Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer running slow, possible virus Malicious Packer?

Started by klinehan , Oct 16 2011 01:14 PM

  • Please log in to reply

#1
klinehan
Posted 16 October 2011 - 01:14 PM

klinehan

    New Member

  • Member
  • Pip
  • 9 posts
Hello:

Some symptons, so far:

.Computer is running slow.
.Google Chrome will not load any web pages.
.Many programs will stall with a "not responding" error.
.When I try to open Microsoft Word, it states that there is insufficient memory, even though I have 4gb of RAM.
.It takes a very long time to shut down the computer.

I tried running a Windows Memory Test Diagnosis and it stalled twice in the middle of the scan.

I ran a full PC Tools Spyware Doctor Scan (fully updated) and it said there were no infections, although the program seem to stall at 75% complete. It ran but the completion bar did not move.

I did run a PC Tools Spyware Scan on a suspect flash drive I had recently used and it did detect a virus called: HeurEngine.MaliciousPacker. I am assuming the problems are caused by this (although my Spyware Doctor Scan did not find that virus on the computer itself.)

I had to run the computer in Smart Mode so I could access the Geeks to Go webpage. I also had to run the OTL in Smart Mode, so I hope this does not affect its results.

Thanks in advance.








OTL Extras logfile created on: 10/16/2011 2:39:01 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Kyle\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.83 Gb Available Physical Memory | 71.36% Memory free
8.09 Gb Paging File | 7.10 Gb Available in Paging File | 87.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.01 Gb Total Space | 161.70 Gb Free Space | 57.14% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 3.44 Gb Free Space | 22.94% Space Free | Partition Type: NTFS

Computer Name: KYLE-PC | User Name: Kyle | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.scr [@ = AutoCADScriptFile] -- C:\Windows\notepad.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = CE 71 05 22 F3 17 CC 01 [binary data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07C309F2-52D4-47B6-843D-ED011F75E1CA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{24157DD5-06BF-4DDC-A04F-6A73384F46BE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{28BF2CC7-B514-4D3B-B3B2-9975984BC577}" = lport=138 | protocol=17 | dir=in | app=system |
"{331EA553-9349-4BB2-962C-E07C2B8DB89B}" = rport=137 | protocol=17 | dir=out | app=system |
"{3B6AEABB-D5E8-48F2-95B7-91B7EDD8CA19}" = rport=138 | protocol=17 | dir=out | app=system |
"{5A8F8304-C03E-4648-8F22-F03647B7C973}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6C1C0B2B-7B7F-43D3-8265-D401F83324B5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{6F39D91F-5BF5-4F1F-AC2E-86F4C539F342}" = lport=137 | protocol=17 | dir=in | app=system |
"{742D4842-E684-4AB7-A179-519D4E1B0FE0}" = rport=139 | protocol=6 | dir=out | app=system |
"{7DBB7022-CA3C-43D2-AEF4-8FBFFEBFC5B5}" = lport=139 | protocol=6 | dir=in | app=system |
"{B4A7AAC1-E6C8-4F8E-A089-1DEFC3E843D1}" = rport=445 | protocol=6 | dir=out | app=system |
"{D4390675-6153-4063-9D20-BB7AFCA8C5A0}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service\intuitupdater.exe |
"{E003B555-9367-4E6E-84E3-2D43E4C94B5D}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service\intuitupdateservice.exe |
"{E67E61B1-AA37-40CA-A39A-E98901D96CD7}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E5B1893-38FB-4901-B7CB-8F81F7D53A38}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{19F61B36-461D-475F-80A6-81D3ED4BE1FD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{2CD0FB0E-3B62-4576-AE0E-BF9FA6D4A54D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{3CCE50B1-D6C3-4B42-A5FE-88C315D0AD9F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{4734FF4C-76EB-499C-853A-B8AB081A882E}" = protocol=6 | dir=in | app=c:\users\kyle\appdata\roaming\dropbox\bin\dropbox.exe |
"{5ABDC3F3-7FDD-4629-B7A5-611D53913295}" = protocol=1 | dir=in | [email protected],-28543 |
"{7AC47DD9-8C85-4BAB-9356-50FE53BAF6DD}" = protocol=17 | dir=in | app=c:\users\kyle\appdata\roaming\dropbox\bin\dropbox.exe |
"{7D514BA0-0A34-41E5-B3C1-BE73329E1F65}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{8421D48C-F90C-4436-824C-CBDE5C63477E}" = protocol=6 | dir=in | app=c:\program files (x86)\ptc\pvx\i486_nt\obj\productview.exe |
"{97CF7265-D2F8-45D0-99D5-AF49E0158D81}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{9E45731D-E290-41B1-9D4A-9FA64AC0A5C0}" = protocol=58 | dir=out | [email protected],-28546 |
"{9E83E95A-9DF8-4B04-A852-9781AF6461C7}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{A836202A-01BD-43AF-974F-AF8828B1CBEE}" = protocol=17 | dir=in | app=c:\program files (x86)\ptc\pvx\i486_nt\obj\productview.exe |
"{AAB509F0-744E-44DE-9478-DD721ACD610B}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{C5953F19-1DC7-4E10-B921-C6D2CA6DCF0D}" = protocol=1 | dir=out | [email protected],-28544 |
"{E0769EF3-5133-4C37-98A8-C3653766B7A7}" = protocol=58 | dir=in | [email protected],-28545 |
"{E5AE3DE6-7AF2-4F7A-8042-AB3D4996638A}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{E69462A7-9AF5-4CC7-B30A-CE169DA36C8B}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{F37E7452-722F-4160-99D0-1818F23AED28}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{F72FF3D5-1698-42F1-9370-1AAAEF0623D0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"TCP Query User{02B4763E-5AC6-4106-A898-14BF34D1B3EA}C:\program files\proengineer schools edition\x86e_win64\obj\xtop.exe" = protocol=6 | dir=in | app=c:\program files\proengineer schools edition\x86e_win64\obj\xtop.exe |
"TCP Query User{1FE7B731-DC05-4DB5-948A-BB13D2DBEACC}C:\program files (x86)\proengineer schools edition 4\i486_nt\obj\xtop.exe" = protocol=6 | dir=in | app=c:\program files (x86)\proengineer schools edition 4\i486_nt\obj\xtop.exe |
"TCP Query User{2F847F92-E225-4F27-A75E-42498BFACF05}C:\program files (x86)\proengineer schools edition\i486_nt\obj\pro_comm_msg.exe" = protocol=6 | dir=in | app=c:\program files (x86)\proengineer schools edition\i486_nt\obj\pro_comm_msg.exe |
"TCP Query User{411B9254-1746-4B6C-A1AC-DB9442B6899E}C:\program files (x86)\proengineer schools edition 4\i486_nt\nms\nmsd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\proengineer schools edition 4\i486_nt\nms\nmsd.exe |
"TCP Query User{494C2667-B99D-4F2B-9159-2FBDDB4CC7DD}C:\program files\proengineer schools edition\x86e_win64\nms\nmsd.exe" = protocol=6 | dir=in | app=c:\program files\proengineer schools edition\x86e_win64\nms\nmsd.exe |
"TCP Query User{4CCF2879-9506-4536-AE12-49D0C52E00C6}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{5064E1B9-F2AB-4308-9913-69AD7F6F4F56}C:\program files (x86)\proengineer schools edition\i486_nt\obj\xtop.exe" = protocol=6 | dir=in | app=c:\program files (x86)\proengineer schools edition\i486_nt\obj\xtop.exe |
"TCP Query User{6D40CA68-406C-436D-B274-3A9403A56455}C:\program files\proengineer schools edition\x86e_win64\obj\pro_comm_msg.exe" = protocol=6 | dir=in | app=c:\program files\proengineer schools edition\x86e_win64\obj\pro_comm_msg.exe |
"TCP Query User{6FC836AD-16BD-419E-B2DE-7B3047F1052C}C:\program files (x86)\proengineer schools edition\i486_nt\nms\nmsd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\proengineer schools edition\i486_nt\nms\nmsd.exe |
"TCP Query User{C7BFDC67-3A96-4D75-8F15-00EAF627B02F}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{EF5FC78A-A702-4C10-A6F3-30615AEFFA8B}C:\program files (x86)\proengineer schools edition 4\i486_nt\obj\pro_comm_msg.exe" = protocol=6 | dir=in | app=c:\program files (x86)\proengineer schools edition 4\i486_nt\obj\pro_comm_msg.exe |
"TCP Query User{FC1C0CCF-BE11-4597-8A1F-4F19D9EF499A}C:\users\kyle\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\kyle\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{04811FD5-4FA8-4325-BA93-9D8FF1648350}C:\program files (x86)\proengineer schools edition\i486_nt\nms\nmsd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\proengineer schools edition\i486_nt\nms\nmsd.exe |
"UDP Query User{04B69BEE-9197-44A8-8277-7B0950689E04}C:\users\kyle\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\kyle\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{04CE3E8E-6EB5-407E-8D35-D633517D2166}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{0D762420-8BFF-4754-89F8-A8D5E5A48DD5}C:\program files\proengineer schools edition\x86e_win64\obj\pro_comm_msg.exe" = protocol=17 | dir=in | app=c:\program files\proengineer schools edition\x86e_win64\obj\pro_comm_msg.exe |
"UDP Query User{1764DA62-6EBA-4126-BC48-FE2D0BC52A71}C:\program files (x86)\proengineer schools edition 4\i486_nt\nms\nmsd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\proengineer schools edition 4\i486_nt\nms\nmsd.exe |
"UDP Query User{57AB6B52-5488-47F1-B2F5-B83BF587AF99}C:\program files (x86)\proengineer schools edition\i486_nt\obj\xtop.exe" = protocol=17 | dir=in | app=c:\program files (x86)\proengineer schools edition\i486_nt\obj\xtop.exe |
"UDP Query User{76886808-5AF2-414C-A5DA-59E00B0A4746}C:\program files\proengineer schools edition\x86e_win64\nms\nmsd.exe" = protocol=17 | dir=in | app=c:\program files\proengineer schools edition\x86e_win64\nms\nmsd.exe |
"UDP Query User{86FE18E1-6432-4D7D-8564-0622C9C95C0A}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{9200D8DC-90B2-4277-84AC-42B4366C04B8}C:\program files (x86)\proengineer schools edition\i486_nt\obj\pro_comm_msg.exe" = protocol=17 | dir=in | app=c:\program files (x86)\proengineer schools edition\i486_nt\obj\pro_comm_msg.exe |
"UDP Query User{94C56D2B-DF40-4390-B220-5E4F31B46AC5}C:\program files (x86)\proengineer schools edition 4\i486_nt\obj\xtop.exe" = protocol=17 | dir=in | app=c:\program files (x86)\proengineer schools edition 4\i486_nt\obj\xtop.exe |
"UDP Query User{B5E58CA3-F648-414F-838A-2EA4B888D122}C:\program files\proengineer schools edition\x86e_win64\obj\xtop.exe" = protocol=17 | dir=in | app=c:\program files\proengineer schools edition\x86e_win64\obj\xtop.exe |
"UDP Query User{F27AB7B6-72C5-4876-AC41-19A1D7DFAA8C}C:\program files (x86)\proengineer schools edition 4\i486_nt\obj\pro_comm_msg.exe" = protocol=17 | dir=in | app=c:\program files (x86)\proengineer schools edition 4\i486_nt\obj\pro_comm_msg.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1E4843DA-C46B-498D-93DE-0A65D1991E6B}" = Kensington Display Adapter
"{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java™ 6 Update 13 (64-bit)
"{2C4E2E4E-A7C9-4CCB-BF03-FE6EBD5D4AB7}" = Windows Mobile Device Updater Component
"{3C43EAE7-22C0-4b33-ABFB-3757ECA5FD7B}" = HP Officejet All-In-One Series
"{54B94792-8FD4-460E-998E-3F8A8598AC02}" = LEGO MINDSTORMS NXT Driver for x64
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{7006ED29-58F2-40C3-AE87-039287AD20B6}" = Zune
"{7924F1F6-D445-4C97-8136-99069421F467}" = ProductView Express 9.1
"{7FA96ABF-DFEA-4610-A89B-BBA8969A3493}" = NI VC2005MSMs x64
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset
"{8B32610C-ADE1-49C1-BB38-3354900DC36C}" = NI-ORB 1.6.0f0 for 64 Bit Windows
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90274FD7-0757-4F44-94C5-994FDB93B8ED}" = NI-PAL 2.0.0f0 for 64 Bit Windows
"{9077436C-73C8-41B8-BF12-C35E7C0CB3D5}" = NI-VISA x64 support 4.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E73823F-FFDA-4E2E-B74C-7D4487788A61}" = Pro/ENGINEER Thumbnail Viewer 1.0
"{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{B3C114BD-4E22-4733-87B3-AC5F5FE72368}" = DisplayLink Core Software
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EF99B488-D510-4463-9DB8-C7FFB47858F0}" = NI-DIM 1.6.0f0 for 64 Bit Windows
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"CCleaner" = CCleaner
"Creative OA001" = Integrated Webcam Driver (1.06.03.0309)
"Dell Support Center" = Dell Support Center
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Pro/ENGINEER Schools Edition Release Wildfire 5.0 Datecode M040" = Pro/ENGINEER Schools Edition Release Wildfire 5.0 Datecode M040
"Zune" = Zune

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}" = Medieval II Total War : Kingdoms : Crusades
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{053C30EA-D4C6-47A0-8537-8D231D9BE873}" = DELL0703
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{095B1DCF-5E8B-47EC-9B18-481918A731DB}" = Microsoft Default Manager
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0EB768CD-EF48-4C66-8BCB-2DA8166B2654}" = GradeQuick Web Plugin
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{129024FF-A6C9-4696-91BC-570C6C05193A}" = Windchill ProductPoint Client Manager
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{1461AA33-AB75-4E27-A832-CA0328AD7FAA}" = LEGO MINDSTORMS Edu NXT - English Language Pack
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1BE08195-5CFE-41D5-B224-940EF06B9BCE}" = NI-PAL 2.0.0f0
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java™ 6 Update 26
"{299CF645-48C7-4FA1-8BCD-5CE200CF180D}" = Microsoft Search Enhancement Pack
"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{32C7D34A-4ADF-46F1-9E75-A3E446A76D10}" = LEGO MINDSTORMS Edu NXT Software v1.1
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{395AD660-EAA2-012B-ADE3-000000000000}" = TurboTax 2009 wmaiper
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{40724630-C95F-449d-B71D-777CFDE9EA21}" = J5700
"{40BA976E-38B8-4C63-990C-50999C8C3521}" = BPD_Scan
"{41A96655-19FB-473c-AAB7-429E372527C8}" = ProductContext
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{505DF7A3-88D5-4DD6-9AD5-C98C2ED0CEC4}" = Windows Live Sign-in Assistant
"{5783F2D7-0201-0409-0000-0060B0CE6BBA}" = AutoCAD 2004
"{5D0F0C1F-46B0-4AA2-B8DC-02E5FE777C19}" = 5700_Help
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{67DFA904-E2FE-4970-90B9-6218DFF1CE90}" = NI-DIM 1.6.0f0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6B3AD61D-3836-4792-95AA-DB63DDC5B008}" = NI-ORB 1.6.0f0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{75983B66-804C-40D1-BA13-64DAF652A6F1}" = Medieval II Total War : Kingdoms : Americas
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}" = Medieval II Total War : Kingdoms : Teutonic
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = PhotoStitch
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B073FE8-ED47-439E-94A9-68C1B8242FC1}" = NI-RPC 3.3.1f0
"{8ED929E5-37D5-4E01-8052-4FF5E67F403D}" = OverDrive Media Console
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{A225C44C-0C31-4A45-B97F-B308212EA79A}" = NI Certificates Deployment Support
"{A2CC286B-BFE9-4D1F-9EDA-AA3E8289CA12}" = BPDSoftware_Ini
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A5CE71BF-D4B2-4D29-B6EA-BC28AA9F4DD1}" = NI-VISA Runtime 4.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B72EB184-2A42-4B3C-8F8F-D7EF163829B4}" = SMART Board Software
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{BFEA2222-557D-4F0D-B1AE-64EECBCA2747}" = NI VC2005MSMs x86
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C383CBAD-61FA-417E-B784-2E9F1E843DF2}" = TurboTax 2010 wmaiper
"{C432A2DA-6A08-4BA0-812E-64506E019585}" = NI Uninstaller
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C9710CCD-2A90-4545-B4B9-1E525FBB9195}" = SMART Essentials for Educators
"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
"{CE785A57-ED40-4553-BB3B-CAA66D951CE6}" = NI EULA Depot
"{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}" = Medieval II Total War : Kingdoms : Britannia
"{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E9AF380B-40FA-4D83-A5C7-A80D9BB8E566}" = LEGO MINDSTORMS NXT Edu Migration Package
"{ECAD4F6A-0BF3-4028-9C81-E5D9F9606CBA}" = BPDSoftware
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F6BB6248-C507-46FE-8A35-1B16F35E0441}" = ITECIR
"{F7128E13-D676-41D2-A4DA-9EF2069A62B1}" = VMware View Client
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"{FEBB6476-8059-4BBB-9F51-93C3EA5559B8}" = NI MDF Support
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Algodoo_is1" = Algodoo v1.8.0
"Autodesk Express Viewer" = Autodesk Express Viewer
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell Video Chat" = Dell Video Chat
"Dell Webcam Central" = Dell Webcam Central
"ExamView ActiveX Control v2" = ExamView ActiveX Control v2
"ExamView Pro" = ExamView Assessment Suite
"FreeFileSync" = FreeFileSync v3.13
"Google Updater" = Google Updater
"GoToAssist" = GoToAssist 8.0.0.514
"Graph_is1" = Graph 4.3
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = Canon Utilities PhotoStitch 3.1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NI Uninstaller" = National Instruments Software
"Picasa 3" = Picasa 3
"Pro/ENGINEER Schools Edition Release Wildfire 4.0 Datecode M030" = Pro/ENGINEER Schools Edition Release Wildfire 4.0 Datecode M030
"Pro/ENGINEER Schools Edition Release Wildfire 4.0 Datecode M092" = Pro/ENGINEER Schools Edition Release Wildfire 4.0 Datecode M092
"Robolab 2.9.4" = Robolab 2.9.4
"Spyware Doctor" = Spyware Doctor with AntiVirus 8.0
"TestGen" = TestGen
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010
"webmmf" = WebM Media Foundation Components
"West Point Bridge Designer 201012.0.4" = West Point Bridge Designer 2010
"WildTangent dell Master Uninstall" = WildTangent Games
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Alpha Decay" = Alpha Decay
"Atomic Interactions" = Atomic Interactions
"Balancing Chemical Equations" = Balancing Chemical Equations
"Battery-Resistor Circuit" = Battery-Resistor Circuit
"Beta Decay" = Beta Decay
"Build an Atom" = Build an Atom
"Circuit Construction Kit (AC+DC)" = Circuit Construction Kit (AC+DC)
"Circuit Construction Kit (DC Only)" = Circuit Construction Kit (DC Only)
"Electric Field Hockey" = Electric Field Hockey
"Energy Skate Park" = Energy Skate Park
"Facebook Plug-In" = Facebook Plug-In
"Faraday's Electromagnetic Lab" = Faraday's Electromagnetic Lab
"Forces and Motion" = Forces and Motion
"Forces in 1 Dimension" = Forces in 1 Dimension
"Google Chrome" = Google Chrome
"Gravity and Orbits" = Gravity and Orbits
"Gravity Force Lab" = Gravity Force Lab
"Ladybug Motion 2D" = Ladybug Motion 2D
"Ladybug Revolution" = Ladybug Revolution
"Magnet and Compass" = Magnet and Compass
"Models of the Hydrogen Atom" = Models of the Hydrogen Atom
"Molecular Workbench" = Molecular Workbench
"Motion in 2D" = Motion in 2D
"Neon Lights & Other Discharge Lamps" = Neon Lights & Other Discharge Lamps
"Nuclear Fission" = Nuclear Fission
"Radioactive Dating Game" = Radioactive Dating Game
"Ramp- Forces and Motion" = Ramp- Forces and Motion
"Reactants, Products and Leftovers" = Reactants, Products and Leftovers
"Reactions & Rates" = Reactions & Rates
"Rutherford Scattering" = Rutherford Scattering
"Salts & Solubility" = Salts & Solubility
"Sound" = Sound
"States of Matter" = States of Matter
"The Moving Man" = The Moving Man
"The Ramp" = The Ramp
"Torque" = Torque

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/29/2011 5:29:35 AM | Computer Name = Kyle-PC | Source = WinMgmt | ID = 10
Description =

Error - 9/29/2011 3:20:32 PM | Computer Name = Kyle-PC | Source = WinMgmt | ID = 10
Description =

Error - 9/29/2011 3:23:04 PM | Computer Name = Kyle-PC | Source = Perflib | ID = 1010
Description =

Error - 9/29/2011 3:23:06 PM | Computer Name = Kyle-PC | Source = Perflib | ID = 1008
Description =

Error - 9/29/2011 9:31:20 PM | Computer Name = Kyle-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 9/29/2011 9:31:20 PM | Computer Name = Kyle-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 9/29/2011 9:32:01 PM | Computer Name = Kyle-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 9/30/2011 5:17:34 PM | Computer Name = Kyle-PC | Source = WinMgmt | ID = 10
Description =

Error - 9/30/2011 5:20:04 PM | Computer Name = Kyle-PC | Source = Perflib | ID = 1010
Description =

Error - 9/30/2011 5:20:06 PM | Computer Name = Kyle-PC | Source = Perflib | ID = 1008
Description =

[ OSession Events ]
Error - 6/20/2010 10:34:44 PM | Computer Name = Kyle-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 32595
seconds with 1020 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10/15/2011 11:40:58 PM | Computer Name = Kyle-PC | Source = DCOM | ID = 10005
Description =

Error - 10/15/2011 11:41:00 PM | Computer Name = Kyle-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 10/15/2011 11:41:00 PM | Computer Name = Kyle-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/15/2011 11:43:07 PM | Computer Name = Kyle-PC | Source = WinDefend | ID = 2004
Description =

Error - 10/16/2011 2:11:32 PM | Computer Name = Kyle-PC | Source = DCOM | ID = 10005
Description =

Error - 10/16/2011 2:11:40 PM | Computer Name = Kyle-PC | Source = DCOM | ID = 10005
Description =

Error - 10/16/2011 2:11:46 PM | Computer Name = Kyle-PC | Source = DCOM | ID = 10005
Description =

Error - 10/16/2011 2:11:47 PM | Computer Name = Kyle-PC | Source = DCOM | ID = 10005
Description =

Error - 10/16/2011 2:11:55 PM | Computer Name = Kyle-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 10/16/2011 2:11:55 PM | Computer Name = Kyle-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >
  • 0

Advertisements

#2
klinehan
Posted 19 October 2011 - 08:24 PM

klinehan

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I think I fixed this one on my own by doing a System Restore to a few weeks prior--It seems to have taken care of the virus.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP