Jump to content

Malware Infection


Recommended Posts

A range of problems such as computer freezing, unexpected shut down, sometimes difficulty in rebooting computer, slow internet explorer browsing, explorer shutdown, redirects from yahoo search, cpu usage 100 percent.

Will post logs

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8289

Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.8112.16421

12/7/2011 12:09:08 AM

mbam-log-2011-12-07 (00-09-08).txt

Scan type: Quick scan

Objects scanned: 191858

Time elapsed: 21 minute(s), 45 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Link to post
Share on other sites

Hello Kp15460! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/paste in your next reply.

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check. Check the Scan All Users too.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Once OTL has completed its first scan it will save notepad copies of the scans in the folder that OTL was started from. Unless set to produce an Extras log it will only produce OTL.txt in subsequent scans.

A copy of an OTL fix log is saved in a text file at

  • :\_OTL\MovedFiles
    • in most cases this will be C:\_OTL\MovedFiles

In your next reply, please post the following log files:

  • TDSSKiller log
  • OTL log with Extras.txt

Link to post
Share on other sites

08:00:46.0395 5980 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06

08:00:48.0423 5980 ============================================================

08:00:48.0423 5980 Current date / time: 2011/12/07 08:00:48.0423

08:00:48.0423 5980 SystemInfo:

08:00:48.0423 5980

08:00:48.0423 5980 OS Version: 6.0.6002 ServicePack: 2.0

08:00:48.0423 5980 Product type: Workstation

08:00:48.0423 5980 ComputerName: KP15460-PC

08:00:48.0423 5980 UserName: KP15460

08:00:48.0423 5980 Windows directory: C:\Windows

08:00:48.0423 5980 System windows directory: C:\Windows

08:00:48.0423 5980 Processor architecture: Intel x86

08:00:48.0423 5980 Number of processors: 2

08:00:48.0423 5980 Page size: 0x1000

08:00:48.0423 5980 Boot type: Normal boot

08:00:48.0423 5980 ============================================================

08:00:57.0535 5980 Initialize success

08:01:54.0982 5768 ============================================================

08:01:54.0982 5768 Scan started

08:01:54.0982 5768 Mode: Manual; SigCheck; TDLFS;

08:01:54.0982 5768 ============================================================

08:01:57.0832 5768 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

08:01:58.0032 5768 ACPI - ok

08:01:58.0362 5768 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

08:01:58.0402 5768 adp94xx - ok

08:01:58.0502 5768 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

08:01:58.0542 5768 adpahci - ok

08:01:58.0572 5768 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

08:01:58.0602 5768 adpu160m - ok

08:01:58.0642 5768 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

08:01:58.0682 5768 adpu320 - ok

08:01:58.0822 5768 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

08:01:59.0412 5768 AFD - ok

08:01:59.0702 5768 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys

08:01:59.0822 5768 agp440 - ok

08:01:59.0892 5768 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

08:01:59.0922 5768 aic78xx - ok

08:01:59.0962 5768 aliide (dc67a153fdb8105b25d05334b5e1d8e2) C:\Windows\system32\drivers\aliide.sys

08:02:00.0162 5768 aliide - ok

08:02:00.0262 5768 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys

08:02:00.0372 5768 amdagp - ok

08:02:00.0412 5768 amdide (835c4c3355088298a5ebd818fa31430f) C:\Windows\system32\drivers\amdide.sys

08:02:00.0682 5768 amdide - ok

08:02:00.0722 5768 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

08:02:01.0162 5768 AmdK7 - ok

08:02:01.0302 5768 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys

08:02:01.0552 5768 AmdK8 - ok

08:02:01.0792 5768 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

08:02:01.0822 5768 arc - ok

08:02:01.0863 5768 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

08:02:01.0903 5768 arcsas - ok

08:02:02.0113 5768 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

08:02:02.0253 5768 AsyncMac - ok

08:02:02.0513 5768 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

08:02:02.0553 5768 atapi - ok

08:02:02.0913 5768 atikmdag (c8465ed71bf898ea71c8717f2f8a5fa3) C:\Windows\system32\DRIVERS\atikmdag.sys

08:02:03.0493 5768 atikmdag - ok

08:02:03.0813 5768 AtiPcie (4aa1eb65481c392955939e735d27118b) C:\Windows\system32\DRIVERS\AtiPcie.sys

08:02:03.0973 5768 AtiPcie - ok

08:02:04.0323 5768 BCM43XX (6aae1042c0a572b24d2a4d6088f03392) C:\Windows\system32\DRIVERS\bcmwl6.sys

08:02:04.0693 5768 BCM43XX - ok

08:02:04.0853 5768 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\Windows\system32\DRIVERS\bcm4sbxp.sys

08:02:05.0013 5768 bcm4sbxp - ok

08:02:05.0083 5768 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

08:02:05.0583 5768 Beep - ok

08:02:05.0663 5768 blbdrive - ok

08:02:05.0783 5768 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

08:02:06.0253 5768 bowser - ok

08:02:06.0343 5768 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

08:02:07.0573 5768 BrFiltLo - ok

08:02:08.0343 5768 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

08:02:08.0533 5768 BrFiltUp - ok

08:02:08.0703 5768 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

08:02:08.0833 5768 Brserid - ok

08:02:08.0883 5768 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

08:02:09.0023 5768 BrSerWdm - ok

08:02:09.0143 5768 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

08:02:09.0293 5768 BrUsbMdm - ok

08:02:09.0313 5768 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

08:02:09.0423 5768 BrUsbSer - ok

08:02:09.0493 5768 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

08:02:09.0663 5768 BTHMODEM - ok

08:02:09.0903 5768 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

08:02:10.0093 5768 cdfs - ok

08:02:10.0204 5768 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

08:02:10.0274 5768 cdrom - ok

08:02:10.0364 5768 cfwids (1dcb5209601a70e36c70fe8d197d62cb) C:\Windows\system32\drivers\cfwids.sys

08:02:10.0474 5768 cfwids - ok

08:02:10.0514 5768 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

08:02:10.0644 5768 circlass - ok

08:02:11.0424 5768 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

08:02:11.0484 5768 CLFS - ok

08:02:12.0534 5768 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

08:02:12.0644 5768 CmBatt - ok

08:02:13.0344 5768 cmdide (e79cbb2195e965f6e3256e2c1b23fd1c) C:\Windows\system32\drivers\cmdide.sys

08:02:13.0544 5768 cmdide - ok

08:02:15.0094 5768 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

08:02:15.0114 5768 Compbatt - ok

08:02:16.0504 5768 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

08:02:16.0524 5768 crcdisk - ok

08:02:17.0664 5768 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

08:02:17.0764 5768 Crusoe - ok

08:02:18.0775 5768 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

08:02:19.0175 5768 DfsC - ok

08:02:20.0765 5768 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

08:02:20.0915 5768 disk - ok

08:02:22.0475 5768 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

08:02:22.0585 5768 drmkaud - ok

08:02:23.0285 5768 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys

08:02:23.0455 5768 DSproct ( UnsignedFile.Multi.Generic ) - warning

08:02:23.0455 5768 DSproct - detected UnsignedFile.Multi.Generic (1)

08:02:24.0515 5768 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\dsunidrv.sys

08:02:24.0765 5768 dsunidrv - ok

08:02:26.0715 5768 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

08:02:27.0266 5768 DXGKrnl - ok

08:02:29.0006 5768 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys

08:02:29.0136 5768 e1express - ok

08:02:30.0536 5768 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

08:02:30.0836 5768 E1G60 - ok

08:02:32.0156 5768 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

08:02:32.0236 5768 Ecache - ok

08:02:33.0586 5768 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

08:02:33.0656 5768 elxstor - ok

08:02:34.0566 5768 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

08:02:34.0866 5768 exfat - ok

08:02:36.0417 5768 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

08:02:36.0487 5768 fastfat - ok

08:02:37.0557 5768 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

08:02:37.0727 5768 fdc - ok

08:02:38.0607 5768 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

08:02:38.0667 5768 FileInfo - ok

08:02:39.0797 5768 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

08:02:39.0987 5768 Filetrace - ok

08:02:42.0117 5768 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

08:02:42.0337 5768 flpydisk - ok

08:02:43.0818 5768 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

08:02:43.0868 5768 FltMgr - ok

08:02:45.0448 5768 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

08:02:45.0748 5768 Fs_Rec - ok

08:02:47.0028 5768 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

08:02:47.0128 5768 gagp30kx - ok

08:02:48.0718 5768 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

08:02:48.0948 5768 HDAudBus - ok

08:02:50.0158 5768 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

08:02:50.0538 5768 HidBth - ok

08:02:52.0129 5768 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

08:02:52.0249 5768 HidIr - ok

08:02:53.0189 5768 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

08:02:53.0259 5768 HidUsb - ok

08:02:54.0109 5768 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

08:02:54.0129 5768 HpCISSs - ok

08:02:56.0589 5768 HSF_DPV (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys

08:02:57.0109 5768 HSF_DPV - ok

08:02:57.0979 5768 HSXHWAZL (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys

08:02:58.0249 5768 HSXHWAZL - ok

08:02:59.0049 5768 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

08:02:59.0399 5768 HTTP - ok

08:03:00.0190 5768 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

08:03:00.0260 5768 i2omp - ok

08:03:02.0490 5768 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

08:03:02.0580 5768 i8042prt - ok

08:03:03.0420 5768 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

08:03:03.0510 5768 iaStorV - ok

08:03:04.0230 5768 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

08:03:04.0280 5768 iirsp - ok

08:03:05.0540 5768 intelide (0084046c084d68e494f8cf36bcf08186) C:\Windows\system32\drivers\intelide.sys

08:03:05.0740 5768 intelide - ok

08:03:06.0890 5768 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys

08:03:07.0070 5768 intelppm - ok

08:03:08.0490 5768 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

08:03:09.0091 5768 IpFilterDriver - ok

08:03:10.0311 5768 IpInIp - ok

08:03:11.0941 5768 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

08:03:12.0081 5768 IPMIDRV - ok

08:03:13.0111 5768 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

08:03:13.0321 5768 IPNAT - ok

08:03:14.0591 5768 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

08:03:14.0671 5768 IRENUM - ok

08:03:15.0431 5768 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys

08:03:15.0601 5768 isapnp - ok

08:03:17.0462 5768 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

08:03:17.0862 5768 iScsiPrt - ok

08:03:19.0092 5768 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

08:03:19.0112 5768 iteatapi - ok

08:03:20.0332 5768 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

08:03:20.0422 5768 iteraid - ok

08:03:21.0872 5768 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

08:03:21.0972 5768 kbdclass - ok

08:03:23.0242 5768 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\DRIVERS\kbdhid.sys

08:03:23.0442 5768 kbdhid - ok

08:03:25.0713 5768 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys

08:03:26.0243 5768 KSecDD - ok

08:03:28.0663 5768 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

08:03:28.0773 5768 lltdio - ok

08:03:30.0433 5768 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

08:03:30.0633 5768 LSI_FC - ok

08:03:33.0283 5768 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

08:03:33.0544 5768 LSI_SAS - ok

08:03:35.0374 5768 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

08:03:35.0554 5768 LSI_SCSI - ok

08:03:36.0874 5768 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

08:03:37.0144 5768 luafv - ok

08:03:38.0254 5768 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys

08:03:38.0509 5768 MBAMProtector - ok

08:03:40.0919 5768 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys

08:03:42.0425 5768 mdmxsdk - ok

08:03:43.0655 5768 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

08:03:43.0735 5768 megasas - ok

08:03:45.0170 5768 mfeapfk (36b47b1e9c537f8f2b4481084b8f7d22) C:\Windows\system32\drivers\mfeapfk.sys

08:03:47.0440 5768 mfeapfk - ok

08:03:48.0835 5768 mfeavfk (cde41293db871a75cd99eb0ce781356b) C:\Windows\system32\drivers\mfeavfk.sys

08:03:49.0040 5768 mfeavfk - ok

08:03:50.0155 5768 mfeavfk01 - ok

08:03:51.0316 5768 mfebopk (e22385f64bdf0ad81157479496e33c4a) C:\Windows\system32\drivers\mfebopk.sys

08:03:51.0756 5768 mfebopk - ok

08:03:52.0861 5768 mfefirek (215666a8a85023ef019b510cbb67f678) C:\Windows\system32\drivers\mfefirek.sys

08:03:53.0261 5768 mfefirek - ok

08:03:55.0146 5768 mfehidk (56d330981866a72f061dd16cc5004513) C:\Windows\system32\drivers\mfehidk.sys

08:03:55.0931 5768 mfehidk - ok

08:03:57.0246 5768 mfenlfk (b41bacc049cdb916a52b1448bf30d6ab) C:\Windows\system32\DRIVERS\mfenlfk.sys

08:03:57.0406 5768 mfenlfk - ok

08:03:58.0471 5768 mferkdet (89b564d63c53fc0c6782ab07eea63acf) C:\Windows\system32\drivers\mferkdet.sys

08:03:58.0652 5768 mferkdet - ok

08:04:00.0022 5768 mfewfpk (c2ff7473a60c0fb2df145ab686889653) C:\Windows\system32\drivers\mfewfpk.sys

08:04:00.0287 5768 mfewfpk - ok

08:04:02.0617 5768 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

08:04:02.0847 5768 Modem - ok

08:04:04.0372 5768 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

08:04:04.0582 5768 monitor - ok

08:04:06.0182 5768 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

08:04:06.0267 5768 mouclass - ok

08:04:07.0448 5768 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\DRIVERS\mouhid.sys

08:04:07.0548 5768 mouhid - ok

08:04:08.0568 5768 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

08:04:08.0753 5768 MountMgr - ok

08:04:09.0373 5768 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

08:04:09.0738 5768 mpio - ok

08:04:10.0928 5768 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

08:04:11.0308 5768 mpsdrv - ok

08:04:11.0948 5768 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

08:04:12.0008 5768 Mraid35x - ok

08:04:12.0678 5768 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

08:04:12.0938 5768 MRxDAV - ok

08:04:13.0568 5768 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

08:04:14.0068 5768 mrxsmb - ok

08:04:16.0559 5768 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

08:04:17.0219 5768 mrxsmb10 - ok

08:04:18.0239 5768 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

08:04:18.0719 5768 mrxsmb20 - ok

08:04:19.0479 5768 msahci (d420bc42a637ac3cc4f411220549c0dc) C:\Windows\system32\drivers\msahci.sys

08:04:19.0749 5768 msahci - ok

08:04:19.0989 5768 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

08:04:20.0109 5768 msdsm - ok

08:04:20.0349 5768 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

08:04:20.0479 5768 Msfs - ok

08:04:21.0359 5768 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

08:04:21.0409 5768 msisadrv - ok

08:04:21.0529 5768 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

08:04:21.0629 5768 MSKSSRV - ok

08:04:21.0829 5768 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

08:04:21.0999 5768 MSPCLOCK - ok

08:04:22.0069 5768 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

08:04:22.0169 5768 MSPQM - ok

08:04:22.0369 5768 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

08:04:22.0439 5768 MsRPC - ok

08:04:22.0539 5768 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

08:04:22.0649 5768 mssmbios - ok

08:04:22.0719 5768 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

08:04:22.0829 5768 MSTEE - ok

08:04:23.0169 5768 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

08:04:23.0269 5768 Mup - ok

08:04:23.0429 5768 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

08:04:24.0820 5768 NativeWifiP - ok

08:04:25.0470 5768 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

08:04:25.0560 5768 NDIS - ok

08:04:25.0680 5768 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

08:04:25.0770 5768 NdisTapi - ok

08:04:25.0870 5768 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

08:04:25.0980 5768 Ndisuio - ok

08:04:26.0190 5768 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

08:04:26.0310 5768 NdisWan - ok

08:04:26.0370 5768 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

08:04:26.0470 5768 NDProxy - ok

08:04:26.0510 5768 NEOFLTR_630_13725 (04c5887b94011fc657b623867d74f709) C:\Windows\system32\Drivers\NEOFLTR_630_13725.SYS

08:04:26.0600 5768 Suspicious file (Forged): C:\Windows\system32\Drivers\NEOFLTR_630_13725.SYS. Real md5: 04c5887b94011fc657b623867d74f709, Fake md5: 2486bd2ae8b9345592fdd37a5bc47056

08:04:26.0600 5768 NEOFLTR_630_13725 ( Rootkit.Win32.ZAccess.k ) - infected

08:04:26.0600 5768 NEOFLTR_630_13725 - detected Rootkit.Win32.ZAccess.k (0)

08:04:26.0730 5768 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

08:04:26.0890 5768 NetBIOS - ok

08:04:26.0960 5768 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

08:04:27.0020 5768 netbt - ok

08:04:27.0150 5768 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

08:04:27.0200 5768 nfrd960 - ok

08:04:27.0300 5768 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

08:04:27.0460 5768 Npfs - ok

08:04:27.0530 5768 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

08:04:27.0730 5768 nsiproxy - ok

08:04:27.0840 5768 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

08:04:28.0270 5768 Ntfs - ok

08:04:28.0530 5768 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

08:04:28.0770 5768 ntrigdigi - ok

08:04:29.0110 5768 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

08:04:29.0210 5768 Null - ok

08:04:29.0290 5768 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

08:04:29.0320 5768 nvraid - ok

08:04:29.0380 5768 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

08:04:29.0400 5768 nvstor - ok

08:04:29.0430 5768 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys

08:04:29.0540 5768 nv_agp - ok

08:04:29.0560 5768 NwlnkFlt - ok

08:04:29.0600 5768 NwlnkFwd - ok

08:04:29.0750 5768 OEM02Dev (9d20fa5d8875f6063aa5e1c44446f698) C:\Windows\system32\DRIVERS\OEM02Dev.sys

08:04:30.0040 5768 OEM02Dev - ok

08:04:30.0110 5768 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys

08:04:30.0280 5768 OEM02Vfx - ok

08:04:30.0430 5768 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

08:04:30.0620 5768 ohci1394 - ok

08:04:30.0690 5768 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

08:04:30.0850 5768 Parport - ok

08:04:30.0960 5768 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

08:04:30.0980 5768 partmgr - ok

08:04:31.0040 5768 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

08:04:31.0130 5768 Parvdm - ok

08:04:31.0190 5768 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

08:04:31.0250 5768 pci - ok

08:04:31.0380 5768 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys

08:04:31.0460 5768 pciide - ok

08:04:31.0560 5768 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

08:04:31.0590 5768 pcmcia - ok

08:04:31.0650 5768 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

08:04:31.0881 5768 PEAUTH - ok

08:04:32.0001 5768 pnarp (b63a3ae87ed0ac525b3aa88b39608bfc) C:\Windows\system32\DRIVERS\pnarp.sys

08:04:32.0131 5768 pnarp - ok

08:04:32.0201 5768 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

08:04:32.0271 5768 PptpMiniport - ok

08:04:32.0311 5768 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

08:04:32.0381 5768 Processor - ok

08:04:32.0531 5768 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

08:04:32.0611 5768 PSched - ok

08:04:32.0661 5768 purendis (633cc728d6493c4263368a86928b0bfd) C:\Windows\system32\DRIVERS\purendis.sys

08:04:32.0821 5768 purendis - ok

08:04:32.0891 5768 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\Windows\system32\Drivers\PxHelp20.sys

08:04:33.0011 5768 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning

08:04:33.0021 5768 PxHelp20 - detected UnsignedFile.Multi.Generic (1)

08:04:33.0171 5768 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

08:04:33.0271 5768 ql2300 - ok

08:04:33.0391 5768 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

08:04:33.0421 5768 ql40xx - ok

08:04:33.0471 5768 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

08:04:33.0671 5768 QWAVEdrv - ok

08:04:33.0891 5768 R300 (c8465ed71bf898ea71c8717f2f8a5fa3) C:\Windows\system32\DRIVERS\atikmdag.sys

08:04:37.0151 5768 R300 - ok

08:04:37.0511 5768 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

08:04:37.0601 5768 RasAcd - ok

08:04:37.0671 5768 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

08:04:37.0751 5768 Rasl2tp - ok

08:04:37.0811 5768 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

08:04:37.0861 5768 RasPppoe - ok

08:04:37.0911 5768 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

08:04:37.0981 5768 RasSstp - ok

08:04:38.0031 5768 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

08:04:38.0121 5768 rdbss - ok

08:04:38.0171 5768 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

08:04:38.0251 5768 RDPCDD - ok

08:04:38.0411 5768 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys

08:04:38.0591 5768 rdpdr - ok

08:04:38.0661 5768 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

08:04:38.0791 5768 RDPENCDD - ok

08:04:38.0941 5768 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

08:04:39.0031 5768 RDPWD - ok

08:04:39.0091 5768 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys

08:04:39.0231 5768 rimmptsk - ok

08:04:39.0351 5768 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys

08:04:39.0711 5768 rimsptsk - ok

08:04:40.0091 5768 RimUsb - ok

08:04:40.0161 5768 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys

08:04:40.0442 5768 RimVSerPort - ok

08:04:41.0042 5768 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys

08:04:41.0302 5768 rismxdp - ok

08:04:41.0982 5768 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys

08:04:42.0022 5768 ROOTMODEM - ok

08:04:42.0112 5768 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

08:04:42.0172 5768 rspndr - ok

08:04:42.0982 5768 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

08:04:43.0152 5768 SASDIFSV - ok

08:04:43.0392 5768 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

08:04:43.0742 5768 SASKUTIL - ok

08:04:44.0432 5768 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

08:04:44.0592 5768 sbp2port - ok

08:04:44.0962 5768 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys

08:04:45.0082 5768 sdbus - ok

08:04:45.0382 5768 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

08:04:45.0512 5768 secdrv - ok

08:04:46.0382 5768 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

08:04:46.0702 5768 Serenum - ok

08:04:47.0542 5768 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

08:04:47.0692 5768 Serial - ok

08:04:48.0553 5768 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

08:04:48.0683 5768 sermouse - ok

08:04:49.0783 5768 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys

08:04:50.0323 5768 sffdisk - ok

08:04:51.0533 5768 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys

08:04:51.0673 5768 sffp_mmc - ok

08:04:52.0363 5768 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys

08:04:52.0553 5768 sffp_sd - ok

08:04:53.0323 5768 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

08:04:53.0463 5768 sfloppy - ok

08:04:53.0893 5768 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys

08:04:54.0123 5768 sisagp - ok

08:04:54.0253 5768 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

08:04:54.0273 5768 SiSRaid2 - ok

08:04:54.0483 5768 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

08:04:54.0513 5768 SiSRaid4 - ok

08:04:55.0153 5768 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

08:04:55.0303 5768 Smb - ok

08:04:56.0483 5768 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

08:04:56.0583 5768 spldr - ok

08:04:57.0024 5768 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

08:04:57.0354 5768 srv - ok

08:04:57.0534 5768 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

08:04:57.0844 5768 srv2 - ok

08:04:57.0934 5768 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

08:04:58.0084 5768 srvnet - ok

08:04:58.0164 5768 STHDA (5af135b2e2097d4494b9067ce84e2665) C:\Windows\system32\drivers\stwrt.sys

08:04:58.0494 5768 STHDA - ok

08:04:58.0604 5768 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

08:04:58.0634 5768 swenum - ok

08:04:58.0694 5768 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

08:04:58.0714 5768 Symc8xx - ok

08:04:58.0764 5768 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

08:04:58.0804 5768 Sym_hi - ok

08:04:58.0834 5768 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

08:04:58.0854 5768 Sym_u3 - ok

08:04:58.0904 5768 SynTP (dd17b63f26430e179ef6bdef5ac735bd) C:\Windows\system32\DRIVERS\SynTP.sys

08:04:59.0034 5768 SynTP - ok

08:04:59.0114 5768 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys

08:04:59.0374 5768 Tcpip - ok

08:04:59.0524 5768 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys

08:04:59.0654 5768 Tcpip6 - ok

08:04:59.0854 5768 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

08:05:00.0134 5768 tcpipreg - ok

08:05:00.0274 5768 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

08:05:00.0354 5768 TDPIPE - ok

08:05:00.0444 5768 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

08:05:00.0514 5768 TDTCP - ok

08:05:00.0844 5768 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

08:05:00.0914 5768 tdx - ok

08:05:00.0984 5768 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

08:05:01.0014 5768 TermDD - ok

08:05:01.0094 5768 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

08:05:01.0164 5768 tssecsrv - ok

08:05:01.0274 5768 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

08:05:01.0374 5768 tunmp - ok

08:05:01.0474 5768 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

08:05:01.0544 5768 tunnel - ok

08:05:01.0794 5768 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

08:05:01.0844 5768 uagp35 - ok

08:05:01.0964 5768 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

08:05:02.0064 5768 udfs - ok

08:05:02.0224 5768 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys

08:05:02.0384 5768 uliagpkx - ok

08:05:02.0604 5768 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

08:05:02.0634 5768 uliahci - ok

08:05:02.0734 5768 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

08:05:02.0794 5768 UlSata - ok

08:05:02.0844 5768 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

08:05:02.0864 5768 ulsata2 - ok

08:05:02.0924 5768 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

08:05:02.0974 5768 umbus - ok

08:05:03.0084 5768 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys

08:05:03.0134 5768 usbaudio - ok

08:05:03.0204 5768 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

08:05:03.0254 5768 usbccgp - ok

08:05:03.0344 5768 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

08:05:03.0444 5768 usbcir - ok

08:05:03.0514 5768 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

08:05:03.0574 5768 usbehci - ok

08:05:03.0614 5768 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

08:05:03.0684 5768 usbhub - ok

08:05:03.0724 5768 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys

08:05:03.0774 5768 usbohci - ok

08:05:03.0844 5768 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

08:05:03.0894 5768 usbprint - ok

08:05:03.0944 5768 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

08:05:03.0994 5768 USBSTOR - ok

08:05:04.0044 5768 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys

08:05:04.0154 5768 usbuhci - ok

08:05:04.0194 5768 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

08:05:04.0314 5768 vga - ok

08:05:04.0414 5768 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

08:05:04.0544 5768 VgaSave - ok

08:05:04.0574 5768 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys

08:05:04.0724 5768 viaagp - ok

08:05:04.0764 5768 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

08:05:04.0874 5768 ViaC7 - ok

08:05:04.0914 5768 viaide (f3b4762eb85a2aff4999401f14c3262b) C:\Windows\system32\drivers\viaide.sys

08:05:05.0174 5768 viaide - ok

08:05:05.0285 5768 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

08:05:05.0315 5768 volmgr - ok

08:05:05.0385 5768 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

08:05:05.0435 5768 volmgrx - ok

08:05:05.0495 5768 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

08:05:05.0545 5768 volsnap - ok

08:05:05.0865 5768 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

08:05:05.0895 5768 vsmraid - ok

08:05:05.0945 5768 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

08:05:06.0035 5768 WacomPen - ok

08:05:06.0155 5768 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

08:05:06.0245 5768 Wanarp - ok

08:05:06.0275 5768 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

08:05:06.0305 5768 Wanarpv6 - ok

08:05:06.0415 5768 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

08:05:06.0445 5768 Wd - ok

08:05:06.0555 5768 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

08:05:06.0635 5768 Wdf01000 - ok

08:05:06.0715 5768 winachsf (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys

08:05:07.0035 5768 winachsf - ok

08:05:07.0155 5768 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys

08:05:07.0245 5768 WmiAcpi - ok

08:05:07.0395 5768 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

08:05:07.0515 5768 WpdUsb - ok

08:05:07.0575 5768 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

08:05:07.0635 5768 ws2ifsl - ok

08:05:07.0705 5768 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

08:05:07.0755 5768 WUDFRd - ok

08:05:07.0795 5768 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys

08:05:07.0925 5768 XAudio - ok

08:05:07.0975 5768 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

08:05:08.0175 5768 \Device\Harddisk0\DR0 - ok

08:05:08.0205 5768 Boot (0x1200) (006591b4e9574f47530636913d7362af) \Device\Harddisk0\DR0\Partition0

08:05:08.0275 5768 \Device\Harddisk0\DR0\Partition0 - ok

08:05:08.0295 5768 Boot (0x1200) (796df7a64808ce9c1fcf4fe82cd1406a) \Device\Harddisk0\DR0\Partition1

08:05:08.0295 5768 \Device\Harddisk0\DR0\Partition1 - ok

08:05:08.0295 5768 ============================================================

08:05:08.0295 5768 Scan finished

08:05:08.0295 5768 ============================================================

08:05:08.0315 5996 Detected object count: 3

08:05:08.0315 5996 Actual detected object count: 3

08:06:22.0573 5996 DSproct ( UnsignedFile.Multi.Generic ) - skipped by user

08:06:22.0573 5996 DSproct ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:08:21.0902 5996 Backup copy not found, trying to cure infected file..

08:08:22.0011 5996 Cure success, using it..

08:08:23.0907 5996 C:\Windows\system32\Drivers\NEOFLTR_630_13725.SYS - will be cured on reboot

08:08:45.0292 5996 NEOFLTR_630_13725 ( Rootkit.Win32.ZAccess.k ) - User select action: Cure

08:08:45.0294 5996 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user

08:08:45.0294 5996 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:10:22.0322 4760 Deinitialize success

Link to post
Share on other sites

OTL logfile created on: 12/7/2011 8:36:30 AM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\KP15460\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 67.28% Memory free

3.99 Gb Paging File | 2.69 Gb Available in Paging File | 67.47% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 220.32 Gb Total Space | 142.32 Gb Free Space | 64.60% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 5.73 Gb Free Space | 57.27% Space Free | Partition Type: NTFS

Computer Name: KP15460-PC | User Name: KP15460 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\KP15460\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)

PRC - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)

PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)

PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)

PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)

PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)

PRC - C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)

PRC - C:\Windows\System32\java.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)

PRC - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)

PRC - C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe (Linksys LLC - A Division of Cisco Systems)

PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)

PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)

PRC - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe ()

PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.)

PRC - C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)

PRC - C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)

PRC - C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)

PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)

PRC - C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)

PRC - C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)

PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

PRC - C:\Program Files\ACD Systems\DevDetect\DevDetect.exe (ACD Systems, Ltd.)

========== Modules (No Company Name) ==========

MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll ()

MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\231b0b42eff55de5c7d7debe555c16b7\PresentationFramework.Aero.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\94f892556ec9fa7a508fc9d214ceaedf\PresentationFramework.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53f949f4664bb316f9b7a00d73a6e290\PresentationCore.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd2c727bcef2e019eb96c1145f423701\WindowsBase.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()

MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL ()

MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll ()

MOD - C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll ()

MOD - C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll ()

MOD - C:\Program Files\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll ()

MOD - C:\Windows\System32\atitmmxx.dll ()

========== Win32 Services (SafeList) ==========

SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)

SRV - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)

SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()

SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)

SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)

SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)

SRV - (SeaPort) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)

SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)

SRV - (nmservice) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)

SRV - (LinksysUpdater) -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe ()

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.)

SRV - (AESTFilters) -- C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)

SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)

SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)

SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()

SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

========== Driver Services (SafeList) ==========

DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)

DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)

DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)

DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.)

DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)

DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.)

DRV - (mfenlfk) -- C:\Windows\System32\drivers\mfenlfk.sys (McAfee, Inc.)

DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)

DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.)

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (pnarp) -- C:\Windows\System32\drivers\pnarp.sys (Pure Networks, Inc.)

DRV - (purendis) -- C:\Windows\System32\drivers\purendis.sys (Pure Networks, Inc.)

DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)

DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.)

DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.)

DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (dsunidrv) -- C:\Windows\System32\drivers\dsunidrv.sys (Gteko Ltd.)

DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)

DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)

DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)

DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)

DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)

DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)

DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)

DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-4023225254-2207012466-156447195-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6071203

IE - HKU\S-1-5-21-4023225254-2207012466-156447195-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKU\S-1-5-21-4023225254-2207012466-156447195-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKU\S-1-5-21-4023225254-2207012466-156447195-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKU\S-1-5-21-4023225254-2207012466-156447195-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lancasterfire.com/

IE - HKU\S-1-5-21-4023225254-2207012466-156447195-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-4023225254-2207012466-156447195-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

IE - HKU\S-1-5-21-4023225254-2207012466-156447195-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-4023225254-2207012466-156447195-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4023225254-2207012466-156447195-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()

FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2010/04/08 07:12:55 | 000,000,000 | ---D | M]

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/12 02:01:37 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011/11/09 14:38:04 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2011/12/07 08:27:17 | 000,000,000 | ---D | M]

Hosts file not found

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111112120152.dll (McAfee, Inc.)

O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.

O3 - HKU\S-1-5-21-4023225254-2207012466-156447195-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Camera Detector] C:\Program Files\ACD Systems\DevDetect\DevDetect.exe (ACD Systems, Ltd.)

O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)

O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )

O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)

O4 - HKLM..\Run: [LELA] C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe (Linksys LLC - A Division of Cisco Systems)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)

O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)

O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)

O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)

O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-4023225254-2207012466-156447195-1000..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)

O4 - HKU\S-1-5-21-4023225254-2207012466-156447195-1000..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKU\S-1-5-21-4023225254-2207012466-156447195-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-4023225254-2207012466-156447195-1000..\Run: [iSUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)

O4 - HKU\S-1-5-21-4023225254-2207012466-156447195-1000..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-4023225254-2207012466-156447195-1000..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)

O4 - HKU\S-1-5-21-4023225254-2207012466-156447195-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-4023225254-2207012466-156447195-1000..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O4 - Startup: C:\Users\KP15460\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\winrnr.dll File not found

O13 - gopher Prefix: missing

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9BF64F0F-3F73-49C9-B6A8-149C3DCAF92D}: NameServer = 68.87.75.198,68.87.64.150

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A079254B-7804-483B-9A46-132415A668AC}: DhcpNameServer = 68.87.75.198 68.87.64.150

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)

O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -C:\Windows\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\Windows\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\KP15460\Pictures\2008_001.jpg

O24 - Desktop BackupWallPaper: C:\Users\KP15460\Pictures\2008_001.jpg

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O29 - HKLM SecurityProviders - (credssp.dll) -C:\Windows\System32\credssp.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) -C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) -C:\Windows\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) -C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) -C:\Windows\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) -C:\Windows\System32\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (tspkg) -C:\Windows\System32\tspkg.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{29eb965c-89ac-11e0-8c28-001c23b106f2}\Shell - "" = AutoRun

O33 - MountPoints2\{29eb965c-89ac-11e0-8c28-001c23b106f2}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a

O33 - MountPoints2\{decca41f-ba23-11de-a4b3-001c23b106f2}\Shell\AutoRun\command - "" = G:\autorun.exe

O33 - MountPoints2\{decca41f-ba23-11de-a4b3-001c23b106f2}\Shell\phone\command - "" = G:\autorun.exe

O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\autorun.exe

O33 - MountPoints2\G\Shell\phone\command - "" = G:\autorun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/07 08:34:08 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\KP15460\Desktop\OTL.exe

[2011/12/07 08:25:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

[2011/12/07 08:00:18 | 001,577,776 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\KP15460\Desktop\tdsskiller.exe

[2011/12/06 19:19:13 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2011/11/24 10:43:40 | 000,000,000 | ---D | C] -- C:\Users\KP15460\AppData\Roaming\Malwarebytes

[2011/11/24 10:43:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/11/24 10:43:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011/11/24 10:43:21 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011/11/24 10:43:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/11/18 12:52:10 | 000,000,000 | ---D | C] -- C:\Windows\Sun

[2011/11/14 12:34:47 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

========== Files - Modified Within 30 Days ==========

[2011/12/07 08:34:15 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\KP15460\Desktop\OTL.exe

[2011/12/07 08:25:37 | 000,001,697 | ---- | M] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk

[2011/12/07 08:19:27 | 000,000,437 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics

[2011/12/07 08:18:39 | 000,003,968 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/12/07 08:18:39 | 000,003,968 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/12/07 08:18:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/12/07 08:18:26 | 2011,172,864 | -HS- | M] () -- C:\hiberfil.sys

[2011/12/07 08:13:18 | 000,064,480 | ---- | M] (Juniper Networks) -- C:\Windows\System32\drivers\NEOFLTR_630_13725.sys

[2011/12/07 08:11:44 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2011/12/07 08:00:20 | 001,577,776 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\KP15460\Desktop\tdsskiller.exe

[2011/12/07 07:49:57 | 196,414,514 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2011/12/03 22:28:06 | 000,001,356 | ---- | M] () -- C:\Users\KP15460\AppData\Local\d3d9caps.dat

[2011/11/30 05:18:58 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn

[2011/11/24 17:24:10 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2011/11/24 10:43:30 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/11/22 04:58:57 | 000,001,409 | ---- | M] () -- C:\Windows\QTFont.for

[2011/11/19 04:00:21 | 000,013,191 | ---- | M] () -- C:\Users\KP15460\Desktop\price check.odt

[2011/11/16 19:20:51 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/11/16 19:20:51 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2011/12/04 12:38:18 | 2011,172,864 | -HS- | C] () -- C:\hiberfil.sys

[2011/11/25 23:59:44 | 000,001,356 | ---- | C] () -- C:\Users\KP15460\AppData\Local\d3d9caps.dat

[2011/11/24 10:43:30 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/11/22 04:58:57 | 000,054,156 | -H-- | C] () -- C:\Windows\QTFont.qfn

[2011/11/22 04:58:57 | 000,001,409 | ---- | C] () -- C:\Windows\QTFont.for

[2011/11/19 04:00:17 | 000,013,191 | ---- | C] () -- C:\Users\KP15460\Desktop\price check.odt

[2011/11/14 12:34:03 | 196,414,514 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2009/09/17 04:29:44 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009/09/17 04:29:44 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009/08/06 14:22:49 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin

[2009/04/17 23:01:20 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2008/05/22 14:51:57 | 000,000,112 | ---- | C] () -- C:\Users\KP15460\AppData\Roaming\wklnhst.dat

[2008/01/28 15:08:24 | 000,036,352 | ---- | C] () -- C:\Users\KP15460\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007/12/10 07:00:00 | 000,430,080 | ---- | C] () -- C:\Windows\System32\ZSHP1018.EXE

[2007/12/03 08:18:16 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat

[2007/12/03 08:18:16 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2007/12/03 08:18:16 | 000,145,050 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2007/12/03 08:18:15 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

[2007/12/03 08:18:03 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2007/12/03 00:49:18 | 000,000,080 | RHS- | C] () -- C:\Windows\CT4CET.bin

[2007/12/03 00:37:22 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat

[2006/11/07 14:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini

[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 07:47:37 | 000,338,336 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 05:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 05:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2006/09/17 00:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll

[2006/09/17 00:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

[2002/03/21 11:39:02 | 000,073,728 | R--- | C] () -- C:\Windows\System32\UNACEV2.DLL

[2002/03/21 09:51:52 | 000,503,808 | R--- | C] () -- C:\Windows\System32\lt_xtrans.dll

[2002/03/21 09:51:52 | 000,286,720 | R--- | C] () -- C:\Windows\System32\MrSIDD.dll

[2002/03/21 09:51:52 | 000,163,840 | R--- | C] () -- C:\Windows\System32\lt_common.dll

[2002/03/21 09:51:52 | 000,126,976 | R--- | C] () -- C:\Windows\System32\lt_trans.dll

[2002/03/21 09:51:52 | 000,069,632 | R--- | C] () -- C:\Windows\System32\lt_meta.dll

[2002/03/21 09:51:52 | 000,053,248 | R--- | C] () -- C:\Windows\System32\lt_encrypt.dll

[2002/03/21 09:51:52 | 000,020,480 | R--- | C] () -- C:\Windows\System32\lt_messagetext.dll

[2002/03/20 18:01:06 | 000,006,688 | R--- | C] () -- C:\Windows\System32\Digita.sys

[2002/03/20 18:00:20 | 000,049,152 | R--- | C] () -- C:\Windows\System32\TransportUSB.dll

[2002/03/20 18:00:20 | 000,049,152 | R--- | C] () -- C:\Windows\System32\TransportSerial.dll

[2002/03/20 18:00:20 | 000,049,152 | R--- | C] () -- C:\Windows\System32\TransportIrDA.dll

[2002/03/20 18:00:20 | 000,049,152 | R--- | C] () -- C:\Windows\System32\TransportIrCOMM.dll

========== LOP Check ==========

[2009/02/04 11:41:57 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\ACD Systems

[2009/08/10 09:34:27 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Research In Motion

[2008/01/28 15:45:56 | 000,000,000 | ---D | M] -- C:\Users\KP15460\AppData\Roaming\acccore

[2008/01/29 18:02:28 | 000,000,000 | ---D | M] -- C:\Users\KP15460\AppData\Roaming\ACD Systems

[2011/06/29 09:28:37 | 000,000,000 | ---D | M] -- C:\Users\KP15460\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1

[2008/05/24 10:31:43 | 000,000,000 | ---D | M] -- C:\Users\KP15460\AppData\Roaming\GetRightToGo

[2009/04/29 12:07:27 | 000,000,000 | ---D | M] -- C:\Users\KP15460\AppData\Roaming\Juniper Networks

[2011/08/17 20:57:59 | 000,000,000 | ---D | M] -- C:\Users\KP15460\AppData\Roaming\LimeWire

[2009/10/20 20:43:18 | 000,000,000 | ---D | M] -- C:\Users\KP15460\AppData\Roaming\mjusbsp

[2009/09/20 09:15:41 | 000,000,000 | ---D | M] -- C:\Users\KP15460\AppData\Roaming\OpenOffice.org

[2008/05/22 14:51:59 | 000,000,000 | ---D | M] -- C:\Users\KP15460\AppData\Roaming\Template

[2011/09/07 18:53:29 | 000,000,000 | ---D | M] -- C:\Users\KP15460\AppData\Roaming\WinPatrol

[2011/12/07 08:11:56 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 12/7/2011 8:36:30 AM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\KP15460\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 67.28% Memory free

3.99 Gb Paging File | 2.69 Gb Available in Paging File | 67.47% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 220.32 Gb Total Space | 142.32 Gb Free Space | 64.60% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 5.73 Gb Free Space | 57.27% Space Free | Partition Type: NTFS

Computer Name: KP15460-PC | User Name: KP15460 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\5.0\ACDSee5.exe" "%1" (ACD Systems, Ltd.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{01D7C9DD-0B06-4B16-9D06-5EB967EDE767}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{076430FE-E59F-4256-9461-C99C9A429D0D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{0FBCFA94-DB82-44D9-99FB-44A6A3D75C1E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{1897B29D-F32C-4A36-982C-9EC6EB6E8934}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

"{197C8EBF-BF0F-4800-8ADD-7ADE80FC0D4E}" = rport=10243 | protocol=6 | dir=out | app=system |

"{2F42359E-9D17-4A12-9268-0F131FE62828}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |

"{315B0F0B-D90D-4398-AF5A-6364D8A722CD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{339F30EF-2456-4A66-A9C7-880E0646BEF7}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{475C0E68-6CAB-4794-AA4E-0845C849319A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{69207C5B-9A28-4737-B7CF-C028E83B2555}" = lport=2869 | protocol=6 | dir=in | app=system |

"{6F7C90AC-AA81-493C-9869-8907D0A5C6D6}" = lport=2869 | protocol=6 | dir=in | app=system |

"{7C4265AA-99DA-49B8-9419-703937556A3F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{8065DC41-8E5F-457F-B847-8C169387DEA5}" = rport=2869 | protocol=6 | dir=out | app=system |

"{8B8760D4-2CD3-4CF7-AB82-81D85FBFC7C2}" = lport=2869 | protocol=6 | dir=in | app=system |

"{9A5CDD4F-E381-4BAF-A873-90AF63CD606E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{9E1C8EB1-27C3-4C0D-A28F-7F8DD5C467F2}" = lport=10243 | protocol=6 | dir=in | app=system |

"{B93CD8E2-4E47-476A-B12F-6CB9FBE2B7FA}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{BE16316E-B124-4223-AA69-E9462B17F404}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{C02EF8E5-8573-49BA-8E33-421A61EBFDDA}" = lport=2869 | protocol=6 | dir=in | app=system |

"{D0B5186C-A190-4A8F-9EAC-0FC9A85AD4B3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{DC3D9C74-48AC-4188-920E-912F1B256EA0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

"{E31C5488-B15D-4B91-B5E4-8F3CAC8EF84A}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |

"{F0E72DC7-9E51-4C40-B27B-66C188D67856}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{F8D66C5C-8526-41AC-83A1-80CC20159D56}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0B498836-1E20-4E2C-A0F0-8FBB19D869D8}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |

"{0C259E01-052D-4DAF-B7E6-DCAEE3F3B48E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{117B5DC5-7AB7-469C-8DBE-97D00737A3BA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{1593979D-4DFD-4270-81E8-355A1C034E94}" = protocol=17 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |

"{1AD78CDE-9E3F-4F5D-8B1E-76BB80273ED6}" = protocol=6 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |

"{234AA53E-B025-4610-A313-6871E36B8CF3}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |

"{29447ACF-6602-4A44-8362-6A693A24988F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{411D22EA-70A3-4577-8AFE-F3EE7DB4EF6D}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |

"{51B51DC9-AF94-4BF5-BDBB-6520B15A8123}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{55F05510-D0BD-49AD-B300-492476E872B9}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |

"{5A556F66-2E2B-4996-AE27-27B11F49C8E4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{5DBF6091-9F5E-4EB3-A5A1-C729B2DA47DB}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{62806CEB-2EE5-4FB3-9C3A-C05A76952D7A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{72E57749-F178-451A-B837-6EEF2AF72CC8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{7AFF94CA-2567-4D25-AA2F-E6812861678D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{7B1E1B53-7C90-41FC-9FD9-D21C069DAEC7}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |

"{80A2AA21-AF25-4E98-8CE2-8EB641A0C371}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{8355D0F6-CBA4-43DC-A0B7-1920FE2F007E}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

"{871B39AD-FF44-42FE-B6C7-BCB0AA2B2213}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

"{8E3C27E3-4AEB-4072-B2A4-B1F04A9F8931}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{965F3504-0167-404D-A7AE-52FC90D45575}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{9B621249-071F-4EF7-A9F6-0EDC6185494C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{B7C4BD57-BD59-4748-80F6-C676D1ED63D9}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"{B9329607-FA3B-4CCC-AFAF-36A16610A26C}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"{BAEFAD7A-2C70-4766-91EB-712262333439}" = protocol=17 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |

"{C19D440F-5F39-4E17-807F-25FB2600275D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{C74C274F-49A1-40AD-A777-436242D156E9}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{D4AF5BAA-9E5C-46A9-9D82-DA4220816303}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |

"{EEDE41F3-4265-4DA8-A079-312490266D31}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{F07D7342-5E0E-4B09-81AC-B77C2D876ADC}" = protocol=6 | dir=out | app=system |

"{F165E848-29A5-431F-9F6D-22AE199F6C9A}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |

"{F22BF740-0980-46F5-87B7-9AC7470BDD79}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{FB8E777B-AB5C-43AD-A60C-04CE90867841}" = protocol=6 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |

"{FCF839DF-FD64-459C-BE4B-59272560B91A}" = protocol=6 | dir=out | app=system |

"{FFAC21E3-E870-46F5-A5E3-C5D099E80EB4}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |

"TCP Query User{0BB31A24-2DF9-4C37-B582-54AE9537F787}C:\program files\microsoft games\microsoft flight simulator x\fsx.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\microsoft flight simulator x\fsx.exe |

"TCP Query User{4CB4EF67-2405-4FA6-A885-0A6CFA07C61F}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |

"TCP Query User{69B31BA2-5A30-42F1-A348-BBD9641F156E}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"TCP Query User{EFB307E6-AAAE-4DD4-92BA-12C76B6A63AB}C:\program files\global star software\airport tycoon 3\at3.exe" = protocol=6 | dir=in | app=c:\program files\global star software\airport tycoon 3\at3.exe |

"UDP Query User{35C3A71A-F230-472D-9AAB-AB0731CE0A9B}C:\program files\global star software\airport tycoon 3\at3.exe" = protocol=17 | dir=in | app=c:\program files\global star software\airport tycoon 3\at3.exe |

"UDP Query User{3A76A983-C75B-4F3D-A4F5-78D1C6BF98AF}C:\program files\microsoft games\microsoft flight simulator x\fsx.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\microsoft flight simulator x\fsx.exe |

"UDP Query User{98D98851-59BD-4133-978C-5B26DB23AAAE}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{D66313B0-C710-4F6A-AC73-077856EBF324}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol

"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call

"{02C85D5D-77CA-7173-5775-AFB9CC835F33}" = CCC Help Finnish

"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools

"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center

"{0A331B03-B20D-D63E-7CFA-6DE03CD85972}" = CCC Help Chinese Traditional

"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger

"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data

"{0F95AA42-0FF6-4D48-9CA1-64C8D0777500}" = QuickSet

"{179950A7-026A-3F96-9540-3C528A96C5C0}" = Catalyst Control Center Localization Danish

"{1882BDBB-0DFD-FAE6-77FA-E3445D821F18}" = CCC Help Norwegian

"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2452E3E3-B627-7371-F43F-68149C528556}" = CCC Help French

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 26

"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D

"{3018B943-C76C-44B0-B078-790A28CEF67E}" = Microsoft UI Engine

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager

"{310A99AD-E8DD-CF60-CDD3-ED197E106A80}" = Catalyst Control Center Localization Russian

"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers

"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module

"{36D252B0-6856-4395-4BBE-DEC2E56DCB24}" = Catalyst Control Center Localization Dutch

"{3736E75B-0FD7-F5A3-15F1-EE07B633AEE5}" = Catalyst Control Center Localization Finnish

"{393AAD92-9760-9B0D-43C1-C6C5E89EFA67}" = Catalyst Control Center Localization Swedish

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting

"{4248C264-C1BF-8414-4B16-F61FF0BC49A7}" = Catalyst Control Center Localization Spanish

"{48FC3614-221A-4272-5AFC-50EC406606FE}" = Catalyst Control Center Localization Chinese Traditional

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A2BD145-6614-B0A5-0E1A-5367A3451691}" = CCC Help Chinese Standard

"{55D070A2-9EA5-8C26-5F74-835BAC086523}" = Catalyst Control Center Localization German

"{59361F9F-A413-83EC-E269-6D34CC697878}" = CCC Help Portuguese

"{5B9A8ECB-A06B-A5AF-A7AD-B2E1A9B09AE8}" = CCC Help Korean

"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides

"{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}" = EarthLink Setup Files

"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy

"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer

"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector

"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator

"{66039B36-96AE-40D1-8A32-071F7A61B738}" = Microsoft LifeChat

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler

"{6BAFE5C7-FAAE-7F8C-39C0-BA8BD7A6786F}" = Catalyst Control Center Localization Chinese Standard

"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{72BBAAE1-61A5-5F40-9BF3-95992B29F8A7}" = Catalyst Control Center Graphics Full Existing

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar

"{7A97828F-C89C-C290-E11D-57A33DD523CB}" = Catalyst Control Center Localization Portuguese

"{7D3A926D-D61E-6063-1C0D-18A4365D5033}" = ccc-core-static

"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide

"{7E532356-3BAE-4832-A253-2F1094FE5C40}" = Catalyst Control Center Localization Norwegian

"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport

"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio

"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin

"{88937F68-8C7A-A5DC-4004-2A2E0ECCC2DB}" = Catalyst Control Center Localization Japanese

"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard

"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center

"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup

"{9C454737-22A5-43F6-B09F-A4B3F7BD3468}" = CCC Help Spanish

"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect

"{9C769AD0-00EE-8A6A-8C2A-F51BAABCCE02}" = CCC Help Dutch

"{9E3DCAB8-285C-464F-DBCB-0052F92FEEF2}" = Catalyst Control Center Graphics Light

"{A8B9FBF8-7986-6CF7-C31C-20A19E7D1717}" = ccc-utility

"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6

"{ACB4C93A-594E-E76A-3349-EEF2D6A723D6}" = Catalyst Control Center Localization Italian

"{ACDF5DEF-413F-A546-6F35-66CE215BDCCB}" = Skins

"{B2BFD108-1E93-06C5-F34E-48B92C358EDD}" = CCC Help Swedish

"{B970E87C-274D-5ADC-41BB-8C81926AF300}" = CCC Help Russian

"{BDB86C0A-0F05-CB9F-24B0-ADBA2D0768CA}" = Zoosk Messenger

"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer

"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries

"{C6CC1EA6-12E2-219A-F8A1-1058AB678E08}" = CCC Help Italian

"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE

"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs

"{CCFF1E13-77A2-4032-8B12-7566982A27DF}" = Internet Service Offers Launcher

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CF8BA296-55D7-8B51-6C4E-4789A1D003BE}" = Catalyst Control Center Localization French

"{D1CB9533-B129-40B7-9B11-BB444BF52403}" = Pure Networks Platform

"{D62A9D43-39A4-337B-A432-1C6DB13087B8}" = CCC Help English

"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE

"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher

"{D8210D47-2F24-99C7-9183-E093FBF14D92}" = CCC Help Japanese

"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials

"{DCDCFE99-36A7-6B89-8329-BAB033D99577}" = CCC Help German

"{DE623944-11D0-4CD3-17BE-FDF0F5309FD5}" = CCC Help Danish

"{E194308F-9718-7425-BCC1-FAAF46A188CB}" = Catalyst Control Center Core Implementation

"{E314D889-0C82-9F5F-A9EE-699109226856}" = Catalyst Control Center Graphics Full New

"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)

"{E492D880-0B07-4769-9E92-6C2B7DE37716}" = Linksys EasyLink Advisor

"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect

"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1

"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update

"{E713653C-8312-4BC6-AFC9-ADE1F2F04AB9}" = ATI PCI Express (3GIO) Filter Driver

"{EED5156C-4BA8-4105-A506-DB9D00F8B68D}" = ACDSee for PENTAX

"{EFBE2318-89B7-4A5F-8912-23DB04761C31}" = Catalyst Control Center - Branding

"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool

"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform

"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com

"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR

"{FF61246F-8BD1-165A-5F50-B6DFECE53025}" = Catalyst Control Center Localization Korean

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Advanced Audio FX Engine" = Advanced Audio FX Engine

"Advanced Video FX Engine" = Advanced Video FX Engine

"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1" = Zoosk Messenger

"Creative OEM002" = Laptop Integrated Webcam Driver (1.03.02.0719)

"Dell Webcam Center" = Dell Webcam Center

"Dell Webcam Manager" = Dell Webcam Manager

"ESET Online Scanner" = ESET Online Scanner v3

"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X

"InstallShield_{E492D880-0B07-4769-9E92-6C2B7DE37716}" = Linksys EasyLink Advisor

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"MSC" = McAfee AntiVirus Plus

"Neoteris_Secure_Application_Manager" = Juniper Networks Secure Application Manager

"QuickTime" = QuickTime

"SoftwareUpdUtility" = Download Updater (AOL LLC)

"SynTPDeinstKey" = Dell Touchpad

"ViewpointMediaPlayer" = Viewpoint Media Player

"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4023225254-2207012466-156447195-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Juniper_Networks_Cache_Cleaner 6.3.0" = Juniper Networks Cache Cleaner 6.3.0

"Juniper_Setup_Client" = Juniper Networks Setup Client

"Neoteris_Host_Checker" = Juniper Networks Host Checker

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Link to post
Share on other sites

Step 1

I also see you have Viewpoint installed...

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: -http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.


  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player

Step 2

  • Run OTL.exe
  • Under Custom Scans/Fixes post the following script:

:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-4023225254-2207012466-156447195-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKLM..\Run: [] File not found

:Commands
[emptytemp]
[resethosts]
[clearallrestorepoints]

  • Then click the Run Fix button at the top
  • Let the program run unhindered,when it is done it will say "Fix Complete press ok to open log".
  • Please post that log in your next reply.

Link to post
Share on other sites

  • 2 weeks later...
  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.