Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with TDSS & Google keeps redirecting


  • This topic is locked This topic is locked
14 replies to this topic

#1 mrmila

mrmila

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:26 PM

Posted 22 January 2012 - 12:50 PM

I had Vista Internet Security 2012 Virus. I removed most of the problems by following Bleeping Computer's direction at the following address http://www.bleepingcomputer.com/virus-removal/remove-vista-internet-security-2012. However TDSSKiller did not work for getting rid of the redirects. Please let me know if there is anything I can do to remove. Thanks!

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_03
Run by Kellogg at 10:23:36 on 2012-01-22
Microsoft® Windows Vista™ Enterprise 6.0.6000.0.1252.1.1033.18.2046.954 [GMT -6:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Qwest\Desktop\QwestTouchPointAgent.exe
C:\Program Files\Qwest Personal Digital Vault\QwestPersonalDigitalVault.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Real\realplayer\Update\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\atashost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Windows\system32\java.exe
C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Windows\System32\TPHDEXLG.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.comcast.net/
uDefault_Page_URL = hxxp://www.kellogg.northwestern.edu/student/serial
uWindow Title = Windows Internet Explorer provided by Comcast
mStart Page = hxxp://www.comcast.net/
mDefault_Page_URL = hxxp://www.live.com
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [<NO NAME>]
uRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe" /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [<NO NAME>]
mRun: [TpShocks] TpShocks.exe
mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [LELA] "c:\program files\linksys\linksys easylink advisor\Linksys EasyLink Advisor.exe" /minimized
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [QwestTouchPointAgent] "c:\program files\qwest\desktop\QwestTouchPointAgent.exe" /autostart
mRun: [Qwest Personal Digital Vault] "c:\program files\qwest personal digital vault\QwestPersonalDigitalVault.exe" /m
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
StartupFolder: c:\users\kellogg\appdata\roaming\micros~1\windows\startm~1\programs\startup\ccc.lnk - c:\program files\ati technologies\ati.ace\core-static\CCC.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{c91de044-d900-4f15-bbd1-44fd9d59b277}\Icon3E5562ED7.ico
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{115C962E-44E8-4801-AE91-62EA5CCBCA5F} : DhcpNameServer = 129.105.49.1 165.124.49.21
TCP: Interfaces\{12145DE5-95EE-4226-9CFE-AD62030C5190} : DhcpNameServer = 165.124.49.21 129.105.49.1
TCP: Interfaces\{15930ADF-3FF7-42B2-950A-17695237B83C} : DhcpNameServer = 129.105.49.1 165.124.49.21
TCP: Interfaces\{363667E3-A6ED-4046-848D-4C155E7F1047} : DhcpNameServer = 129.105.49.1 165.124.49.21
TCP: Interfaces\{461268EF-1726-445B-9A3C-BF071C477EE4} : DhcpNameServer = 129.105.49.1 165.124.49.21
TCP: Interfaces\{87A55BB8-4208-4578-A78C-BC274220CD75} : DhcpNameServer = 129.105.49.1 165.124.49.21
TCP: Interfaces\{91FD5778-F96D-438C-86C0-D0AA7EF7FF51} : DhcpNameServer = 129.105.49.1 165.124.49.21
TCP: Interfaces\{98ADE9ED-56F4-4AFB-B10D-8552385BFD30} : DhcpNameServer = 129.105.49.1 165.124.49.21
TCP: Interfaces\{A9841409-9126-480E-B709-883A60C6F83E} : DhcpNameServer = 129.105.49.1 165.124.49.21
TCP: Interfaces\{C308C9E7-7C00-4C56-8025-94795F13B74D} : DhcpNameServer = 129.105.49.1 165.124.49.21
TCP: Interfaces\{CD1F09FF-5809-4BDC-8EC6-FB7CC30FBFAD} : DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{ED2F2AF8-5B17-4738-AD8B-C03D90887522} : DhcpNameServer = 129.105.49.1 165.124.49.21
TCP: Interfaces\{FEAEC80A-E7B2-491C-A46E-FF4CADC6729F} : DhcpNameServer = 192.168.1.254
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp3.dll
mASetup: ccc-core-static - msiexec /fums {5CF4E506-3628-7338-E2DC-8132134AA893} /qb
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\kellogg\appdata\roaming\mozilla\firefox\profiles\5l98wh1v.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.kellogg.northwestern.edu/student/serial/index.htm
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol500.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\kellogg\appdata\roaming\move networks\plugins\npqmp071503000010.dll
.
============= SERVICES / DRIVERS ===============
.
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-3-2 19760]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2006-8-30 13744]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2011-10-24 133944]
R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-4-18 204800]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-10-14 994360]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-10-14 399416]
R2 sprtlisten;SupportSoft Listener Service;c:\program files\common files\supportsoft\bin\sprtlisten.exe [2008-1-8 1213728]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-2-1 2440120]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2007-3-2 55936]
R2 Viewpoint Service;Viewpoint Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-5-26 30152]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-11-14 106104]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
.
=============== Created Last 30 ================
.
2012-01-18 03:23:54 11776 ----a-w- c:\program files\mozilla firefox\plugins\nprjplug.dll
2012-01-18 03:23:30 -------- d-----w- c:\program files\common files\xing shared
2012-01-18 03:23:16 150696 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
2012-01-18 03:23:03 108544 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll
2012-01-18 03:12:01 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2012-01-18 03:11:56 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-01-18 03:11:55 814040 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2012-01-18 03:11:55 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-01-18 03:11:55 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-01-18 03:11:55 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2012-01-18 03:11:54 97240 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2012-01-18 03:11:54 486360 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2012-01-18 03:11:54 2124760 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2012-01-18 03:11:54 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2012-01-18 03:11:53 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2012-01-18 03:11:53 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2012-01-18 03:09:45 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
2012-01-18 03:00:54 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-18 02:57:24 -------- d-----w- c:\users\kellogg\appdata\local\Secunia PSI
2012-01-18 02:57:11 -------- d-----w- c:\program files\Secunia
2012-01-18 01:57:59 -------- d-----w- c:\users\kellogg\appdata\roaming\Malwarebytes
2012-01-18 01:57:46 -------- d-----w- c:\programdata\Malwarebytes
2012-01-18 01:57:43 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-18 01:57:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-02 17:06:57 -------- d-----w- c:\program files\iPod
2012-01-02 17:06:53 -------- d-----w- c:\program files\iTunes
.
==================== Find3M ====================
.
2011-10-24 20:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 20:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
============= FINISH: 10:25:03.06 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:26 PM

Posted 28 January 2012 - 07:53 AM

Welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.sys /90
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\*
    %USERPROFILE%\..|smtmp;true;true;true /FP
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 mrmila

mrmila
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:26 PM

Posted 29 January 2012 - 10:04 AM

Below are the two OTL files and GMER log. Still having issues but now I cannot even get access to the internet unless I am in safe mode. Look forward to any thoughts you have! Thanks, Matt

OTL Extras logfile created on: 1/28/2012 6:56:40 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Kellogg\Downloads
Windows Vista Enterprise Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 75.26% Memory free
4.21 Gb Paging File | 3.87 Gb Available in Paging File | 91.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 57.90 Gb Free Space | 62.15% Space Free | Partition Type: NTFS
Drive D: | 682.75 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MRM409-T60P | User Name: Kellogg | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1831159865-1480381245-1420893074-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F47EFB-3F23-45FB-90D9-714CF1BBE077}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{08568DD9-A641-4F5D-9E37-38C1EAB5329F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0E6CDE3D-68ED-4144-B746-5BF2296CC6F7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2CA1D2C2-ED52-48F7-9095-5E078C646F72}" = lport=445 | protocol=6 | dir=in | app=system |
"{3F0D028E-4D7B-4280-A747-5ECB6EC3456A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{438AEB1A-7AC2-4183-9970-3CAC900CE7ED}" = lport=54925 | protocol=17 | dir=in | name=brother network scanner |
"{4551BBEF-E18E-4B0C-8775-24480623FB72}" = lport=137 | protocol=17 | dir=in | app=system |
"{702A1B67-9783-4FE1-9A82-88C9D71C1E98}" = lport=139 | protocol=6 | dir=in | app=system |
"{73AF7CB8-6D9B-4DD9-AC5D-AE4F0AB2AFC1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{9443B7C8-25F9-4AB7-9463-6F87630C14B7}" = rport=445 | protocol=6 | dir=out | app=system |
"{9B5415CC-06E0-45DA-A775-38BA64BDAEA0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B0DB78A1-2968-4F8B-83C5-CF708202A556}" = rport=139 | protocol=6 | dir=out | app=system |
"{C03EDC34-7ECA-4DC1-8DC4-861137E3269F}" = lport=138 | protocol=17 | dir=in | app=system |
"{C1FA7A07-CE8B-4C55-AFA5-DA8BB43C7A3E}" = rport=137 | protocol=17 | dir=out | app=system |
"{D79A79F6-721C-4075-9CB5-3251A8A0087C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E91C810F-BE04-464F-ACBB-B6458684BB1E}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A29EB01-8BAE-4EC2-9392-11497C6F3C19}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{10C39526-C1C6-4B52-8F13-CAE7C361D428}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{111D6DC7-FACE-4213-9C1B-FE5DD62D2946}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2076BD0E-FDBF-470A-B82F-1E318D4F9028}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{2DDE9205-6762-4ACE-8E7B-0C3C2E0DEB96}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{337AD207-9B3B-460A-A122-F3315C0DF66E}" = protocol=6 | dir=in | app=c:\program files\brother\brmfl07b\faxrx.exe |
"{43B76E95-CEDF-4BD0-AD78-E070D87BFD06}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{56F24AAA-B647-46D7-8D01-4476649DD7B4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{76C76C7D-246C-44C9-8F95-75ECCA4E27E0}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{7731D2B0-603C-4BA6-8CCB-E5911B93F434}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{784811B7-DCC5-4318-B1FA-6949411A2E4A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7AE01DF4-A3D1-46B3-B6FE-FF5CA6178036}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{84C3A29A-A453-4DCD-A752-BB364657078D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{88CD8CEA-BE6B-4C74-95E2-629473895F1B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{94024FD0-C13B-4280-A9A4-70DDDCD525F0}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{9434E4C3-D045-4646-B422-069DBEA827CD}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{9A9065EB-5FD9-469B-AB05-BB9B570BB51E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A771CA0D-A988-4C64-A8B7-C96D3F99656C}" = protocol=17 | dir=in | app=c:\program files\brother\brmfl07b\faxrx.exe |
"{C1856BD5-A9F5-4882-9458-0E38545149D0}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{D81C122E-5007-4E88-9512-2858E683662D}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{E7DE207E-4684-417F-BD25-CCBA230553C3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EA228BBE-FE21-4C74-B64B-A6B49B634048}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"TCP Query User{9D6CDCA0-7E97-4191-B0C2-A0C8C413E9BA}C:\users\kellogg\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\kellogg\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{C3AB15D0-C2E5-4069-B4CD-4A26C448D247}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{AAC54525-08A7-481E-82AD-9128BD5E8425}C:\users\kellogg\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\kellogg\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{F9FF13CF-6547-4A25-B7C9-F6669952A3CC}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0212E16E-F955-C48D-B411-04028B57A2E9}" = CCC Help Spanish
"{06639940-8095-1F30-29FD-76A400D960B1}" = Catalyst Control Center Core Implementation
"{0E5A8371-3772-93D8-C3D1-22D5595774EB}" = Catalyst Control Center Localization Swedish
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{1BCC7FF2-2E02-EED8-EB08-F8C96F7BFE57}" = Catalyst Control Center Localization Chinese Traditional
"{210A0801-DC55-373E-5C1F-067BA6050BBF}" = CCC Help Dutch
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2D64272E-FE6A-8973-1372-1E3A550F3696}" = CCC Help Swedish
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{3152FC3C-C4DF-6240-3502-4954010BE979}" = Catalyst Control Center Graphics Previews Vista
"{317609AE-471D-3553-FFE7-ADCD726D534B}" = CCC Help Chinese Standard
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{337DBBE9-6B38-E75B-14C2-A5D4FE9D9785}" = Catalyst Control Center Localization Dutch
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34EA5FC6-6066-4A9C-0BD2-C0275810F845}" = Catalyst Control Center Localization Korean
"{37773D12-8AE3-BF47-6B83-630FEBF7969A}" = Skins
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{46E1B1F2-A279-4356-9B17-029F9CC72EAE}" = Brother MFL-Pro Suite
"{4AB5764A-3894-49A2-BAA8-C4665F74CD4C}" = Registry patch to improve USB device detection on resume from sleep for Windows Vista
"{4DCBF2AD-D7A0-A75B-80CF-F195797AD701}" = Catalyst Control Center Localization Portuguese
"{5096802A-44EC-A2FB-11E7-0501081DF38D}" = Catalyst Control Center Localization Chinese Standard
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5CF4E506-3628-7338-E2DC-8132134AA893}" = ccc-core-static
"{64E4D3F9-ED6A-94DA-6C73-1312A6310D53}" = CCC Help English
"{70E2BD16-E693-654C-225B-85CF15C9A0EC}" = CCC Help French
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{746FB02B-1D03-43B7-917A-E1341AB69A00}" = Qwest Personal Digital Vault™
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7FE3214C-283E-40C6-A8D5-CB773110090C}" = Linksys EasyLink Advisor
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{8203A58F-EFFE-A605-92AA-68925D5A09F1}" = Catalyst Control Center Graphics Full New
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A75DB4B-EB52-426D-97EB-0BA80B638F9F}" = Branding
"{8ACDAFF3-1231-BBFC-06CA-16F2FA456959}" = CCC Help German
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{0F5F4949-2653-4748-B055-04922F586FC8}" =
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{96387364-BD2F-DC86-A426-569CFBB13E7B}" = CCC Help Italian
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{9AE320C7-B7D5-3357-BE0A-F88078F03AD7}" = Catalyst Control Center Graphics Full Existing
"{9C1EED58-1790-45C4-ADBC-5D45FCA7292E}" = Pure Networks Platform
"{9C2123E5-4595-9723-ED1D-E6C7ACC04EE3}" = Catalyst Control Center Graphics Light
"{9DBC90A0-5F50-2554-09E5-74862157E77D}" = Catalyst Control Center Localization Italian
"{A63E18AC-B504-4045-AFE6-A279BBABB988}" = Qwest QuickAssist Desktop Tools
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AFE5FC18-B775-EAA0-1605-A392B7521092}" = CCC Help Chinese Traditional
"{B55C0B33-35AC-C7FB-0D0D-A75F6B1FFE04}" = CCC Help Korean
"{B6E5C0AB-48B0-D373-A79A-536226C34B87}" = Catalyst Control Center Localization French
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{BC715493-52F1-DD3F-1687-F02F7CAAC11D}" = ccc-utility
"{C1B0BDC8-0624-4036-90D1-F7DF0EE8C96D}" = Symantec Endpoint Protection
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{C75CE15B-695F-AB0B-5019-36843387193C}" = CCC Help Japanese
"{C91DE044-D900-4F15-BBD1-44FD9D59B277}" = Cisco Systems VPN Client 5.0.00.0320
"{C96FF998-45BD-411E-9253-B7F2660FE280}" = Qwest Installer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEF7211D-CE3A-44C4-B321-D84A2099AE94}" = Comcast Desktop Software (v1.2.0.9)
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D67173A8-22AB-8773-0762-1D6FF983CE62}" = Catalyst Control Center Localization German
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{E1A83640-A568-4B56-A4C9-AB38C7035156}" = ThinkPad Mobility Center Customization
"{ECFE9FA7-2124-0CB5-85D5-6D525BA17171}" = Catalyst Control Center Localization Japanese
"{F2AB2488-A0BF-4A9B-98A9-A88CF20FD2FF}" = WebEx Meeting Manager for Internet Explorer
"{FB7A0724-F1BB-FC0A-A7FC-52B01BBF77B4}" = CCC Help Portuguese
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FDFD8AE7-7ADF-5A26-0868-C9DDC800C5DA}" = Catalyst Control Center Localization Spanish
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ATI Display Driver" = ATI Display Driver
"ATI Uninstaller" = ATI Uninstaller
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"ENTERPRISE" = Microsoft Office Enterprise 2007
"InstallShield_{7FE3214C-283E-40C6-A8D5-CB773110090C}" = Linksys EasyLink Advisor
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 9.0.1 (x86 en-GB)" = Mozilla Firefox 9.0.1 (x86 en-GB)
"OnScreenDisplay" = On Screen Display
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"Power Management Driver" = ThinkPad Power Management Driver
"PROSet" = Intel® PRO Network Connections Drivers
"RealPlayer 15.0" = RealPlayer
"Secunia PSI" = Secunia PSI (2.0.0.4003)
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1831159865-1480381245-1420893074-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ClosetMaid v1.5.1" = ClosetMaid v1.5.1
"GoToMeeting" = GoToMeeting 4.1.0.366
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Juniper_Term_Services" = Juniper Terminal Services Client
"Move Media Player" = Move Media Player
"Neoteris_Host_Checker" = Juniper Networks Host Checker
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/28/2012 2:18:34 PM | Computer Name = mrm409-T60p | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.Zeroaccess!inf in File: C:\Windows\System32\drivers\tdx.sys
by: Auto-Protect scan. Action: Reboot Required. Action Description: Risk was
partially removed.

Error - 1/28/2012 3:09:22 PM | Computer Name = mrm409-T60p | Source = System Restore | ID = 8193
Description =

Error - 1/28/2012 4:38:03 PM | Computer Name = mrm409-T60p | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.Zeroaccess!inf in File: C:\Windows\System32\drivers\tdx.sys
by: Auto-Protect scan. Action: Reboot Required. Action Description: Risk was
partially removed.

Error - 1/28/2012 4:39:46 PM | Computer Name = mrm409-T60p | Source = EventSystem | ID = 4621
Description =

Error - 1/28/2012 4:47:26 PM | Computer Name = mrm409-T60p | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.Zeroaccess!inf in File: c:\windows\system32\drivers\tdx.sys
by: Auto-Protect scan. Action: Delete failed : Leave Alone failed. Action Description:


Error - 1/28/2012 4:47:30 PM | Computer Name = mrm409-T60p | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.Zeroaccess!inf in File: c:\windows\system32\drivers\tdx.sys
by: Auto-Protect scan. Action: Delete failed : Leave Alone failed. Action Description:


Error - 1/28/2012 4:47:30 PM | Computer Name = mrm409-T60p | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.Zeroaccess!inf in File: c:\windows\system32\drivers\tdx.sys
by: Auto-Protect scan. Action: Delete failed : Leave Alone failed. Action Description:


Error - 1/28/2012 4:47:38 PM | Computer Name = mrm409-T60p | Source = EventSystem | ID = 4621
Description =

Error - 1/28/2012 4:53:21 PM | Computer Name = mrm409-T60p | Source = EventSystem | ID = 4609
Description =

Error - 1/28/2012 8:54:16 PM | Computer Name = mrm409-T60p | Source = EventSystem | ID = 4609
Description =

[ Lenovo-Message Center Plus/Admin Events ]
Error - 9/10/2009 4:02:12 AM | Computer Name = mrm409-T60p | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Binary stream '0' does not contain a valid BinaryHeader. Possible
causes are invalid stream or object version change between serialization and deserialization.
-> Exception message: Binary stream '0' does not contain a valid BinaryHeader.
Possible causes are invalid stream or object version change between serialization
and deserialization.

Error - 10/12/2009 6:43:57 PM | Computer Name = mrm409-T60p | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Object reference not set to an instance of an object. -> Exception
message: Object reference not set to an instance of an object.

Error - 10/30/2011 8:16:12 PM | Computer Name = mrm409-T60p | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Object reference not set to an instance of an object. -> Exception
message: Object reference not set to an instance of an object.

[ OSession Events ]
Error - 5/4/2009 1:29:50 PM | Computer Name = mrm409-T60p | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6014.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 93407
seconds with 5040 seconds of active time. This session ended with a crash.

Error - 5/18/2009 11:46:15 AM | Computer Name = mrm409-T60p | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6014.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 4655
seconds with 720 seconds of active time. This session ended with a crash.

Error - 6/2/2009 1:34:06 PM | Computer Name = mrm409-T60p | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 70
seconds with 60 seconds of active time. This session ended with a crash.

Error - 6/2/2009 1:37:24 PM | Computer Name = mrm409-T60p | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 177
seconds with 120 seconds of active time. This session ended with a crash.

Error - 6/2/2009 1:39:59 PM | Computer Name = mrm409-T60p | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 135
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10/11/2009 9:42:21 AM | Computer Name = mrm409-T60p | Source = Service Control Manager | ID = 7043
Description =

Error - 10/11/2009 9:44:58 AM | Computer Name = mrm409-T60p | Source = Service Control Manager | ID = 7000
Description =

Error - 10/12/2009 6:45:59 PM | Computer Name = mrm409-T60p | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 001B770652A3 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 10/12/2009 6:54:23 PM | Computer Name = mrm409-T60p | Source = Service Control Manager | ID = 7000
Description =

Error - 10/12/2009 7:07:18 PM | Computer Name = mrm409-T60p | Source = DCOM | ID = 10010
Description =

Error - 10/12/2009 7:13:31 PM | Computer Name = mrm409-T60p | Source = Service Control Manager | ID = 7000
Description =

Error - 10/15/2009 8:32:27 PM | Computer Name = mrm409-T60p | Source = Service Control Manager | ID = 7031
Description =

Error - 10/15/2009 8:33:13 PM | Computer Name = mrm409-T60p | Source = Service Control Manager | ID = 7031
Description =

Error - 10/15/2009 8:34:13 PM | Computer Name = mrm409-T60p | Source = Service Control Manager | ID = 7032
Description =

Error - 10/15/2009 8:39:31 PM | Computer Name = mrm409-T60p | Source = Service Control Manager | ID = 7000
Description =


< End of report >




OTL logfile created on: 1/28/2012 6:56:40 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Kellogg\Downloads
Windows Vista Enterprise Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 75.26% Memory free
4.21 Gb Paging File | 3.87 Gb Available in Paging File | 91.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 57.90 Gb Free Space | 62.15% Space Free | Partition Type: NTFS
Drive D: | 682.75 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MRM409-T60P | User Name: Kellogg | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/28 18:55:42 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kellogg\Downloads\OTL.exe
PRC - [2011/12/21 01:42:18 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/10/24 09:01:49 | 000,133,944 | ---- | M] (Cisco WebEx LLC) -- C:\Windows\System32\atashost.exe
PRC - [2009/04/16 14:58:33 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/26 14:07:10 | 001,443,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2009/02/26 14:07:08 | 001,799,496 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009/02/01 22:37:00 | 002,440,120 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2008/12/18 15:46:30 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/21 01:42:18 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2006/11/02 03:46:10 | 000,227,328 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/10/24 09:01:49 | 000,133,944 | ---- | M] (Cisco WebEx LLC) [Auto | Running] -- C:\Windows\System32\atashost.exe -- (atashost)
SRV - [2011/10/14 00:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/10/14 00:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2009/05/15 16:29:38 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2009/02/26 14:07:08 | 001,799,496 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/02/01 22:37:00 | 002,440,120 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/02/01 20:43:02 | 000,320,840 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2008/12/18 15:46:30 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/12/18 15:46:30 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/12/10 14:46:58 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/04/24 12:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2008/04/18 03:30:43 | 000,204,800 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2008/04/08 23:15:12 | 000,648,504 | ---- | M] (Pure Networks, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/04/04 11:10:26 | 000,030,152 | ---- | M] (Viewpoint Corporation) [Auto | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Service)
SRV - [2008/01/08 11:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe -- (sprtlisten)
SRV - [2008/01/08 11:02:12 | 000,394,608 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2007/09/26 16:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007/03/20 14:43:04 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/03/02 13:07:28 | 000,055,936 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)


========== Driver Services (SafeList) ==========

DRV - [2012/01/23 19:33:20 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/01/16 12:52:50 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120123.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/01/16 12:52:50 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120123.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/11/11 03:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/11/11 03:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/09/01 02:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/05/03 17:12:28 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/06/01 10:02:03 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2008/12/19 14:08:12 | 000,319,792 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/12/19 14:08:12 | 000,280,112 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/12/19 14:08:12 | 000,043,824 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/09/09 13:54:42 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008/04/08 23:14:02 | 000,024,888 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/04/08 23:14:00 | 000,026,424 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\purendis.sys -- (purendis)
DRV - [2007/04/30 05:45:18 | 002,219,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/03/20 14:41:50 | 000,306,295 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/03/02 16:49:00 | 000,100,656 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2007/03/02 16:47:00 | 000,019,760 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2007/02/09 16:41:08 | 002,377,728 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2007/01/31 12:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 13:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/15 19:10:44 | 000,214,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/11/02 03:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2006/11/02 01:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2006/08/30 18:04:04 | 000,013,744 | ---- | M] (Lenovo Group Limited) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2006/08/04 02:39:00 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.live.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0



IE - HKU\S-1-5-21-1831159865-1480381245-1420893074-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.kellogg.northwestern.edu/student/serial
IE - HKU\S-1-5-21-1831159865-1480381245-1420893074-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKU\S-1-5-21-1831159865-1480381245-1420893074-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1831159865-1480381245-1420893074-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1831159865-1480381245-1420893074-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-1831159865-1480381245-1420893074-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.kellogg.northwestern.edu/student/serial/index.htm"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.%(version)s
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Kellogg\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll (Viewpoint Corporation)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Kellogg\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Users\Administrator\AppData\Roaming\nprhapengine.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/01/17 21:23:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/17 21:12:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/17 21:23:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Kellogg\AppData\Roaming\Move Networks [2010/01/19 19:19:22 | 000,000,000 | ---D | M]

[2009/05/05 11:29:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kellogg\AppData\Roaming\mozilla\Extensions
[2012/01/17 19:47:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kellogg\AppData\Roaming\mozilla\Firefox\Profiles\5l98wh1v.default\extensions
[2009/06/25 06:15:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Kellogg\AppData\Roaming\mozilla\Firefox\Profiles\5l98wh1v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/17 21:25:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/21 01:42:18 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/10/17 07:02:42 | 000,466,944 | ---- | M] (Catalina Marketing Corp.) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2010/10/17 07:02:42 | 000,466,944 | ---- | M] (Catalina Marketing Corp.) -- C:\Program Files\mozilla firefox\plugins\NPcol500.dll
[2011/12/20 23:14:26 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/12/20 23:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/20 23:14:26 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/12/20 23:14:26 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/12/20 23:14:26 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [LELA] C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe (Linksys LLC - A Division of Cisco Systems)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [Qwest Personal Digital Vault] C:\Program Files\Qwest Personal Digital Vault\QwestPersonalDigitalVault.exe ()
O4 - HKLM..\Run: [QwestTouchPointAgent] C:\Program Files\Qwest\Desktop\QwestTouchPointAgent.exe (Qwest Communications)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1831159865-1480381245-1420893074-1003..\Run: [] File not found
O4 - HKU\S-1-5-21-1831159865-1480381245-1420893074-1003..\Run: [Desktop Software] C:\Program Files\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-1831159865-1480381245-1420893074-1003..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O7 - HKU\S-1-5-21-1831159865-1480381245-1420893074-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000047 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000048 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000049 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000050 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000051 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000052 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000053 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000054 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000055 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000056 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000057 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000058 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000059 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000060 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000061 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000062 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000063 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000064 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000065 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000066 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000067 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000068 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000069 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000070 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000071 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000072 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000073 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000074 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000075 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000076 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000077 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000078 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000079 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000080 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000081 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000082 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000083 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000084 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000085 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000086 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000087 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000088 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000089 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000090 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000091 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000092 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000093 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000094 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000095 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000096 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000097 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000098 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000099 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000100 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000101 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000102 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000103 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000104 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000105 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000106 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000107 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000108 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000109 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000110 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000111 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000112 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000113 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000114 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000115 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000116 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000117 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000118 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000119 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000120 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000121 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000122 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000123 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000124 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1831159865-1480381245-1420893074-1003\..Trusted Domains: northwestern.edu ([clubs.kellogg] * in Local intranet)
O15 - HKU\S-1-5-21-1831159865-1480381245-1420893074-1003\..Trusted Domains: northwestern.edu ([departments.kellogg] * in Local intranet)
O15 - HKU\S-1-5-21-1831159865-1480381245-1420893074-1003\..Trusted Domains: northwestern.edu ([vs.kellogg] * in Local intranet)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{115C962E-44E8-4801-AE91-62EA5CCBCA5F}: DhcpNameServer = 129.105.49.1 165.124.49.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{12145DE5-95EE-4226-9CFE-AD62030C5190}: DhcpNameServer = 165.124.49.21 129.105.49.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15930ADF-3FF7-42B2-950A-17695237B83C}: DhcpNameServer = 129.105.49.1 165.124.49.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{363667E3-A6ED-4046-848D-4C155E7F1047}: DhcpNameServer = 129.105.49.1 165.124.49.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{461268EF-1726-445B-9A3C-BF071C477EE4}: DhcpNameServer = 129.105.49.1 165.124.49.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87A55BB8-4208-4578-A78C-BC274220CD75}: DhcpNameServer = 129.105.49.1 165.124.49.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91FD5778-F96D-438C-86C0-D0AA7EF7FF51}: DhcpNameServer = 129.105.49.1 165.124.49.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{98ADE9ED-56F4-4AFB-B10D-8552385BFD30}: DhcpNameServer = 129.105.49.1 165.124.49.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9841409-9126-480E-B709-883A60C6F83E}: DhcpNameServer = 129.105.49.1 165.124.49.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C308C9E7-7C00-4C56-8025-94795F13B74D}: DhcpNameServer = 129.105.49.1 165.124.49.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD1F09FF-5809-4BDC-8EC6-FB7CC30FBFAD}: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED2F2AF8-5B17-4738-AD8B-C03D90887522}: DhcpNameServer = 129.105.49.1 165.124.49.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FEAEC80A-E7B2-491C-A46E-FF4CADC6729F}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1bec3e34-35d1-11de-ab8e-00197eed0616}\Shell\AutoRun\command - "" = C:\Windows\System32\setupSNK.exe -- [2006/11/02 06:35:10 | 000,013,312 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{c8b2fc3e-6f2e-11de-8ef2-00197eed0616}\Shell\AutoRun\command - "" = WD_Windows_Tools\Setup.exe
O33 - MountPoints2\E\Shell\AutoRun\command - "" = WD_Windows_Tools\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2012/01/23 19:33:20 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/01/17 21:24:50 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/01/17 21:23:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2012/01/17 21:22:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2012/01/17 21:22:55 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2012/01/17 21:21:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2012/01/17 21:13:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/01/17 21:09:48 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/01/17 21:04:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/01/17 21:04:34 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/01/17 20:57:24 | 000,000,000 | ---D | C] -- C:\Users\Kellogg\AppData\Local\Secunia PSI
[2012/01/17 20:57:11 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2012/01/17 19:57:59 | 000,000,000 | ---D | C] -- C:\Users\Kellogg\AppData\Roaming\Malwarebytes
[2012/01/17 19:57:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/17 19:57:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/17 19:57:43 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/01/17 19:57:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/17 19:45:15 | 001,976,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Kellogg\Desktop\123.exe
[2012/01/02 11:08:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/01/02 11:06:57 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/01/02 11:06:53 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

========== Files - Modified Within 30 Days ==========

[2012/01/28 18:58:22 | 000,620,566 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/28 18:58:22 | 000,104,284 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/28 18:53:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/28 14:56:12 | 000,001,356 | ---- | M] () -- C:\Users\Kellogg\AppData\Local\d3d9caps.dat
[2012/01/28 14:47:43 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/01/28 14:41:45 | 000,003,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/28 14:41:45 | 000,003,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/23 19:33:20 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/01/22 10:22:12 | 000,000,000 | ---- | M] () -- C:\Users\Kellogg\defogger_reenable
[2012/01/17 21:23:49 | 000,000,847 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012/01/17 21:22:55 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2012/01/17 21:17:32 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2012/01/17 21:12:03 | 000,000,870 | ---- | M] () -- C:\Users\Kellogg\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/17 21:12:03 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/17 20:57:13 | 000,000,899 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012/01/17 19:44:02 | 001,976,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Kellogg\Desktop\123.exe
[2012/01/17 19:35:12 | 000,008,612 | ---- | M] () -- C:\ProgramData\84e2a78c
[2012/01/17 19:35:11 | 000,008,657 | ---- | M] () -- C:\Users\Kellogg\AppData\Local\b4d7d9db
[2012/01/17 19:35:11 | 000,008,651 | ---- | M] () -- C:\Users\Kellogg\AppData\Roaming\a54fa856
[2012/01/02 11:08:21 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2012/01/22 10:22:12 | 000,000,000 | ---- | C] () -- C:\Users\Kellogg\defogger_reenable
[2012/01/17 21:23:49 | 000,000,847 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012/01/17 21:13:46 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2012/01/17 21:13:45 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk
[2012/01/17 21:12:03 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/01/17 21:09:54 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/17 20:57:13 | 000,000,899 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012/01/17 20:57:13 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2012/01/16 19:43:25 | 000,008,657 | ---- | C] () -- C:\Users\Kellogg\AppData\Local\b4d7d9db
[2012/01/16 19:43:25 | 000,008,651 | ---- | C] () -- C:\Users\Kellogg\AppData\Roaming\a54fa856
[2012/01/16 19:43:25 | 000,008,612 | ---- | C] () -- C:\ProgramData\84e2a78c
[2012/01/02 11:08:21 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/08/15 11:25:13 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2009/10/15 18:19:11 | 000,038,475 | ---- | C] () -- C:\Users\Kellogg\AppData\Roaming\Comma Separated Values (Windows).ADR
[2009/07/20 10:13:44 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/07/20 10:13:06 | 000,000,225 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2009/07/20 10:13:06 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2009/07/20 10:13:06 | 000,000,065 | ---- | C] () -- C:\Windows\System32\bd7840w.dat
[2009/07/20 10:11:01 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2009/07/20 10:11:01 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2009/07/20 10:10:59 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2009/07/20 10:10:58 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2009/07/20 10:09:10 | 000,031,567 | ---- | C] () -- C:\Windows\maxlink.ini
[2009/05/04 13:48:42 | 000,001,356 | ---- | C] () -- C:\Users\Kellogg\AppData\Local\d3d9caps.dat
[2009/04/28 08:32:26 | 000,005,120 | ---- | C] () -- C:\Users\Kellogg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/22 12:55:44 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/04/22 12:17:18 | 000,000,174 | ---- | C] () -- C:\Windows\hpbafd.ini
[2008/08/25 05:02:22 | 000,026,624 | ---- | C] () -- C:\Windows\System32\DELG1L3.DLL
[2008/08/22 06:32:18 | 000,217,088 | ---- | C] () -- C:\Windows\System32\ssminidriver.dll
[2008/08/22 06:32:18 | 000,027,136 | ---- | C] () -- C:\Windows\System32\ssimgfilter.dll
[2008/08/22 06:32:18 | 000,011,264 | ---- | C] () -- C:\Windows\System32\sssegfilter.dll
[2008/08/22 06:32:18 | 000,010,752 | ---- | C] () -- C:\Windows\System32\sserrhandler.dll
[2007/07/06 15:11:30 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ADsSecurity.dll
[2007/04/27 11:23:30 | 000,146,037 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007/04/27 10:04:31 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2007/04/27 10:04:31 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/04/27 10:01:43 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/04/26 12:15:07 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/03/20 14:43:18 | 000,197,672 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2006/11/02 06:56:56 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:52 | 000,374,824 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:36:56 | 000,063,488 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2006/11/02 06:36:51 | 000,080,010 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2006/11/02 04:33:01 | 000,620,566 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,104,284 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 01:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 01:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2005/10/14 15:09:48 | 000,051,304 | ---- | C] () -- C:\Windows\System32\drivers\atnt40k.sys

========== LOP Check ==========

[2011/08/20 05:55:44 | 000,000,000 | ---D | M] -- C:\Users\Kellogg\AppData\Roaming\BenjaminMoore.PCV3.USEN.DA6CDF681F87B6FCFCE07B9D05DADF40E81244E5.1
[2010/10/17 07:02:43 | 000,000,000 | ---D | M] -- C:\Users\Kellogg\AppData\Roaming\Catalina Marketing Corp
[2009/06/01 10:02:02 | 000,000,000 | ---D | M] -- C:\Users\Kellogg\AppData\Roaming\Downloaded Installations
[2010/09/29 18:17:24 | 000,000,000 | ---D | M] -- C:\Users\Kellogg\AppData\Roaming\Juniper Networks
[2009/07/20 19:02:19 | 000,000,000 | ---D | M] -- C:\Users\Kellogg\AppData\Roaming\ScanSoft
[2012/01/28 14:47:43 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]=======%3

#4 mrmila

mrmila
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:26 PM

Posted 29 January 2012 - 10:06 AM

Still having issues. Now I cannot get access to the internet unless I am in safe mode. Here are the two OTL logs and the GMER log. Thanks for any help you can provide! -Matt


OTL Extras logfile created on: 1/28/2012 6:56:40 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Kellogg\Downloads
Windows Vista Enterprise Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 75.26% Memory free
4.21 Gb Paging File | 3.87 Gb Available in Paging File | 91.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 57.90 Gb Free Space | 62.15% Space Free | Partition Type: NTFS
Drive D: | 682.75 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MRM409-T60P | User Name: Kellogg | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1831159865-1480381245-1420893074-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F47EFB-3F23-45FB-90D9-714CF1BBE077}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{08568DD9-A641-4F5D-9E37-38C1EAB5329F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0E6CDE3D-68ED-4144-B746-5BF2296CC6F7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2CA1D2C2-ED52-48F7-9095-5E078C646F72}" = lport=445 | protocol=6 | dir=in | app=system |
"{3F0D028E-4D7B-4280-A747-5ECB6EC3456A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{438AEB1A-7AC2-4183-9970-3CAC900CE7ED}" = lport=54925 | protocol=17 | dir=in | name=brother network scanner |
"{4551BBEF-E18E-4B0C-8775-24480623FB72}" = lport=137 | protocol=17 | dir=in | app=system |
"{702A1B67-9783-4FE1-9A82-88C9D71C1E98}" = lport=139 | protocol=6 | dir=in | app=system |
"{73AF7CB8-6D9B-4DD9-AC5D-AE4F0AB2AFC1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{9443B7C8-25F9-4AB7-9463-6F87630C14B7}" = rport=445 | protocol=6 | dir=out | app=system |
"{9B5415CC-06E0-45DA-A775-38BA64BDAEA0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B0DB78A1-2968-4F8B-83C5-CF708202A556}" = rport=139 | protocol=6 | dir=out | app=system |
"{C03EDC34-7ECA-4DC1-8DC4-861137E3269F}" = lport=138 | protocol=17 | dir=in | app=system |
"{C1FA7A07-CE8B-4C55-AFA5-DA8BB43C7A3E}" = rport=137 | protocol=17 | dir=out | app=system |
"{D79A79F6-721C-4075-9CB5-3251A8A0087C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E91C810F-BE04-464F-ACBB-B6458684BB1E}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A29EB01-8BAE-4EC2-9392-11497C6F3C19}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{10C39526-C1C6-4B52-8F13-CAE7C361D428}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{111D6DC7-FACE-4213-9C1B-FE5DD62D2946}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2076BD0E-FDBF-470A-B82F-1E318D4F9028}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{2DDE9205-6762-4ACE-8E7B-0C3C2E0DEB96}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{337AD207-9B3B-460A-A122-F3315C0DF66E}" = protocol=6 | dir=in | app=c:\program files\brother\brmfl07b\faxrx.exe |
"{43B76E95-CEDF-4BD0-AD78-E070D87BFD06}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{56F24AAA-B647-46D7-8D01-4476649DD7B4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{76C76C7D-246C-44C9-8F95-75ECCA4E27E0}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{7731D2B0-603C-4BA6-8CCB-E5911B93F434}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{784811B7-DCC5-4318-B1FA-6949411A2E4A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7AE01DF4-A3D1-46B3-B6FE-FF5CA6178036}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{84C3A29A-A453-4DCD-A752-BB364657078D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{88CD8CEA-BE6B-4C74-95E2-629473895F1B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{94024FD0-C13B-4280-A9A4-70DDDCD525F0}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{9434E4C3-D045-4646-B422-069DBEA827CD}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{9A9065EB-5FD9-469B-AB05-BB9B570BB51E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A771CA0D-A988-4C64-A8B7-C96D3F99656C}" = protocol=17 | dir=in | app=c:\program files\brother\brmfl07b\faxrx.exe |
"{C1856BD5-A9F5-4882-9458-0E38545149D0}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{D81C122E-5007-4E88-9512-2858E683662D}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{E7DE207E-4684-417F-BD25-CCBA230553C3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EA228BBE-FE21-4C74-B64B-A6B49B634048}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"TCP Query User{9D6CDCA0-7E97-4191-B0C2-A0C8C413E9BA}C:\users\kellogg\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\kellogg\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{C3AB15D0-C2E5-4069-B4CD-4A26C448D247}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{AAC54525-08A7-481E-82AD-9128BD5E8425}C:\users\kellogg\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\kellogg\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{F9FF13CF-6547-4A25-B7C9-F6669952A3CC}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0212E16E-F955-C48D-B411-04028B57A2E9}" = CCC Help Spanish
"{06639940-8095-1F30-29FD-76A400D960B1}" = Catalyst Control Center Core Implementation
"{0E5A8371-3772-93D8-C3D1-22D5595774EB}" = Catalyst Control Center Localization Swedish
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{1BCC7FF2-2E02-EED8-EB08-F8C96F7BFE57}" = Catalyst Control Center Localization Chinese Traditional
"{210A0801-DC55-373E-5C1F-067BA6050BBF}" = CCC Help Dutch
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2D64272E-FE6A-8973-1372-1E3A550F3696}" = CCC Help Swedish
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{3152FC3C-C4DF-6240-3502-4954010BE979}" = Catalyst Control Center Graphics Previews Vista
"{317609AE-471D-3553-FFE7-ADCD726D534B}" = CCC Help Chinese Standard
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{337DBBE9-6B38-E75B-14C2-A5D4FE9D9785}" = Catalyst Control Center Localization Dutch
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34EA5FC6-6066-4A9C-0BD2-C0275810F845}" = Catalyst Control Center Localization Korean
"{37773D12-8AE3-BF47-6B83-630FEBF7969A}" = Skins
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{46E1B1F2-A279-4356-9B17-029F9CC72EAE}" = Brother MFL-Pro Suite
"{4AB5764A-3894-49A2-BAA8-C4665F74CD4C}" = Registry patch to improve USB device detection on resume from sleep for Windows Vista
"{4DCBF2AD-D7A0-A75B-80CF-F195797AD701}" = Catalyst Control Center Localization Portuguese
"{5096802A-44EC-A2FB-11E7-0501081DF38D}" = Catalyst Control Center Localization Chinese Standard
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5CF4E506-3628-7338-E2DC-8132134AA893}" = ccc-core-static
"{64E4D3F9-ED6A-94DA-6C73-1312A6310D53}" = CCC Help English
"{70E2BD16-E693-654C-225B-85CF15C9A0EC}" = CCC Help French
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{746FB02B-1D03-43B7-917A-E1341AB69A00}" = Qwest Personal Digital Vault™
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7FE3214C-283E-40C6-A8D5-CB773110090C}" = Linksys EasyLink Advisor
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{8203A58F-EFFE-A605-92AA-68925D5A09F1}" = Catalyst Control Center Graphics Full New
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A75DB4B-EB52-426D-97EB-0BA80B638F9F}" = Branding
"{8ACDAFF3-1231-BBFC-06CA-16F2FA456959}" = CCC Help German
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{0F5F4949-2653-4748-B055-04922F586FC8}" =
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{96387364-BD2F-DC86-A426-569CFBB13E7B}" = CCC Help Italian
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{9AE320C7-B7D5-3357-BE0A-F88078F03AD7}" = Catalyst Control Center Graphics Full Existing
"{9C1EED58-1790-45C4-ADBC-5D45FCA7292E}" = Pure Networks Platform
"{9C2123E5-4595-9723-ED1D-E6C7ACC04EE3}" = Catalyst Control Center Graphics Light
"{9DBC90A0-5F50-2554-09E5-74862157E77D}" = Catalyst Control Center Localization Italian
"{A63E18AC-B504-4045-AFE6-A279BBABB988}" = Qwest QuickAssist Desktop Tools
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AFE5FC18-B775-EAA0-1605-A392B7521092}" = CCC Help Chinese Traditional
"{B55C0B33-35AC-C7FB-0D0D-A75F6B1FFE04}" = CCC Help Korean
"{B6E5C0AB-48B0-D373-A79A-536226C34B87}" = Catalyst Control Center Localization French
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{BC715493-52F1-DD3F-1687-F02F7CAAC11D}" = ccc-utility
"{C1B0BDC8-0624-4036-90D1-F7DF0EE8C96D}" = Symantec Endpoint Protection
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{C75CE15B-695F-AB0B-5019-36843387193C}" = CCC Help Japanese
"{C91DE044-D900-4F15-BBD1-44FD9D59B277}" = Cisco Systems VPN Client 5.0.00.0320
"{C96FF998-45BD-411E-9253-B7F2660FE280}" = Qwest Installer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEF7211D-CE3A-44C4-B321-D84A2099AE94}" = Comcast Desktop Software (v1.2.0.9)
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D67173A8-22AB-8773-0762-1D6FF983CE62}" = Catalyst Control Center Localization German
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{E1A83640-A568-4B56-A4C9-AB38C7035156}" = ThinkPad Mobility Center Customization
"{ECFE9FA7-2124-0CB5-85D5-6D525BA17171}" = Catalyst Control Center Localization Japanese
"{F2AB2488-A0BF-4A9B-98A9-A88CF20FD2FF}" = WebEx Meeting Manager for Internet Explorer
"{FB7A0724-F1BB-FC0A-A7FC-52B01BBF77B4}" = CCC Help Portuguese
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FDFD8AE7-7ADF-5A26-0868-C9DDC800C5DA}" = Catalyst Control Center Localization Spanish
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ATI Display Driver" = ATI Display Driver
"ATI Uninstaller" = ATI Uninstaller
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"ENTERPRISE" = Microsoft Office Enterprise 2007
"InstallShield_{7FE3214C-283E-40C6-A8D5-CB773110090C}" = Linksys EasyLink Advisor
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 9.0.1 (x86 en-GB)" = Mozilla Firefox 9.0.1 (x86 en-GB)
"OnScreenDisplay" = On Screen Display
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"Power Management Driver" = ThinkPad Power Management Driver
"PROSet" = Intel® PRO Network Connections Drivers
"RealPlayer 15.0" = RealPlayer
"Secunia PSI" = Secunia PSI (2.0.0.4003)
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1831159865-1480381245-1420893074-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ClosetMaid v1.5.1" = ClosetMaid v1.5.1
"GoToMeeting" = GoToMeeting 4.1.0.366
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Juniper_Term_Services" = Juniper Terminal Services Client
"Move Media Player" = Move Media Player
"Neoteris_Host_Checker" = Juniper Networks Host Checker
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/28/2012 2:18:34 PM | Computer Name = mrm409-T60p | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.Zeroaccess!inf in File: C:\Windows\System32\drivers\tdx.sys
by: Auto-Protect scan. Action: Reboot Required. Action Description: Risk was
partially removed.

Error - 1/28/2012 3:09:22 PM | Computer Name = mrm409-T60p | Source = System Restore | ID = 8193
Description =

Error - 1/28/2012 4:38:03 PM | Computer Name = mrm409-T60p | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.Zeroaccess!inf in File: C:\Windows\System32\drivers\tdx.sys
by: Auto-Protect scan. Action: Reboot Required. Action Description: Risk was
partially removed.

Error - 1/28/2012 4:39:46 PM | Computer Name = mrm409-T60p | Source = EventSystem | ID = 4621
Description =

Error - 1/28/2012 4:47:26 PM | Computer Name = mrm409-T60p | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.Zeroaccess!inf in File: c:\windows\system32\drivers\tdx.sys
by: Auto-Protect scan. Action: Delete failed : Leave Alone failed. Action Description:


Error - 1/28/2012 4:47:30 PM | Computer Name = mrm409-T60p | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.Zeroaccess!inf in File: c:\windows\system32\drivers\tdx.sys
by: Auto-Protect scan. Action: Delete failed : Leave Alone failed. Action Description:


Error - 1/28/2012 4:47:30 PM | Computer Name = mrm409-T60p | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.Zeroaccess!inf in File: c:\windows\system32\drivers\tdx.sys
by: Auto-Protect scan. Action: Delete failed : Leave Alone failed. Action Description:


Error - 1/28/2012 4:47:38 PM | Computer Name = mrm409-T60p | Source = EventSystem | ID = 4621
Description =

Error - 1/28/2012 4:53:21 PM | Computer Name = mrm409-T60p | Source = EventSystem | ID = 4609
Description =

Error - 1/28/2012 8:54:16 PM | Computer Name = mrm409-T60p | Source = EventSystem | ID = 4609
Description =

[ Lenovo-Message Center Plus/Admin Events ]
Error - 9/10/2009 4:02:12 AM | Computer Name = mrm409-T60p | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Binary stream '0' does not contain a valid BinaryHeader. Possible
causes are invalid stream or object version change between serialization and deserialization.
-> Exception message: Binary stream '0' does not contain a valid BinaryHeader.
Possible causes are invalid stream or object version change between serialization
and deserialization.

Error - 10/12/2009 6:43:57 PM | Computer Name = mrm409-T60p | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Object reference not set to an instance of an object. -> Exception
message: Object reference not set to an instance of an object.

Error - 10/30/2011 8:16:12 PM | Computer Name = mrm409-T60p | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Object reference not set to an instance of an object. -> Exception
message: Object reference not set to an instance of an object.

[ OSession Events ]
Error - 5/4/2009 1:29:50 PM | Computer Name = mrm409-T60p | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6014.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 93407
seconds with 5040 seconds of active time. This session ended with a crash.

Error - 5/18/2009 11:46:15 AM | Computer Name = mrm409-T60p | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6014.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 4655
seconds with 720 seconds of active time. This session ended with a crash.

Error - 6/2/2009 1:34:06 PM | Computer Name = mrm409-T60p | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 70
seconds with 60 seconds of active time. This session ended with a crash.

Error - 6/2/2009 1:37:24 PM | Computer Name = mrm409-T60p | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 177
seconds with 120 seconds of active time. This session ended with a crash.

Error - 6/2/2009 1:39:59 PM | Computer Name = mrm409-T60p | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 135
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10/11/2009 9:42:21 AM | Computer Name = mrm409-T60p | Source = Service Control Manager | ID = 7043
Description =

Error - 10/11/2009 9:44:58 AM | Computer Name = mrm409-T60p | Source = Service Control Manager | ID = 7000
Description =

Error - 10/12/2009 6:45:59 PM | Computer Name = mrm409-T60p | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 001B770652A3 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 10/12/2009 6:54:23 PM | Computer Name = mrm409-T60p | Source = Service Control Manager | ID = 7000
Description =

Error - 10/12/2009 7:07:18 PM | Computer Name = mrm409-T60p | Source = DCOM | ID = 10010
Description =

Error - 10/12/2009 7:13:31 PM | Computer Name = mrm409-T60p | Source = Service Control Manager | ID = 7000
Description =

Error - 10/15/2009 8:32:27 PM | Computer Name = mrm409-T60p | Source = Service Control Manager | ID = 7031
Description =

Error - 10/15/2009 8:33:13 PM | Computer Name = mrm409-T60p | Source = Service Control Manager | ID = 7031
Description =

Error - 10/15/2009 8:34:13 PM | Computer Name = mrm409-T60p | Source = Service Control Manager | ID = 7032
Description =

Error - 10/15/2009 8:39:31 PM | Computer Name = mrm409-T60p | Source = Service Control Manager | ID = 7000
Description =


< End of report >


OTL logfile created on: 1/28/2012 6:56:40 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Kellogg\Downloads
Windows Vista Enterprise Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 75.26% Memory free
4.21 Gb Paging File | 3.87 Gb Available in Paging File | 91.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 57.90 Gb Free Space | 62.15% Space Free | Partition Type: NTFS
Drive D: | 682.75 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MRM409-T60P | User Name: Kellogg | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/28 18:55:42 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kellogg\Downloads\OTL.exe
PRC - [2011/12/21 01:42:18 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/10/24 09:01:49 | 000,133,944 | ---- | M] (Cisco WebEx LLC) -- C:\Windows\System32\atashost.exe
PRC - [2009/04/16 14:58:33 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/26 14:07:10 | 001,443,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2009/02/26 14:07:08 | 001,799,496 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009/02/01 22:37:00 | 002,440,120 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2008/12/18 15:46:30 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/21 01:42:18 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2006/11/02 03:46:10 | 000,227,328 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/10/24 09:01:49 | 000,133,944 | ---- | M] (Cisco WebEx LLC) [Auto | Running] -- C:\Windows\System32\atashost.exe -- (atashost)
SRV - [2011/10/14 00:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/10/14 00:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2009/05/15 16:29:38 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2009/02/26 14:07:08 | 001,799,496 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/02/01 22:37:00 | 002,440,120 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/02/01 20:43:02 | 000,320,840 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2008/12/18 15:46:30 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/12/18 15:46:30 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/12/10 14:46:58 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/04/24 12:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2008/04/18 03:30:43 | 000,204,800 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2008/04/08 23:15:12 | 000,648,504 | ---- | M] (Pure Networks, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/04/04 11:10:26 | 000,030,152 | ---- | M] (Viewpoint Corporation) [Auto | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Service)
SRV - [2008/01/08 11:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe -- (sprtlisten)
SRV - [2008/01/08 11:02:12 | 000,394,608 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2007/09/26 16:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007/03/20 14:43:04 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/03/02 13:07:28 | 000,055,936 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)


========== Driver Services (SafeList) ==========

DRV - [2012/01/23 19:33:20 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/01/16 12:52:50 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120123.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/01/16 12:52:50 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120123.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/11/11 03:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/11/11 03:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/09/01 02:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/05/03 17:12:28 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/06/01 10:02:03 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2008/12/19 14:08:12 | 000,319,792 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/12/19 14:08:12 | 000,280,112 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/12/19 14:08:12 | 000,043,824 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/09/09 13:54:42 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008/04/08 23:14:02 | 000,024,888 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/04/08 23:14:00 | 000,026,424 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\purendis.sys -- (purendis)
DRV - [2007/04/30 05:45:18 | 002,219,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/03/20 14:41:50 | 000,306,295 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/03/02 16:49:00 | 000,100,656 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2007/03/02 16:47:00 | 000,019,760 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2007/02/09 16:41:08 | 002,377,728 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2007/01/31 12:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 13:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/15 19:10:44 | 000,214,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/11/02 03:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2006/11/02 01:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2006/08/30 18:04:04 | 000,013,744 | ---- | M] (Lenovo Group Limited) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2006/08/04 02:39:00 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.live.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0



IE - HKU\S-1-5-21-1831159865-1480381245-1420893074-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.kellogg.northwestern.edu/student/serial
IE - HKU\S-1-5-21-1831159865-1480381245-1420893074-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKU\S-1-5-21-1831159865-1480381245-1420893074-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1831159865-1480381245-1420893074-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1831159865-1480381245-1420893074-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-1831159865-1480381245-1420893074-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.kellogg.northwestern.edu/student/serial/index.htm"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.%(version)s
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Kellogg\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll (Viewpoint Corporation)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Kellogg\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Users\Administrator\AppData\Roaming\nprhapengine.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/01/17 21:23:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/17 21:12:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/17 21:23:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Kellogg\AppData\Roaming\Move Networks [2010/01/19 19:19:22 | 000,000,000 | ---D | M]

[2009/05/05 11:29:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kellogg\AppData\Roaming\mozilla\Extensions
[2012/01/17 19:47:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kellogg\AppData\Roaming\mozilla\Firefox\Profiles\5l98wh1v.default\extensions
[2009/06/25 06:15:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Kellogg\AppData\Roaming\mozilla\Firefox\Profiles\5l98wh1v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/17 21:25:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/21 01:42:18 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/10/17 07:02:42 | 000,466,944 | ---- | M] (Catalina Marketing Corp.) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2010/10/17 07:02:42 | 000,466,944 | ---- | M] (Catalina Marketing Corp.) -- C:\Program Files\mozilla firefox\plugins\NPcol500.dll
[2011/12/20 23:14:26 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/12/20 23:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/20 23:14:26 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/12/20 23:14:26 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/12/20 23:14:26 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [LELA] C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe (Linksys LLC - A Division of Cisco Systems)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [Qwest Personal Digital Vault] C:\Program Files\Qwest Personal Digital Vault\QwestPersonalDigitalVault.exe ()
O4 - HKLM..\Run: [QwestTouchPointAgent] C:\Program Files\Qwest\Desktop\QwestTouchPointAgent.exe (Qwest Communications)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1831159865-1480381245-1420893074-1003..\Run: [] File not found
O4 - HKU\S-1-5-21-1831159865-1480381245-1420893074-1003..\Run: [Desktop Software] C:\Program Files\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-1831159865-1480381245-1420893074-1003..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O7 - HKU\S-1-5-21-1831159865-1480381245-1420893074-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries

Still having issues. Now I cannot get access to the internet unless I am in safe mode. Here are the two OTL logs and the GMER log. Thanks for any help you can provide! -Matt


OTL Extras logfile created on: 1/28/2012 6:56:40 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Kellogg\Downloads
Windows Vista Enterprise Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 75.26% Memory free
4.21 Gb Paging File | 3.87 Gb Available in Paging File | 91.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 57.90 Gb Free Space | 62.15% Space Free | Partition Type: NTFS
Drive D: | 682.75 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MRM409-T60P | User Name: Kellogg | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1831159865-1480381245-1420893074-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F47EFB-3F23-45FB-90D9-714CF1BBE077}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{08568DD9-A641-4F5D-9E37-38C1EAB5329F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0E6CDE3D-68ED-4144-B746-5BF2296CC6F7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2CA1D2C2-ED52-48F7-9095-5E078C646F72}" = lport=445 | protocol=6 | dir=in | app=system |
"{3F0D028E-4D7B-4280-A747-5ECB6EC3456A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{438AEB1A-7AC2-4183-9970-3CAC900CE7ED}" = lport=54925 | protocol=17 | dir=in | name=brother network scanner |
"{4551BBEF-E18E-4B0C-8775-24480623FB72}" = lport=137 | protocol=17 | dir=in | app=system |
"{702A1B67-9783-4FE1-9A82-88C9D71C1E98}" = lport=139 | protocol=6 | dir=in | app=system |
"{73AF7CB8-6D9B-4DD9-AC5D-AE4F0AB2AFC1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{9443B7C8-25F9-4AB7-9463-6F87630C14B7}" = rport=445 | protocol=6 | dir=out | app=system |
"{9B5415CC-06E0-45DA-A775-38BA64BDAEA0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B0DB78A1-2968-4F8B-83C5-CF708202A556}" = rport=139 | protocol=6 | dir=out | app=system |
"{C03EDC34-7ECA-4DC1-8DC4-861137E3269F}" = lport=138 | protocol=17 | dir=in | app=system |
"{C1FA7A07-CE8B-4C55-AFA5-DA8BB43C7A3E}" = rport=137 | protocol=17 | dir=out | app=system |
"{D79A79F6-721C-4075-9CB5-3251A8A0087C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E91C810F-BE04-464F-ACBB-B6458684BB1E}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A29EB01-8BAE-4EC2-9392-11497C6F3C19}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{10C39526-C1C6-4B52-8F13-CAE7C361D428}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{111D6DC7-FACE-4213-9C1B-FE5DD62D2946}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2076BD0E-FDBF-470A-B82F-1E318D4F9028}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{2DDE9205-6762-4ACE-8E7B-0C3C2E0DEB96}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{337AD207-9B3B-460A-A122-F3315C0DF66E}" = protocol=6 | dir=in | app=c:\program files\brother\brmfl07b\faxrx.exe |
"{43B76E95-CEDF-4BD0-AD78-E070D87BFD06}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{56F24AAA-B647-46D7-8D01-4476649DD7B4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{76C76C7D-246C-44C9-8F95-75ECCA4E27E0}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{7731D2B0-603C-4BA6-8CCB-E5911B93F434}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{784811B7-DCC5-4318-B1FA-6949411A2E4A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7AE01DF4-A3D1-46B3-B6FE-FF5CA6178036}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{84C3A29A-A453-4DCD-A752-BB364657078D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{88CD8CEA-BE6B-4C74-95E2-629473895F1B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{94024FD0-C13B-4280-A9A4-70DDDCD525F0}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{9434E4C3-D045-4646-B422-069DBEA827CD}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{9A9065EB-5FD9-469B-AB05-BB9B570BB51E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A771CA0D-A988-4C64-A8B7-C96D3F99656C}" = protocol=17 | dir=in | app=c:\program files\brother\brmfl07b\faxrx.exe |
"{C1856BD5-A9F5-4882-9458-0E38545149D0}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{D81C122E-5007-4E88-9512-2858E683662D}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{E7DE207E-4684-417F-BD25-CCBA230553C3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EA228BBE-FE21-4C74-B64B-A6B49B634048}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"TCP Query User{9D6CDCA0-7E97-4191-B0C2-A0C8C413E9BA}C:\users\kellogg\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\kellogg\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{C3AB15D0-C2E5-4069-B4CD-4A26C448D247}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{AAC54525-08A7-481E-82AD-9128BD5E8425}C:\users\kellogg\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\kellogg\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{F9FF13CF-6547-4A25-B7C9-F6669952A3CC}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0212E16E-F955-C48D-B411-04028B57A2E9}" = CCC Help Spanish
"{06639940-8095-1F30-29FD-76A400D960B1}" = Catalyst Control Center Core Implementation
"{0E5A8371-3772-93D8-C3D1-22D5595774EB}" = Catalyst Control Center Localization Swedish
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{1BCC7FF2-2E02-EED8-EB08-F8C96F7BFE57}" = Catalyst Control Center Localization Chinese Traditional
"{210A0801-DC55-373E-5C1F-067BA6050BBF}" = CCC Help Dutch
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2D64272E-FE6A-8973-1372-1E3A550F3696}" = CCC Help Swedish
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{3152FC3C-C4DF-6240-3502-4954010BE979}" = Catalyst Control Center Graphics Previews Vista
"{317609AE-471D-3553-FFE7-ADCD726D534B}" = CCC Help Chinese Standard
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{337DBBE9-6B38-E75B-14C2-A5D4FE9D9785}" = Catalyst Control Center Localization Dutch
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34EA5FC6-6066-4A9C-0BD2-C0275810F845}" = Catalyst Control Center Localization Korean
"{37773D12-8AE3-BF47-6B83-630FEBF7969A}" = Skins
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{46E1B1F2-A279-4356-9B17-029F9CC72EAE}" = Brother MFL-Pro Suite
"{4AB5764A-3894-49A2-BAA8-C4665F74CD4C}" = Registry patch to improve USB device detection on resume from sleep for Windows Vista
"{4DCBF2AD-D7A0-A75B-80CF-F195797AD701}" = Catalyst Control Center Localization Portuguese
"{5096802A-44EC-A2FB-11E7-0501081DF38D}" = Catalyst Control Center Localization Chinese Standard
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5CF4E506-3628-7338-E2DC-8132134AA893}" = ccc-core-static
"{64E4D3F9-ED6A-94DA-6C73-1312A6310D53}" = CCC Help English
"{70E2BD16-E693-654C-225B-85CF15C9A0EC}" = CCC Help French
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{746FB02B-1D03-43B7-917A-E1341AB69A00}" = Qwest Personal Digital Vault™
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7FE3214C-283E-40C6-A8D5-CB773110090C}" = Linksys EasyLink Advisor
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{8203A58F-EFFE-A605-92AA-68925D5A09F1}" = Catalyst Control Center Graphics Full New
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A75DB4B-EB52-426D-97EB-0BA80B638F9F}" = Branding
"{8ACDAFF3-1231-BBFC-06CA-16F2FA456959}" = CCC Help German
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{0F5F4949-2653-4748-B055-04922F586FC8}" =
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{96387364-BD2F-DC86-A426-569CFBB13E7B}" = CCC Help Italian
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{9AE320C7-B7D5-3357-BE0A-F88078F03AD7}" = Catalyst Control Center Graphics Full Existing
"{9C1EED58-1790-45C4-ADBC-5D45FCA7292E}" = Pure Networks Platform
"{9C2123E5-4595-9723-ED1D-E6C7ACC04EE3}" = Catalyst Control Center Graphics Light
"{9DBC90A0-5F50-2554-09E5-74862157E77D}" = Catalyst Control Center Localization Italian
"{A63E18AC-B504-4045-AFE6-A279BBABB988}" = Qwest QuickAssist Desktop Tools
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AFE5FC18-B775-EAA0-1605-A392B7521092}" = CCC Help Chinese Traditional
"{B55C0B33-35AC-C7FB-0D0D-A75F6B1FFE04}" = CCC Help Korean
"{B6E5C0AB-48B0-D373-A79A-536226C34B87}" = Catalyst Control Center Localization French
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{BC715493-52F1-DD3F-1687-F02F7CAAC11D}" = ccc-utility
"{C1B0BDC8-0624-4036-90D1-F7DF0EE8C96D}" = Symantec Endpoint Protection
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{C75CE15B-695F-AB0B-5019-36843387193C}" = CCC Help Japanese
"{C91DE044-D900-4F15-BBD1-44FD9D59B277}" = Cisco Systems VPN Client 5.0.00.0320
"{C96FF998-45BD-411E-9253-B7F2660FE280}" = Qwest Installer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEF7211D-CE3A-44C4-B321-D84A2099AE94}" = Comcast Desktop Software (v1.2.0.9)
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D67173A8-22AB-8773-0762-1D6FF983CE62}" = Catalyst Control Center Localization German
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{E1A83640-A568-4B56-A4C9-AB38C7035156}" = ThinkPad Mobility Center Customization
"{ECFE9FA7-2124-0CB5-85D5-6D525BA17171}" = Catalyst Control Center Localization Japanese
"{F2AB2488-A0BF-4A9B-98A9-A88CF20FD2FF}" = WebEx Meeting Manager for Internet Explorer
"{FB7A0724-F1BB-FC0A-A7FC-52B01BBF77B4}" = CCC Help Portuguese
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FDFD8AE7-7ADF-5A26-0868-C9DDC800C5DA}" = Catalyst Control Center Localization Spanish
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ATI Display Driver" = ATI Display Driver
"ATI Uninstaller" = ATI Uninstaller
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"ENTERPRISE" = Microsoft Office Enterprise 2007
"InstallShield_{7FE3214C-283E-40C6-A8D5-CB773110090C}" = Linksys EasyLink Advisor
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 9.0.1 (x86 en-GB)" = Mozilla Firefox 9.0.1 (x86 en-GB)
"OnScreenDisplay" = On Screen Display
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"Power Management Driver" = ThinkPad Power Management Driver
"PROSet" = Intel® PRO Network Connections Drivers
"RealPlayer 15.0" = RealPlayer
"Secunia PSI" = Secunia PSI (2.0.0.4003)
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1831159865-1480381245-1420893074-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ClosetMaid v1.5.1" = ClosetMaid v1.5.1
"GoToMeeting" = GoToMeeting 4.1.0.366
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Juniper_Term_Services" = Juniper Terminal Services Client
"Move Media Player" = Move Media Player
"Neoteris_Host_Checker" = Juniper Networks Host Checker
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/28/2012 2:18:34 PM | Computer Name = mrm409-T60p | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.Zeroaccess!inf in File: C:\Windows\System32\drivers\tdx.sys
by: Auto-Protect scan. Action: Reboot Required. Action Description: Risk was
partially removed.

Error - 1/28/2012 3:09:22 PM | Computer Name = mrm409-T60p | Source = System Restore | ID = 8193
Description =

Error - 1/28/2012 4:38:03 PM | Computer Name = mrm409-T60p | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.Zeroaccess!inf in File: C:\Windows\System32\drivers\tdx.sys
by: Auto-Protect scan. Action: Reboot Required. Action Description: Risk was
partially removed.

Error - 1/28/2012 4:39:46 PM | Computer Name = mrm409-T60p | Source = EventSystem | ID = 4621
Description =

Error - 1/28/2012 4:47:26 PM | Computer Name = mrm409-T60p | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.Zeroaccess!inf in File: c:\windows\system32\drivers\tdx.sys
by: Auto-Protect scan. Action: Delete failed : Leave Alone failed. Action Description:


Error - 1/28/2012 4:47:30 PM | Computer Name = mrm409-T60p | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.Zeroaccess!inf in File: c:\windows\system32\drivers\tdx.sys
by: Auto-Protect scan. Action: Delete failed : Leave Alone failed. Action Description:


Error - 1/28/2012 4:47:30 PM | Computer Name = mrm409-T60p | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.Zeroaccess!inf in File: c:\windows\system32\drivers\tdx.sys
by: Auto-Protect scan. Action: Delete failed : Leave Alone failed. Action Description:


Error - 1/28/2012 4:47:38 PM | Computer Name = mrm409-T60p | Source = EventSystem | ID = 4621
Description =

Error - 1/28/2012 4:53:21 PM | Computer Name = mrm409-T60p | Source = EventSystem | ID = 4609
Description =

Error - 1/28/2012 8:54:16 PM | Computer Name = mrm409-T60p | Source = EventSystem | ID = 4609
Description =

[ Lenovo-Message Center Plus/Admin Events ]
Error - 9/10/2009 4:02:12 AM | Computer Name = mrm409-T60p | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Binary stream '0' does not contain a valid BinaryHeader. Possible
causes are invalid stream or object version change between serialization and deserialization.
-> Exception message: Binary stream '0' does not contain a valid BinaryHeader.
Possible causes are invalid stream or object version change between serialization
and deserialization.

Error - 10/12/2009 6:43:57 PM | Computer Name = mrm409-T60p | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Object reference not set to an instance of an object. -> Exception
message: Object reference not set to an instance of an object.

Error - 10/30/2011 8:16:12 PM | Computer Name = mrm409-T60p | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Object reference not set to an instance of an object. -> Exception
message: Object reference not set to an instance of an object.

[ OSession Events ]
Error - 5/4/2009 1:29:50 PM | Computer Name = mrm409-T60p | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6014.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 93407
seconds with 5040 seconds of active time. This session ended with a crash.

Error - 5/18/2009 11:46:15 AM | Computer Name = mrm409-T60p | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6014.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 4655
seconds with 720 seconds of active time. This session ended with a crash.

Error - 6/2/2009 1:34:06 PM | Computer Name = mrm409-T60p | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 70
seconds with 60 seconds of active time. This session ended with a crash.

Error - 6/2/2009 1:37:24 PM | Computer Name = mrm409-T60p | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 177
seconds with 120 seconds of active time. This session ended with a crash.

Error - 6/2/2009 1:39:59 PM | Computer Name = mrm409-T60p | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 135
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10/11/2009 9:42:21 AM | Computer Name = mrm409-T60p | Source = Service Control Manager | ID = 7043
Description =

Error - 10/11/2009 9:44:58 AM | Computer Name = mrm409-T60p | Source = Service Control Manager | ID = 7000
Description =

Error - 10/12/2009 6:45:59 PM | Computer Name = mrm409-T60p | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 001B770652A3 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 10/12/2009 6:54:23 PM | Computer Name = mrm409-T60p | Source = Service Control Manager | ID = 7000
Description =

Error - 10/12/2009 7:07:18 PM | Computer Name = mrm409-T60p | Source = DCOM | ID = 10010
Description =

Error - 10/12/2009 7:13:31 PM | Computer Name = mrm409-T60p | Source = Service Control Manager | ID = 7000
Description =

Error - 10/15/2009 8:32:27 PM | Computer Name = mrm409-T60p | Source = Service Control Manager | ID = 7031
Description =

Error - 10/15/2009 8:33:13 PM | Computer Name = mrm409-T60p | Source = Service Control Manager | ID = 7031
Description =

Error - 10/15/2009 8:34:13 PM | Computer Name = mrm409-T60p | Source = Service Control Manager | ID = 7032
Description =

Error - 10/15/2009 8:39:31 PM | Computer Name = mrm409-T60p | Source = Service Control Manager | ID = 7000
Description =


< End of report >


OTL logfile created on: 1/28/2012 6:56:40 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Kellogg\Downloads
Windows Vista Enterprise Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 75.26% Memory free
4.21 Gb Paging File | 3.87 Gb Available in Paging File | 91.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 57.90 Gb Free Space | 62.15% Space Free | Partition Type: NTFS
Drive D: | 682.75 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MRM409-T60P | User Name: Kellogg | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/28 18:55:42 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kellogg\Downloads\OTL.exe
PRC - [2011/12/21 01:42:18 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/10/24 09:01:49 | 000,133,944 | ---- | M] (Cisco WebEx LLC) -- C:\Windows\System32\atashost.exe
PRC - [2009/04/16 14:58:33 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/26 14:07:10 | 001,443,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2009/02/26 14:07:08 | 001,799,496 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009/02/01 22:37:00 | 002,440,120 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2008/12/18 15:46:30 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/21 01:42:18 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2006/11/02 03:46:10 | 000,227,328 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/10/24 09:01:49 | 000,133,944 | ---- | M] (Cisco WebEx LLC) [Auto | Running] -- C:\Windows\System32\atashost.exe -- (atashost)
SRV - [2011/10/14 00:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/10/14 00:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2009/05/15 16:29:38 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2009/02/26 14:07:08 | 001,799,496 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/02/01 22:37:00 | 002,440,120 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/02/01 20:43:02 | 000,320,840 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2008/12/18 15:46:30 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/12/18 15:46:30 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/12/10 14:46:58 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/04/24 12:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2008/04/18 03:30:43 | 000,204,800 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2008/04/08 23:15:12 | 000,648,504 | ---- | M] (Pure Networks, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/04/04 11:10:26 | 000,030,152 | ---- | M] (Viewpoint Corporation) [Auto | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Service)
SRV - [2008/01/08 11:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe -- (sprtlisten)
SRV - [2008/01/08 11:02:12 | 000,394,608 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2007/09/26 16:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007/03/20 14:43:04 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/03/02 13:07:28 | 000,055,936 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)


========== Driver Services (SafeList) ==========

DRV - [2012/01/23 19:33:20 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/01/16 12:52:50 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120123.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/01/16 12:52:50 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120123.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/11/11 03:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/11/11 03:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/09/01 02:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/05/03 17:12:28 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/06/01 10:02:03 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2008/12/19 14:08:12 | 000,319,792 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/12/19 14:08:12 | 000,280,112 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/12/19 14:08:12 | 000,043,824 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/09/09 13:54:42 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008/04/08 23:14:02 | 000,024,888 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/04/08 23:14:00 | 000,026,424 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\purendis.sys -- (purendis)
DRV - [2007/04/30 05:45:18 | 002,219,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/03/20 14:41:50 | 000,306,295 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/03/02 16:49:00 | 000,100,656 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2007/03/02 16:47:00 | 000,019,760 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2007/02/09 16:41:08 | 002,377,728 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2007/01/31 12:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 13:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/15 19:10:44 | 000,214,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/11/02 03:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2006/11/02 01:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2006/08/30 18:04:04 | 000,013,744 | ---- | M] (Lenovo Group Limited) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2006/08/04 02:39:00 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.live.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0



IE - HKU\S-1-5-21-1831159865-1480381245-1420893074-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.kellogg.northwestern.edu/student/serial
IE - HKU\S-1-5-21-1831159865-1480381245-1420893074-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKU\S-1-5-21-1831159865-1480381245-1420893074-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1831159865-1480381245-1420893074-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1831159865-1480381245-1420893074-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-1831159865-1480381245-1420893074-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.kellogg.northwestern.edu/student/serial/index.htm"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.%(version)s
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Kellogg\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll (Viewpoint Corporation)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Kellogg\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Users\Administrator\AppData\Roaming\nprhapengine.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/01/17 21:23:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/17 21:12:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/17 21:23:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Kellogg\AppData\Roaming\Move Networks [2010/01/19 19:19:22 | 000,000,000 | ---D | M]

[2009/05/05 11:29:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kellogg\AppData\Roaming\mozilla\Extensions
[2012/01/17 19:47:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kellogg\AppData\Roaming\mozilla\Firefox\Profiles\5l98wh1v.default\extensions
[2009/06/25 06:15:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Kellogg\AppData\Roaming\mozilla\Firefox\Profiles\5l98wh1v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/17 21:25:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/21 01:42:18 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/10/17 07:02:42 | 000,466,944 | ---- | M] (Catalina Marketing Corp.) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2010/10/17 07:02:42 | 000,466,944 | ---- | M] (Catalina Marketing Corp.) -- C:\Program Files\mozilla firefox\plugins\NPcol500.dll
[2011/12/20 23:14:26 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/12/20 23:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/20 23:14:26 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/12/20 23:14:26 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/12/20 23:14:26 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [LELA] C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe (Linksys LLC - A Division of Cisco Systems)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [Qwest Personal Digital Vault] C:\Program Files\Qwest Personal Digital Vault\QwestPersonalDigitalVault.exe ()
O4 - HKLM..\Run: [QwestTouchPointAgent] C:\Program Files\Qwest\Desktop\QwestTouchPointAgent.exe (Qwest Communications)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1831159865-1480381245-1420893074-1003..\Run: [] File not found
O4 - HKU\S-1-5-21-1831159865-1480381245-1420893074-1003..\Run: [Desktop Software] C:\Program Files\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-1831159865-1480381245-1420893074-1003..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O7 - HKU\S-1-5-21-1831159865-1480381245-1420893074-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000047 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000048 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000049 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000050 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000051 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000052 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000053 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000054 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000055 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000056 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000057 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000058 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000059 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000060 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000061 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000062 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000063 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000064 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000065 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000066 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000067 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000068 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000069 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000070 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000071 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000072 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000073 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000074 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000075 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000076 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000077 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000078 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000079 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000080 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000081 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000082 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000083 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000084 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000085 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000086 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000087 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000088 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000089 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000090 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000091 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000092 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000093 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000094 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000095 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000096 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000097 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000098 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000099 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000100 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000101 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000102 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000103 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000104 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000105 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000106 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000107 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000108 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000109 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000110 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000111 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000112 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000113 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000114 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000115 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000116 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000117 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000118 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000119 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000120 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000121 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000122 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000123 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000124 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1831159865-1480381245-1420893074-1003\..Trusted Domains: northwestern.edu ([clubs.kellogg] * in Local intranet)
O15 - HKU\S-1-5-21-1831159865-1480381245-1420893074-1003\..Trusted Domains: northwestern.edu ([departments.kellogg] * in Local intranet)
O15 - HKU\S-1-5-21-1831159865-1480381245-1420893074-1003\..Trusted Domains: northwestern.edu ([vs.kellogg] * in Local intranet)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{115C962E-44E8-4801-AE91-62EA5CCBCA5F}: DhcpNameServer = 129.105.49.1 165.124.49.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{12145DE5-95EE-4226-9CFE-AD62030C5190}: DhcpNameServer = 165.124.49.21 129.105.49.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15930ADF-3FF7-42B2-950A-17695237B83C}: DhcpNameServer = 129.105.49.1 165.124.49.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{363667E3-A6ED-4046-848D-4C155E7F1047}: DhcpNameServer = 129.105.49.1 165.124.49.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{461268EF-1726-445B-9A3C-BF071C477EE4}: DhcpNameServer = 129.105.49.1 165.124.49.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87A55BB8-4208-4578-A78C-BC274220CD75}: DhcpNameServer = 129.105.49.1 165.124.49.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91FD5778-F96D-438C-86C0-D0AA7EF7FF51}: DhcpNameServer = 129.105.49.1 165.124.49.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{98ADE9ED-56F4-4AFB-B10D-8552385BFD30}: DhcpNameServer = 129.105.49.1 165.124.49.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9841409-9126-480E-B709-883A60C6F83E}: DhcpNameServer = 129.105.49.1 165.124.49.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C308C9E7-7C00-4C56-8025-94795F13B74D}: DhcpNameServer = 129.105.49.1 165.124.49.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD1F09FF-5809-4BDC-8EC6-FB7CC30FBFAD}: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED2F2AF8-5B17-4738-AD8B-C03D90887522}: DhcpNameServer = 129.105.49.1 165.124.49.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FEAEC80A-E7B2-491C-A46E-FF4CADC6729F}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1bec3e34-35d1-11de-ab8e-00197eed0616}\Shell\AutoRun\command - "" = C:\Windows\System32\setupSNK.exe -- [2006/11/02 06:35:10 | 000,013,312 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{c8b2fc3e-6f2e-11de-8ef2-00197eed0616}\Shell\AutoRun\command - "" = WD_Windows_Tools\Setup.exe
O33 - MountPoints2\E\Shell\AutoRun\command - "" = WD_Windows_Tools\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2012/01/23 19:33:20 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/01/17 21:24:50 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/01/17 21:23:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2012/01/17 21:22:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2012/01/17 21:22:55 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2012/01/17 21:21:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2012/01/17 21:13:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/01/17 21:09:48 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/01/17 21:04:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/01/17 21:04:34 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/01/17 20:57:24 | 000,000,000 | ---D | C] -- C:\Users\Kellogg\AppData\Local\Secunia PSI
[2012/01/17 20:57:11 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2012/01/17 19:57:59 | 000,000,000 | ---D | C] -- C:\Users\Kellogg\AppData\Roaming\Malwarebytes
[2012/01/17 19:57:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/17 19:57:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/17 19:57:43 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/01/17 19:57:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/17 19:45:15 | 001,976,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Kellogg\Desktop\123.exe
[2012/01/02 11:08:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/01/02 11:06:57 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/01/02 11:06:53 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

========== Files - Modified Within 30 Days ==========

[2012/01/28 18:58:22 | 000,620,566 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/28 18:58:22 | 000,104,284 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/28 18:53:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/28 14:56:12 | 000,001,356 | ---- | M] () -- C:\Users\Kellogg\AppData\Local\d3d9caps.dat
[2012/01/28 14:47:43 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/01/28 14:41:45 | 000,003,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/28 14:41:45 | 000,003,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/23 19:33:20 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/01/22 10:22:12 | 000,000,000 | ---- | M] () -- C:\Users\Kellogg\defogger_reenable
[2012/01/17 21:23:49 | 000,000,847 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012/01/17 21:22:55 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2012/01/17 21:17:32 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2012/01/17 21:12:03 | 000,000,870 | ---- | M] () -- C:\Users\Kellogg\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/17 21:12:03 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/17 20:57:13 | 000,000,899 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012/01/17 19:44:02 | 001,976,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Kellogg\Desktop\123.exe
[2012/01/17 19:35:12 | 000,008,612 | ---- | M] () -- C:\ProgramData\84e2a78c
[2012/01/17 19:35:11 | 000,008,657 | ---- | M] () -- C:\Users\Kellogg\AppData\Local\b4d7d9db
[2012/01/17 19:35:11 | 000,008,651 | ---- | M] () -- C:\Users\Kellogg\AppData\Roaming\a54fa856
[2012/01/02 11:08:21 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2012/01/22 10:22:12 | 000,000,000 | ---- | C] () -- C:\Users\Kellogg\defogger_reenable
[2012/01/17 21:23:49 | 000,000,847 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012/01/17 21:13:46 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2012/01/17 21:13:45 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk
[2012/01/17 21:12:03 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/01/17 21:09:54 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/17 20:57:13 | 000,000,899 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012/01/17 20:57:13 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2012/01/16 19:43:25 | 000,008,657 | ---- | C] () -- C:\Users\Kellogg\AppData\Local\b4d7d9db
[2012/01/16 19:43:25 | 000,008,651 | ---- | C] () -- C:\Users\Kellogg\AppData\Roaming\a54fa856
[2012/01/16 19:43:25 | 000,008,612 | ---- | C] () -- C:\ProgramData\84e2a78c
[2012/01/02 11:08:21 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/08/15 11:25:13 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2009/10/15 18:19:11 | 000,038,475 | ---- | C] () -- C:\Users\Kellogg\AppData\Roaming\Comma Separated Values (Windows).ADR
[2009/07/20 10:13:44 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/07/20 10:13:06 | 000,000,225 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2009/07/20 10:13:06 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2009/07/20 10:13:06 | 000,000,065 | ---- | C] () -- C:\Windows\System32\bd7840w.dat
[2009/07/20 10:11:01 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2009/07/20 10:11:01 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2009/07/20 10:10:59 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2009/07/20 10:10:58 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2009/07/20 10:09:10 | 000,031,567 | ---- | C] () -- C:\Windows\maxlink.ini
[2009/05/04 13:48:42 | 000,001,356 | ---- | C] () -- C:\Users\Kellogg\AppData\Local\d3d9caps.dat
[2009/04/28 08:32:26 | 000,005,120 | ---- | C] () -- C:\Users\Kellogg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/22 12:55:44 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/04/22 12:17:18 | 000,000,174 | ---- | C] () -- C:\Windows\hpbafd.ini
[2008/08/25 05:02:22 | 000,026,624 | ---- | C] () -- C:\Windows\System32\DELG1L3.DLL
[2008/08/22 06:32:18 | 000,217,088 | ---- | C] () -- C:\Windows\System32\ssminidriver.dll
[2008/08/22 06:32:18 | 000,027,136 | ---- | C] () -- C:\Windows\System32\ssimgfilter.dll
[2008/08/22 06:32:18 | 000,011,264 | ---- | C] () -- C:\Windows\System32\sssegfilter.dll
[2008/08/22 06:32:18 | 000,010,752 | ---- | C] () -- C:\Windows\System32\sserrhandler.dll
[2007/07/06 15:11:30 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ADsSecurity.dll
[2007/04/27 11:23:30 | 000,146,037 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007/04/27 10:04:31 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2007/04/27 10:04:31 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/04/27 10:01:43 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/04/26 12:15:07 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/03/20 14:43:18 | 000,197,672 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2006/11/02 06:56:56 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:52 | 000,374,824 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:36:56 | 000,063,488 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2006/11/02 06:36:51 | 000,080,010 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2006/11/02 04:33:01 | 000,620,566 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,104,284 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 01:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 01:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2005/10/14 15:09:48 | 000,051,304 | ---- | C] () -- C:\Windows\System32\drivers\atnt40k.sys

========== LOP Check ==========

[2011/08/20 05:55:44 | 000,000,000 | ---D | M] -- C:\Users\Kellogg\AppData\Roaming\BenjaminMoore.PCV3.USEN.DA6CDF681F87B6FCFCE07B9D05DADF40E81244E5.1
[2010/10/17 07:02:43 | 000,000,000 | ---D | M] -- C:\Users\Kellogg\AppData\Roaming\Catalina Marketing Corp
[2009/06/01 10:02:02 | 000,000,000 | ---D | M] -- C:\Users\Kellogg\AppData\Roaming\Downloaded Installations
[2010/09/29 18:17:24 | 000,000,000 | ---D | M] -- C:\Users\Kellogg\AppData\Roaming\Juniper Networks
[2009/07/20 19:02:19 | 000,000,000 | ---D | M] -- C:\Users\Kellogg\AppData\Roaming\ScanSoft
[2012/01/28 14:47:43 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==%

#5 mrmila

mrmila
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:26 PM

Posted 29 January 2012 - 10:09 AM

Still having issues. Now I cannot get access to the internet unless I am in safe mode. Here are the two OTL logs and the GMER log. Thanks for any help you can provide! -Matt


OTL Extras logfile created on: 1/28/2012 6:56:40 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Kellogg\Downloads
Windows Vista Enterprise Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 75.26% Memory free
4.21 Gb Paging File | 3.87 Gb Available in Paging File | 91.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 57.90 Gb Free Space | 62.15% Space Free | Partition Type: NTFS
Drive D: | 682.75 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MRM409-T60P | User Name: Kellogg | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1831159865-1480381245-1420893074-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F47EFB-3F23-45FB-90D9-714CF1BBE077}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{08568DD9-A641-4F5D-9E37-38C1EAB5329F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0E6CDE3D-68ED-4144-B746-5BF2296CC6F7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2CA1D2C2-ED52-48F7-9095-5E078C646F72}" = lport=445 | protocol=6 | dir=in | app=system |
"{3F0D028E-4D7B-4280-A747-5ECB6EC3456A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{438AEB1A-7AC2-4183-9970-3CAC900CE7ED}" = lport=54925 | protocol=17 | dir=in | name=brother network scanner |
"{4551BBEF-E18E-4B0C-8775-24480623FB72}" = lport=137 | protocol=17 | dir=in | app=system |
"{702A1B67-9783-4FE1-9A82-88C9D71C1E98}" = lport=139 | protocol=6 | dir=in | app=system |
"{73AF7CB8-6D9B-4DD9-AC5D-AE4F0AB2AFC1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{9443B7C8-25F9-4AB7-9463-6F87630C14B7}" = rport=445 | protocol=6 | dir=out | app=system |
"{9B5415CC-06E0-45DA-A775-38BA64BDAEA0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B0DB78A1-2968-4F8B-83C5-CF708202A556}" = rport=139 | protocol=6 | dir=out | app=system |
"{C03EDC34-7ECA-4DC1-8DC4-861137E3269F}" = lport=138 | protocol=17 | dir=in | app=system |
"{C1FA7A07-CE8B-4C55-AFA5-DA8BB43C7A3E}" = rport=137 | protocol=17 | dir=out | app=system |
"{D79A79F6-721C-4075-9CB5-3251A8A0087C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E91C810F-BE04-464F-ACBB-B6458684BB1E}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A29EB01-8BAE-4EC2-9392-11497C6F3C19}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{10C39526-C1C6-4B52-8F13-CAE7C361D428}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{111D6DC7-FACE-4213-9C1B-FE5DD62D2946}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2076BD0E-FDBF-470A-B82F-1E318D4F9028}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{2DDE9205-6762-4ACE-8E7B-0C3C2E0DEB96}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{337AD207-9B3B-460A-A122-F3315C0DF66E}" = protocol=6 | dir=in | app=c:\program files\brother\brmfl07b\faxrx.exe |
"{43B76E95-CEDF-4BD0-AD78-E070D87BFD06}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{56F24AAA-B647-46D7-8D01-4476649DD7B4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{76C76C7D-246C-44C9-8F95-75ECCA4E27E0}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{7731D2B0-603C-4BA6-8CCB-E5911B93F434}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{784811B7-DCC5-4318-B1FA-6949411A2E4A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7AE01DF4-A3D1-46B3-B6FE-FF5CA6178036}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{84C3A29A-A453-4DCD-A752-BB364657078D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{88CD8CEA-BE6B-4C74-95E2-629473895F1B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{94024FD0-C13B-4280-A9A4-70DDDCD525F0}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{9434E4C3-D045-4646-B422-069DBEA827CD}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{9A9065EB-5FD9-469B-AB05-BB9B570BB51E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A771CA0D-A988-4C64-A8B7-C96D3F99656C}" = protocol=17 | dir=in | app=c:\program files\brother\brmfl07b\faxrx.exe |
"{C1856BD5-A9F5-4882-9458-0E38545149D0}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{D81C122E-5007-4E88-9512-2858E683662D}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{E7DE207E-4684-417F-BD25-CCBA230553C3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EA228BBE-FE21-4C74-B64B-A6B49B634048}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"TCP Query User{9D6CDCA0-7E97-4191-B0C2-A0C8C413E9BA}C:\users\kellogg\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\kellogg\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{C3AB15D0-C2E5-4069-B4CD-4A26C448D247}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{AAC54525-08A7-481E-82AD-9128BD5E8425}C:\users\kellogg\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\kellogg\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{F9FF13CF-6547-4A25-B7C9-F6669952A3CC}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0212E16E-F955-C48D-B411-04028B57A2E9}" = CCC Help Spanish
"{06639940-8095-1F30-29FD-76A400D960B1}" = Catalyst Control Center Core Implementation
"{0E5A8371-3772-93D8-C3D1-22D5595774EB}" = Catalyst Control Center Localization Swedish
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{1BCC7FF2-2E02-EED8-EB08-F8C96F7BFE57}" = Catalyst Control Center Localization Chinese Traditional
"{210A0801-DC55-373E-5C1F-067BA6050BBF}" = CCC Help Dutch
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2D64272E-FE6A-8973-1372-1E3A550F3696}" = CCC Help Swedish
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{3152FC3C-C4DF-6240-3502-4954010BE979}" = Catalyst Control Center Graphics Previews Vista
"{317609AE-471D-3553-FFE7-ADCD726D534B}" = CCC Help Chinese Standard
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{337DBBE9-6B38-E75B-14C2-A5D4FE9D9785}" = Catalyst Control Center Localization Dutch
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34EA5FC6-6066-4A9C-0BD2-C0275810F845}" = Catalyst Control Center Localization Korean
"{37773D12-8AE3-BF47-6B83-630FEBF7969A}" = Skins
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{46E1B1F2-A279-4356-9B17-029F9CC72EAE}" = Brother MFL-Pro Suite
"{4AB5764A-3894-49A2-BAA8-C4665F74CD4C}" = Registry patch to improve USB device detection on resume from sleep for Windows Vista
"{4DCBF2AD-D7A0-A75B-80CF-F195797AD701}" = Catalyst Control Center Localization Portuguese
"{5096802A-44EC-A2FB-11E7-0501081DF38D}" = Catalyst Control Center Localization Chinese Standard
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5CF4E506-3628-7338-E2DC-8132134AA893}" = ccc-core-static
"{64E4D3F9-ED6A-94DA-6C73-1312A6310D53}" = CCC Help English
"{70E2BD16-E693-654C-225B-85CF15C9A0EC}" = CCC Help French
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{746FB02B-1D03-43B7-917A-E1341AB69A00}" = Qwest Personal Digital Vault™
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7FE3214C-283E-40C6-A8D5-CB773110090C}" = Linksys EasyLink Advisor
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{8203A58F-EFFE-A605-92AA-68925D5A09F1}" = Catalyst Control Center Graphics Full New
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A75DB4B-EB52-426D-97EB-0BA80B638F9F}" = Branding
"{8ACDAFF3-1231-BBFC-06CA-16F2FA456959}" = CCC Help German
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{0F5F4949-2653-4748-B055-04922F586FC8}" =
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{96387364-BD2F-DC86-A426-569CFBB13E7B}" = CCC Help Italian
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{9AE320C7-B7D5-3357-BE0A-F88078F03AD7}" = Catalyst Control Center Graphics Full Existing
"{9C1EED58-1790-45C4-ADBC-5D45FCA7292E}" = Pure Networks Platform
"{9C2123E5-4595-9723-ED1D-E6C7ACC04EE3}" = Catalyst Control Center Graphics Light
"{9DBC90A0-5F50-2554-09E5-74862157E77D}" = Catalyst Control Center Localization Italian
"{A63E18AC-B504-4045-AFE6-A279BBABB988}" = Qwest QuickAssist Desktop Tools
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AFE5FC18-B775-EAA0-1605-A392B7521092}" = CCC Help Chinese Traditional
"{B55C0B33-35AC-C7FB-0D0D-A75F6B1FFE04}" = CCC Help Korean
"{B6E5C0AB-48B0-D373-A79A-536226C34B87}" = Catalyst Control Center Localization French
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{BC715493-52F1-DD3F-1687-F02F7CAAC11D}" = ccc-utility
"{C1B0BDC8-0624-4036-90D1-F7DF0EE8C96D}" = Symantec Endpoint Protection
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{C75CE15B-695F-AB0B-5019-36843387193C}" = CCC Help Japanese
"{C91DE044-D900-4F15-BBD1-44FD9D59B277}" = Cisco Systems VPN Client 5.0.00.0320
"{C96FF998-45BD-411E-9253-B7F2660FE280}" = Qwest Installer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEF7211D-CE3A-44C4-B321-D84A2099AE94}" = Comcast Desktop Software (v1.2.0.9)
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D67173A8-22AB-8773-0762-1D6FF983CE62}" = Catalyst Control Center Localization German
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{E1A83640-A568-4B56-A4C9-AB38C7035156}" = ThinkPad Mobility Center Customization
"{ECFE9FA7-2124-0CB5-85D5-6D525BA17171}" = Catalyst Control Center Localization Japanese
"{F2AB2488-A0BF-4A9B-98A9-A88CF20FD2FF}" = WebEx Meeting Manager for Internet Explorer
"{FB7A0724-F1BB-FC0A-A7FC-52B01BBF77B4}" = CCC Help Portuguese
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FDFD8AE7-7ADF-5A26-0868-C9DDC800C5DA}" = Catalyst Control Center Localization Spanish
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ATI Display Driver" = ATI Display Driver
"ATI Uninstaller" = ATI Uninstaller
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"ENTERPRISE" = Microsoft Office Enterprise 2007
"InstallShield_{7FE3214C-283E-40C6-A8D5-CB773110090C}" = Linksys EasyLink Advisor
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 9.0.1 (x86 en-GB)" = Mozilla Firefox 9.0.1 (x86 en-GB)
"OnScreenDisplay" = On Screen Display
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"Power Management Driver" = ThinkPad Power Management Driver
"PROSet" = Intel® PRO Network Connections Drivers
"RealPlayer 15.0" = RealPlayer
"Secunia PSI" = Secunia PSI (2.0.0.4003)
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1831159865-1480381245-1420893074-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ClosetMaid v1.5.1" = ClosetMaid v1.5.1
"GoToMeeting" = GoToMeeting 4.1.0.366
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Juniper_Term_Services" = Juniper Terminal Services Client
"Move Media Player" = Move Media Player
"Neoteris_Host_Checker" = Juniper Networks Host Checker
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/28/2012 2:18:34 PM | Computer Name = mrm409-T60p | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.Zeroaccess!inf in File: C:\Windows\System32\drivers\tdx.sys
by: Auto-Protect scan. Action: Reboot Required. Action Description: Risk was
partially removed.

Error - 1/28/2012 3:09:22 PM | Computer Name = mrm409-T60p | Source = System Restore | ID = 8193
Description =

Error - 1/28/2012 4:38:03 PM | Computer Name = mrm409-T60p | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.Zeroaccess!inf in File: C:\Windows\System32\drivers\tdx.sys
by: Auto-Protect scan. Action: Reboot Required. Action Description: Risk was
partially removed.

Error - 1/28/2012 4:39:46 PM | Computer Name = mrm409-T60p | Source = EventSystem | ID = 4621
Description =

Error - 1/28/2012 4:47:26 PM | Computer Name = mrm409-T60p | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.Zeroaccess!inf in File: c:\windows\system32\drivers\tdx.sys
by: Auto-Protect scan. Action: Delete failed : Leave Alone failed. Action Description:


Error - 1/28/2012 4:47:30 PM | Computer Name = mrm409-T60p | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.Zeroaccess!inf in File: c:\windows\system32\drivers\tdx.sys
by: Auto-Protect scan. Action: Delete failed : Leave Alone failed. Action Description:


Error - 1/28/2012 4:47:30 PM | Computer Name = mrm409-T60p | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.Zeroaccess!inf in File: c:\windows\system32\drivers\tdx.sys
by: Auto-Protect scan. Action: Delete failed : Leave Alone failed. Action Description:


Error - 1/28/2012 4:47:38 PM | Computer Name = mrm409-T60p | Source = EventSystem | ID = 4621
Description =

Error - 1/28/2012 4:53:21 PM | Computer Name = mrm409-T60p | Source = EventSystem | ID = 4609
Description =

Error - 1/28/2012 8:54:16 PM | Computer Name = mrm409-T60p | Source = EventSystem | ID = 4609
Description =

[ Lenovo-Message Center Plus/Admin Events ]
Error - 9/10/2009 4:02:12 AM | Computer Name = mrm409-T60p | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Binary stream '0' does not contain a valid BinaryHeader. Possible
causes are invalid stream or object version change between serialization and deserialization.
-> Exception message: Binary stream '0' does not contain a valid BinaryHeader.
Possible causes are invalid stream or object version change between serialization
and deserialization.

Error - 10/12/2009 6:43:57 PM | Computer Name = mrm409-T60p | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Object reference not set to an instance of an object. -> Exception
message: Object reference not set to an instance of an object.

Error - 10/30/2011 8:16:12 PM | Computer Name = mrm409-T60p | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Object reference not set to an instance of an object. -> Exception
message: Object reference not set to an instance of an object.

[ OSession Events ]
Error - 5/4/2009 1:29:50 PM | Computer Name = mrm409-T60p | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6014.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 93407

#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:26 PM

Posted 29 January 2012 - 11:01 AM

Hello, mrmila.


Step 1


The main OTL log (OTL.txt) is cut off and not complete. Please post that as one reply. It will be found in the same directory that OTL.exe is in.

You also referenced attaching ark.txt from GMER, but I don't ssee it here. Can you please attach as well?

I also have some bad news:

Backdoor Warning
One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you do decide to proceed, please continue with the fix below.







Viewpoint (foistware) Warning"

I see that Viewpoint is installed. Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player's components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting Disable auto-updating for the Viewpoint Manager -- the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision.

To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.

Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". This may change, read Viewpoint to Plunge Into Adware.

I recommend that you remove the Viewpoint products; however, decide for yourself. To uninstall the the Viewpoint components (Viewpoint, Viewpoint Manager, Viewpoint Media Player):

  • Click Start, point to Settings, and then click Control Panel.
  • In Control Panel, double-click Add or Remove Programs.
  • In Add or Remove Programs, highlight >>Viewpoint component<< , click Remove.
  • Do the same for each Viewpoint component.




Trusted Zone Warning

Having trusted sites may not be a good idea. The reason why I say it's not a good idea is because the security settings for the internet is not extremely high and once you put a site in your trusted zone, basically almost anymore or thing, including hackers or other malicious software have full access to that site which can lead to hijacking that site and may even have access to your computer. Are you sure you trust a site to that degree?

It is recommended NOT to have ANY sites in your Trusted Zone unless the site requires it to function properly and you trust it very well. Other than that, it is not necessary for you to add any sites into the trusted zone. If you're not sure, and/or you do not need these in your trusted zone to facilitate access or you did not knowingly permit this access yourself, then please remove those sites from your trusted zone.

They can be accessed in Internet Explorer via Tools>>Internet Options>>Security>>Trusted Zone>>Sites. Remove if there are any there.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 mrmila

mrmila
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:26 PM

Posted 31 January 2012 - 07:15 PM

Thanks for your help! I am going to reformat/reinstall windows. I have vista business without the cd. Any chance you can recommend steps to do this without cd or a way to get a cd if not? Really appreciate your help

#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:26 PM

Posted 01 February 2012 - 06:43 AM

You may have a recovery partition...what make/model is your computer?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 mrmila

mrmila
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:26 PM

Posted 01 February 2012 - 08:13 AM

It's a Lenovo T60P

#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:26 PM

Posted 02 February 2012 - 06:26 AM

Here it is...this will restore your computer to factory condition...like it was when you opened the box for the first time. You will lose all your data, so make sure you have backups!

Instructions from Lenovo on restoring a T60P via the recovery partition


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 mrmila

mrmila
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:26 PM

Posted 04 February 2012 - 11:34 AM

Can't get f11 to get me into that screen for some reason. I'm thinking of making one last effort by buying the vista reboot cd and see if that will work. Thank u so much for your help. At the very least I got it disconnected from the Internet before more problems happened.

#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:26 PM

Posted 04 February 2012 - 11:58 AM

The rootkit and automated tools can disable the recovery partition so it's not surprising. Let me know if you need anything else.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#13 mrmila

mrmila
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:26 PM

Posted 04 February 2012 - 01:16 PM

In that case do u think is even worth buying a recovery disk? Will that be blocked to load?

#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:26 PM

Posted 05 February 2012 - 06:37 AM

That will work fine as it doesn't need anything on you hard drive.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:26 PM

Posted 12 February 2012 - 06:38 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users