
    [2010/08/29 08:08:41 | 000,096,256 | ---- | M] () -- C:\Users\Steve\Desktop\0.005620001379621042.exe
    [2010/08/25 16:12:33 | 000,024,064 | ---- | M] () -- C:\Users\Steve\Desktop\U-14 Boys Fall 2010.xls
    [2010/08/23 07:30:11 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2010/08/23 07:30:11 | 000,604,264 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2010/08/23 07:30:11 | 000,103,964 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2010/08/21 15:58:02 | 000,192,000 | ---- | M] () -- C:\Users\Steve\Desktop\fall league matt.ppt
    [2010/08/13 05:04:27 | 000,302,304 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2010/08/13 04:57:16 | 000,001,866 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
    [2010/08/13 04:57:16 | 000,001,866 | ---- | M] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
    [2010/08/13 04:53:25 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [54 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [54 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/09/07 16:46:35 | 2110,971,904 | -HS- | C] () -- C:\hiberfil.sys
    [2010/09/07 16:41:56 | 000,293,376 | ---- | C] () -- C:\Users\Steve\Desktop\3uo48hx0.exe
    [2010/09/07 16:40:47 | 000,524,288 | -HS- | C] () -- C:\Users\Steve\ntuser.dat{0cb78998-bad9-11df-b872-c57b523032ea}.TMContainer00000000000000000002.regtrans-ms
    [2010/09/07 16:40:47 | 000,524,288 | -HS- | C] () -- C:\Users\Steve\ntuser.dat{0cb78998-bad9-11df-b872-c57b523032ea}.TMContainer00000000000000000001.regtrans-ms
    [2010/09/07 16:40:47 | 000,065,536 | -HS- | C] () -- C:\Users\Steve\ntuser.dat{0cb78998-bad9-11df-b872-c57b523032ea}.TM.blf
    [2010/08/29 08:08:40 | 000,096,256 | ---- | C] () -- C:\Users\Steve\Desktop\0.005620001379621042.exe
    [2010/08/23 16:09:30 | 000,024,064 | ---- | C] () -- C:\Users\Steve\Desktop\U-14 Boys Fall 2010.xls
    [2010/08/23 16:08:59 | 000,023,552 | ---- | C] () -- C:\Users\Steve\Desktop\U-14 Girls Fall 2010.xls
    [2010/08/21 15:58:01 | 000,192,000 | ---- | C] () -- C:\Users\Steve\Desktop\fall league matt.ppt
    [2010/08/13 04:53:25 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2010/01/20 17:01:41 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
    [2009/12/11 18:36:59 | 000,000,680 | ---- | C] () -- C:\Users\Steve\AppData\Local\d3d9caps.dat
    [2009/12/06 17:02:20 | 000,087,148 | ---- | C] () -- C:\ProgramData\lxeaJSW.log
    [2009/12/06 17:02:04 | 000,000,252 | ---- | C] () -- C:\ProgramData\FastPics.log
    [2009/12/06 16:56:50 | 000,173,995 | ---- | C] () -- C:\ProgramData\lxea.log
    [2009/12/06 16:09:00 | 000,726,633 | ---- | C] () -- C:\ProgramData\lxeascan.log
    [2009/12/06 16:04:12 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\LXEAinst.dll
    [2009/12/06 16:04:11 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxeacomx.dll
    [2009/12/06 16:04:11 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxeainsb.dll
    [2009/12/06 16:04:11 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\lxeainsr.dll
    [2009/12/06 16:04:11 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxeajswr.dll
    [2009/12/06 16:04:11 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxeacur.dll
    [2009/12/06 16:04:10 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxeains.dll
    [2009/12/06 16:04:10 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxeacu.dll
    [2009/12/06 16:04:10 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxeacub.dll
    [2009/12/06 16:00:51 | 000,000,000 | ---- | C] () -- C:\ProgramData\LxWbGwLog.log
    [2009/12/06 16:00:51 | 000,000,000 | ---- | C] () -- C:\ProgramData\cmn_upld.log
    [2009/12/06 16:00:41 | 000,000,000 | ---- | C] () -- C:\ProgramData\UpdaterLog.txt
    [2009/12/06 16:00:35 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEAsm.dll
    [2009/12/06 16:00:35 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\LXEAsmr.dll
    [2009/12/03 07:21:42 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
    [2009/12/03 07:19:20 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/09/20 22:39:27 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2009/09/20 18:26:51 | 000,015,360 | ---- | C] () -- C:\Users\Steve\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/01/20 19:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

    ========== LOP Check ==========

    [2010/05/31 08:50:50 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\GARMIN
    [2009/09/26 22:58:15 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\WildTangent
    [2010/09/07 16:47:10 | 000,000,288 | ---- | M] () -- C:\WINDOWS\Tasks\RtlNICDiagVistaStart.job
    [2010/08/29 20:50:34 | 000,032,580 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT
    [2010/09/08 15:58:00 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{0B32DC5F-32A3-40BC-B76A-3728F5A1E558}.job
    [2010/09/08 15:58:00 | 000,000,442 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{2E5CE89E-2BF1-40A8-926B-4F496328B539}.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/04/10 23:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2009/09/03 22:06:52 | 000,005,498 | RH-- | M] () -- C:\dell.sdr
    [2010/09/07 16:46:35 | 2110,971,904 | -HS- | M] () -- C:\hiberfil.sys
    [2010/09/07 16:46:33 | 2424,713,216 | -HS- | M] () -- C:\pagefile.sys

    < %systemroot%\system32\*.wt >

    < %systemroot%\system32\*.ruy >

    < %systemroot%\Fonts\*.com >
    [2006/11/02 08:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 08:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 08:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/12/11 21:39:25 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 14:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

    < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\System32\config\*.sav >

    < %systemroot%\system32\user32.dll /md5 >
    [2009/04/10 23:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\WINDOWS\SysWOW64\user32.dll

    < %systemroot%\system32\ws2_32.dll /md5 >
    [2008/01/20 19:50:35 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\WINDOWS\SysWOW64\ws2_32.dll

    < %systemroot%\system32\ws2help.dll /md5 >
    [2006/11/02 02:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\WINDOWS\SysWOW64\ws2help.dll

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:5D432CE3
    < End of report >

  9. #9
    Junior Member
    Join Date
    Sep 2010
    Posts
    11

    Default Extras.txt

    EXTRAS.TXT

    OTL Extras logfile created on: 9/8/2010 3:50:40 PM - Run 1
    OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Steve\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18943)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 38.00% Memory free
    4.00 Gb Paging File | 2.00 Gb Available in Paging File | 52.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 450.71 Gb Total Space | 258.08 Gb Free Space | 57.26% Space Free | Partition Type: NTFS
    Drive D: | 15.00 Gb Total Space | 4.60 Gb Free Space | 30.64% Space Free | Partition Type: NTFS
    Drive E: | 0.91 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: MELDRUM-STUDIO
    Current User Name: Steve
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Include 64bit Scans
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
    "VistaSp2" = 52 D6 B7 AC 3B 7B CA 01 [binary data]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "oobe_av" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{10E1313C-9A5A-46A2-9C91-2FFD212BB991}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{14BD780B-A6D9-4D4E-AC72-7C6A8782AC83}" = lport=137 | protocol=17 | dir=in | app=system |
    "{57BF5756-4470-4EC3-8961-AF3DD3EA11C2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{5FBF84DF-48B1-45F8-902B-6978E7472476}" = lport=138 | protocol=17 | dir=in | app=system |
    "{67541881-6916-4F8D-8772-949B09A08110}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{7C2EC6D6-720E-4058-8E3E-0C465FCC8445}" = rport=445 | protocol=6 | dir=out | app=system |
    "{8C776FF4-76DE-45A5-AB0A-277780038AD5}" = lport=445 | protocol=6 | dir=in | app=system |
    "{95EBA9E1-C47A-4FB4-A607-601069EA02B9}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{A9CF666F-8CCA-43D4-A7C9-33652F0C5D7C}" = lport=139 | protocol=6 | dir=in | app=system |
    "{CD7D16AA-932A-4D57-A7B8-0D39C7E1687B}" = rport=137 | protocol=17 | dir=out | app=system |
    "{EA196AB1-51D9-4239-83F5-1D463F12E8E9}" = rport=138 | protocol=17 | dir=out | app=system |
    "{FE147F4E-7302-45B7-9C51-BCB6EE7A8540}" = rport=139 | protocol=6 | dir=out | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{05E506D7-84B3-4587-94F2-BAEC7B15F4CC}" = protocol=6 | dir=in | app=c:\windows\system32\lxeacoms.exe |
    "{1368F49D-ED4A-415E-8610-B9217813C0F4}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{1379F1F7-6A18-4BAC-9F28-B9255976CF91}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
    "{1B92086C-DAB4-43A6-8AC2-599A10456D13}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{1BAC7A3B-743C-4291-A4F6-F955972F10F7}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\advanced networking service\hnm_svc.exe |
    "{1BF76E0C-49C3-4E13-B8C2-AE393A1455E3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{1CCD0D59-817F-4B0F-AB9A-FC5B4776B906}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
    "{1E139BB6-9026-4A50-9D9A-464094D60316}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{1F6C1844-A2A3-4435-A134-B28BDF6EC807}" = protocol=6 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |
    "{1FBEBEB6-5669-4E47-B2A5-5B8E4830202C}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\vlc\vlc.exe |
    "{204EC86A-DFB6-4915-8667-94A6DC6B3F4A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{22092DA7-DDA3-4A4D-9113-B9BEC2339321}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{36E3CEB0-A8D6-4D50-B9C2-9C3238B43921}" = dir=in | app=c:\windows\system32\lxeacoms.exe |
    "{456CB9E5-BCF6-4F54-B9FF-66D27B225361}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\vlc\vlc.exe |
    "{478FD92F-CE4A-4249-994C-25D4D450AA37}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{4F021DAE-7600-4854-86CD-528D53319C22}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{52008BB4-E1FA-44AF-8C10-697FCF96CFD9}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{5876CBED-F4E9-4D94-B96E-FE69A27562B9}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
    "{5C5B647F-739E-42E5-80E6-FC51AAE5BA0C}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{770737A9-B921-4FCB-963D-99949BDFCCE8}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
    "{7A51CC22-B083-47C3-875C-B472963317C0}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{831CA45F-C0E4-4218-974F-E4ACD8D0D21F}" = protocol=17 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |
    "{869AAA88-61BA-4FA6-9DA3-B066C4AC8500}" = protocol=17 | dir=in | app=c:\windows\system32\lxeacoms.exe |
    "{9DD6B3BB-311D-4A6B-A25B-A71FD5D1CAEF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{A3916B5F-CE25-4BA6-8511-E6FFA14C1316}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{A8677778-7117-4CB6-B551-087629EE825E}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
    "{ACF971CE-A95E-456B-8B0E-3DE90DD8D734}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
    "{C0A6EADA-F6F0-4EDF-AED5-8C672955472F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{C4F78966-C929-4964-A1ED-C1E8509080C2}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
    "{DC4AA50C-F0FF-4BCE-B421-E04EF5CE2CDC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{DEBE69A8-939A-40EF-B2C8-98C4EF8540F0}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
    "{EF287A7C-A5FD-4710-8EC1-D72CE74A10A0}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
    "{FDD6DA5E-F357-4045-9FAA-6E95F0D29DE9}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\advanced networking service\hnm_svc.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{23B45E10-0CA5-43E9-BD6D-C2BD6CBE11AC}" = iTunes
    "{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java(TM) 6 Update 13 (64-bit)
    "{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
    "{55E76113-3899-4A63-A308-71A9BD3491EE}" = MobileMe Control Panel
    "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "Lexmark S300-S400 Series" = Lexmark S300-S400 Series
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
    "{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
    "{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
    "{053C30EA-D4C6-47A0-8537-8D231D9BE873}" = DELL0703
    "{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
    "{095B1DCF-5E8B-47EC-9B18-481918A731DB}" = Microsoft Default Manager
    "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
    "{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
    "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
    "{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
    "{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
    "{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}" = Realtek Ethernet Network Card Diagnostic tool for Windows Vista
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 18
    "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
    "{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
    "{2D6CC267-A37C-467A-92F0-CD8BAB01D1FE}" = Teacher Content for Learning Essentials
    "{2EEC2A94-7204-45C6-93BB-67EAEB19E4D6}" = Safari
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
    "{4BF1D2E7-F003-4AD9-9820-525126BA9038}" = Gotcha!
    "{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
    "{903A0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Standard 2003
    "{90530409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Standard 2003
    "{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3
    "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
    "{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
    "{961034C0-58DF-11DF-97FD-005056806466}" = Google Earth Plug-in
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
    "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
    "{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
    "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup
    "{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web
    "{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
    "{DC2FA8DF-25B8-49AC-AEA7-6F4489CC04F7}" = bodybugg Software
    "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F66A31D9-7831-4FBA-BA02-C411C0047CC5}" = Dell Remote Access
    "{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
    "{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
    "{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
    "Adobe AIR" = Adobe AIR
    "Aleks 3.11" = Aleks 3.11
    "Bejeweled 2 Deluxe 1.1" = Bejeweled 2 Deluxe 1.1
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Dell Video Chat" = Dell Video Chat
    "GameSpy Arcade" = GameSpy Arcade
    "GoToAssist" = GoToAssist 8.0.0.514
    "InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
    "InstallShield_{DC2FA8DF-25B8-49AC-AEA7-6F4489CC04F7}" = bodybugg Software
    "MSC" = McAfee SecurityCenter
    "RealArcade" = RealArcade
    "SelectRebatesUninstall" = ShopAtHome SelectRebates
    "WildTangent dell Master Uninstall" = WildTangent Games
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WT081703" = Delicious 2 Deluxe
    "WT083294" = Tropical Farm
    "Zoo Tycoon 1.0" = Zoo Tycoon: Complete Collection
    "Zuma Deluxe 1.0" = Zuma Deluxe 1.0
    "zumadeluxe" = Zuma Deluxe

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Move Media Player" = Move Media Player

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 8/25/2010 12:56:35 PM | Computer Name = Meldrum-Studio | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 3650

    Error - 8/25/2010 12:56:36 PM | Computer Name = Meldrum-Studio | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 8/25/2010 12:56:36 PM | Computer Name = Meldrum-Studio | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 4649

    Error - 8/25/2010 12:56:36 PM | Computer Name = Meldrum-Studio | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 4649

    Error - 8/25/2010 12:56:37 PM | Computer Name = Meldrum-Studio | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 8/25/2010 12:56:37 PM | Computer Name = Meldrum-Studio | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 5647

    Error - 8/25/2010 12:56:37 PM | Computer Name = Meldrum-Studio | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 5647

    Error - 8/25/2010 12:56:38 PM | Computer Name = Meldrum-Studio | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 8/25/2010 12:56:38 PM | Computer Name = Meldrum-Studio | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 6661

    Error - 8/25/2010 12:56:38 PM | Computer Name = Meldrum-Studio | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 6661

    [ Media Center Events ]
    Error - 2/10/2010 8:23:03 PM | Computer Name = Meldrum-Studio | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 2/14/2010 8:32:39 PM | Computer Name = Meldrum-Studio | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 2/16/2010 12:46:04 AM | Computer Name = Meldrum-Studio | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 2/21/2010 8:43:31 PM | Computer Name = Meldrum-Studio | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 2/26/2010 8:37:12 PM | Computer Name = Meldrum-Studio | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 3/20/2010 11:04:19 PM | Computer Name = Meldrum-Studio | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 4/20/2010 9:34:20 PM | Computer Name = Meldrum-Studio | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 5/17/2010 8:28:42 PM | Computer Name = Meldrum-Studio | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 5/28/2010 3:27:11 PM | Computer Name = Meldrum-Studio | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    [ System Events ]
    Error - 9/7/2010 7:41:04 PM | Computer Name = Meldrum-Studio | Source = DCOM | ID = 10005
    Description =

    Error - 9/7/2010 7:41:04 PM | Computer Name = Meldrum-Studio | Source = DCOM | ID = 10005
    Description =

    Error - 9/7/2010 7:41:04 PM | Computer Name = Meldrum-Studio | Source = DCOM | ID = 10005
    Description =

    Error - 9/7/2010 7:41:04 PM | Computer Name = Meldrum-Studio | Source = Service Control Manager | ID = 7001
    Description =

    Error - 9/7/2010 7:41:04 PM | Computer Name = Meldrum-Studio | Source = Service Control Manager | ID = 7001
    Description =

    Error - 9/7/2010 7:41:37 PM | Computer Name = Meldrum-Studio | Source = Service Control Manager | ID = 7001
    Description =

    Error - 9/7/2010 7:41:38 PM | Computer Name = Meldrum-Studio | Source = DCOM | ID = 10005
    Description =

    Error - 9/7/2010 7:41:38 PM | Computer Name = Meldrum-Studio | Source = Service Control Manager | ID = 7001
    Description =

    Error - 9/7/2010 7:43:41 PM | Computer Name = Meldrum-Studio | Source = DCOM | ID = 10005
    Description =

    Error - 9/7/2010 8:23:21 PM | Computer Name = Meldrum-Studio | Source = Service Control Manager | ID = 7000
    Description =


    < End of report >

  10. #10
    Senior Member
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi Steveo4571,

    It's a 64bit system so that would explain the GMER problem.

    Next, Right click on OTL.exe and chose Run as Administrator to run it
    • Under the Custom Scans/Fixes box at the bottom, paste in the following
    • Do Not copy the word CODE
    • please note the fix starts with the :

    Code:
    :Services
    
    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    O2 - BHO: (ShopAtHomeIEHelper Class) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome)
    O3 - HKLM\..\Toolbar: (ShopAtHome Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome)
    O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    2010/09/01 10:13:24 | 000,242,176 | ---- | C] (Security Suites Corporation) -- C:\Users\Steve\AppData\Local\syssvc.exe
    [2010/08/29 08:09:03 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\sryipycgi
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [emptytemp]
    [Reboot]
    Then click the Run Fix button at the top
    • Let the program run unhindered
    • Please save the resulting log to be posted in your next reply.
    Please post the OTL fix log in your next reply.


    Try to access the internet with the infected machine. If you are able to access the internet please down load these 2 tools and post the logs.

    Please download MBRCheck.exe to your desktop.
    • Be sure to disable your security programs
    • Right click on the file and select "Run as Adminstrator" to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
    • A window will open on your desktop
    • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
    • If nothing unusual is found just press Enter
    • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
    • Please post the contents of that file.



    Next

    Download and save to your desktop Malwarebytes Anti-Malware

    Right Click mbam-setup.exe and select "Run as Adminstrator" to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.

    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


    Next

    • Right click on OTL.exe and select "Run as Administrator" to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output
    • UNCheck the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    When the scan completes, it will open a notepad window, OTL.Txt, no Extras.Txtthis time.

    Please post back with
    • OTL fix log
    • MBRCheck log
    • MBAM log
    • new OTL.txt
    Are you on line now?

    How's the computer?

    Thanks
    Member of UNITE and ASAP

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •