Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

McAfee Firewall Issue


  • This topic is locked This topic is locked
20 replies to this topic

#1 sjv22

sjv22

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:16 AM

Posted 09 July 2012 - 11:20 PM

Hi, when I open the McAfee Anitvirus Plus window, it says my computer is secure and everything is working fine. However when I click on the link for the firewall settings, it says the firewall is off and gives me the option to turn it on. However when I click the button to turn on the firewall, it does nothing. Also, I ran McAfee Virtual Technician and it said it cannot find any McAfee products on my computer. Below is the log. Thanks in advance.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by vacca at 23:48:15 on 2012-07-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4056.2596 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\ClickfreeC02\UACProxy.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files (x86)\Monsoon Multimedia\Vulkano\Common\havasvc.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.exe
C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\spool\DRIVERS\x64\3\HP1006MC.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Common Files\supportsoft\bin\bcont.exe
C:\ProgramData\ClickfreeC02\reminder\SacReminder.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Users\vacca\AppData\Roaming\Aventail\epi\epivista.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.xfinity.com/?cid=insDate04092012
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120706095445.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
uRun: [SacReminderHDDV2] C:\ProgramData\ClickfreeC02\reminder\SacReminder.exe
uRun: [Download] "C:\Users\vacca\AppData\Local\SupportSoft\ddoctorv2\vacca\SSGet.exe" 120 "http://pcmctbc.cmc.motive.com/motivedocs/EasySolveInstaller.exe" "EasySolveInstaller.exe"
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11f_ActiveX.exe -update activex
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [<NO NAME>]
mRun: [HPUsageTracking] C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe "C:\Program Files (x86)\HP\HP UT\"
mRun: [ddoctorv2] "C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe" startup
mRun: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
StartupFolder: C:\Users\vacca\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
TCP: Interfaces\{94C11547-F19F-40DB-8492-36BF99BD1A14} : DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
TCP: Interfaces\{94C11547-F19F-40DB-8492-36BF99BD1A14}\2456C6B696E6F5234303731463 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{94C11547-F19F-40DB-8492-36BF99BD1A14}\34963736F623030313D27657563747 : DhcpNameServer = 192.168.33.1 68.87.64.230 68.87.66.234
TCP: Interfaces\{94C11547-F19F-40DB-8492-36BF99BD1A14}\C696E6B6379737 : DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{94C11547-F19F-40DB-8492-36BF99BD1A14}\F42716E676560516E64616 : DhcpNameServer = 192.168.1.1 68.87.64.150 68.87.75.198
TCP: Interfaces\{94C11547-F19F-40DB-8492-36BF99BD1A14}\F42716E676560516E64616D27657563747 : DhcpNameServer = 192.168.33.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120706095445.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [(Default)]
mRun-x64: [HPUsageTracking] C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe "C:\Program Files (x86)\HP\HP UT\"
mRun-x64: [ddoctorv2] "C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun-x64: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe" startup
mRun-x64: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 CFUACProxy_clickfreec02;CFUACProxy_clickfreec02;C:\ProgramData\ClickfreeC02\UACProxy.exe [2011-12-9 87368]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 FreeAgentGoNext Service;Seagate Service;C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-5-1 181544]
R2 havasvc;Vulkano Service;C:\Program Files (x86)\Monsoon Multimedia\Vulkano\Common\havasvc.exe [2011-6-6 146432]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-12-9 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-12-9 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-12-9 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-12-9 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-12-9 210584]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-12-14 1692480]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 havabus;HAVA Bus Enumerator;C:\Windows\system32\DRIVERS\havabus.sys --> C:\Windows\system32\DRIVERS\havabus.sys [?]
R3 HAVATV;Hava Video Device;C:\Windows\system32\DRIVERS\HAVATV.sys --> C:\Windows\system32\DRIVERS\HAVATV.sys [?]
R3 HavaTV_10;Hava Remote Video Device;C:\Windows\system32\DRIVERS\HavaTV_10.sys --> C:\Windows\system32\DRIVERS\HavaTV_10.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-12-9 249936]
S3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-12-9 220528]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 OXSDIDRV_x64;Oxford Semi eSATA Filter (x64);C:\Windows\system32\DRIVERS\OXSDIDRV_x64.sys --> C:\Windows\system32\DRIVERS\OXSDIDRV_x64.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-9 366152]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-12-9 249936]
.
=============== Created Last 30 ================
.
2012-07-10 03:44:02 -------- d-----w- C:\Users\vacca\AppData\Roaming\McAfee
2012-07-08 22:03:07 -------- d-----w- C:\Users\vacca\AppData\Local\{5E0E5D31-E735-4F30-AB14-EFF4EF721294}
2012-07-08 10:02:42 -------- d-----w- C:\Users\vacca\AppData\Local\{06134092-AAB9-426A-AB14-E3A1DC37F476}
2012-07-07 22:02:02 -------- d-----w- C:\Users\vacca\AppData\Local\{1B9E06B3-3F29-4E12-A8FD-0EE43247A5C9}
2012-07-07 22:01:50 -------- d-----w- C:\Users\vacca\AppData\Local\{8F23206C-1A16-497B-808E-F03538AF6A36}
2012-07-06 13:16:28 -------- d-----w- C:\Users\vacca\AppData\Local\{A72E8229-2A17-43A2-93C7-9FF38666CBDA}
2012-07-06 13:15:22 -------- d-----w- C:\Users\vacca\AppData\Local\{79F7C8A2-AF5B-437F-BCF8-6B8AFF2DA22B}
2012-07-05 17:17:03 -------- d-----w- C:\Users\vacca\AppData\Local\{4504B4AF-1963-4A9A-9B23-F8B848AB87A1}
2012-07-05 17:16:52 -------- d-----w- C:\Users\vacca\AppData\Local\{DEA4AC54-28B3-4B4C-8B94-607337AC5354}
2012-07-05 01:38:01 -------- d-----w- C:\Users\vacca\AppData\Local\{72DD9D35-0D5A-4D5E-8738-77C2CABD115A}
2012-07-03 21:53:29 -------- d-----w- C:\Users\vacca\AppData\Local\{F99C1FBD-5454-4EE0-AB21-CE274D128BE3}
2012-07-03 21:52:22 -------- d-----w- C:\Users\vacca\AppData\Local\{FAC6BF2E-0AA6-4043-9FC6-44781C022FDD}
2012-07-03 20:45:45 -------- d-----w- C:\Users\vacca\AppData\Local\{094A1414-5773-4D75-B447-0BF7652AFB51}
2012-07-03 04:50:55 -------- d-----w- C:\Users\vacca\AppData\Local\{E93D8036-EBE7-4FF9-A8EE-2262F44D8B4A}
2012-07-03 04:50:18 -------- d-----w- C:\Users\vacca\AppData\Local\{65ADA208-BD76-4E9B-BD40-04C46D0895C1}
2012-07-02 14:18:12 -------- d-----w- C:\Users\vacca\AppData\Local\{A4D659E2-A945-4286-B394-B3A30BCECDF8}
2012-07-02 14:17:04 -------- d-----w- C:\Users\vacca\AppData\Local\{7796B2FC-7695-4CCB-AC0B-0C991DD35C2E}
2012-07-02 13:55:05 -------- d-----w- C:\Users\vacca\AppData\Local\{E5BD5875-F3AC-4A6B-8131-D2C6B5B4C092}
2012-07-02 03:59:51 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-07-02 03:59:50 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-07-02 03:59:50 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-07-02 03:59:31 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-07-02 03:59:26 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-07-02 03:59:24 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-07-02 03:59:23 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-07-02 03:59:21 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-07-02 03:59:19 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-07-02 03:59:15 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-07-02 03:59:14 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-07-02 03:59:01 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-07-02 03:58:59 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-07-02 03:58:59 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-07-02 03:58:59 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-07-02 03:58:58 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-07-02 03:58:57 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-07-02 03:35:45 -------- d-----w- C:\Users\vacca\AppData\Local\{950BBC0D-AE79-48E0-8D79-7046786CB195}
2012-07-01 19:22:39 -------- d-----w- C:\Users\vacca\AppData\Local\{28876C0F-09B7-4E05-85B1-5D89E7A16E68}
2012-07-01 19:21:32 -------- d-----w- C:\Users\vacca\AppData\Local\{B41FEE83-DF66-4F65-97FF-E57957E6F4D6}
2012-07-01 03:22:36 -------- d-----w- C:\Users\vacca\AppData\Local\{65CD71E4-8865-47E1-A478-01F85ACABA95}
2012-07-01 03:22:19 -------- d-----w- C:\Users\vacca\AppData\Local\{7EDA7B80-1E9E-46AC-92E8-483BAD7C6838}
2012-06-29 00:40:45 -------- d-----w- C:\Users\vacca\AppData\Local\{C8767A4F-5DEE-49EF-BBA5-072A816BAD26}
2012-06-29 00:40:31 -------- d-----w- C:\Users\vacca\AppData\Local\{48F93809-90B2-4D6B-8ECF-70AED0D12E99}
2012-06-27 23:52:58 -------- d-----w- C:\Users\vacca\AppData\Local\{9623DE78-3A9C-486E-9082-96FCB870485F}
2012-06-27 23:52:21 -------- d-----w- C:\Users\vacca\AppData\Local\{42D07D65-2DC7-45F1-A6CA-91C52338BCE0}
2012-06-25 22:56:34 -------- d-----w- C:\Users\vacca\AppData\Local\{2D6644D8-58A0-4D00-BC44-E00300A10F4E}
2012-06-25 22:55:26 -------- d-----w- C:\Users\vacca\AppData\Local\{F1569BFD-CAF1-4A79-AA7B-713DC0CF9B79}
2012-06-25 01:40:41 -------- d-----w- C:\Users\vacca\AppData\Roaming\Kodak
2012-06-25 01:39:49 -------- d-----w- C:\Program Files (x86)\Kodak
2012-06-25 01:39:49 -------- d-----w- C:\Program Files (x86)\Common Files\Kodak
2012-06-25 00:53:33 -------- d-----w- C:\Users\vacca\AppData\Local\{D6A43151-5582-4B14-8DBB-306AB595264A}
2012-06-25 00:49:55 -------- d-----w- C:\Users\vacca\AppData\Local\{0D90BAF8-78FC-4FDE-ACBD-663CC11A2B4C}
2012-06-21 04:08:40 -------- d-----w- C:\Users\vacca\AppData\Local\{6A4E0730-1C40-4578-9AD5-9E74DA139DD9}
2012-06-21 04:07:34 -------- d-----w- C:\Users\vacca\AppData\Local\{2A2FA94D-2951-4186-80A6-8EBBB958C591}
2012-06-19 12:34:04 -------- d-----w- C:\Users\vacca\AppData\Local\{1DDC6F3E-E0DC-48F1-BBB3-D7ED66F9CD0A}
2012-06-19 00:33:21 -------- d-----w- C:\Users\vacca\AppData\Local\{FCCFB60F-5E2F-4E83-BB97-0F6599A7E784}
2012-06-19 00:32:14 -------- d-----w- C:\Users\vacca\AppData\Local\{7BD832C2-1657-4996-9579-F02462B35310}
2012-06-18 04:12:04 -------- d-----w- C:\Users\vacca\AppData\Local\{017E883C-541D-4C37-867C-4566F5DBB09A}
2012-06-17 14:57:53 -------- d-----w- C:\Users\vacca\AppData\Local\{2D6E7BB7-ED2D-4094-B4C2-88178AAFEA5D}
2012-06-16 20:40:40 -------- d-----w- C:\Users\vacca\AppData\Local\{8BFE0BC8-A13B-4D3C-A3DD-50E18DE710AF}
2012-06-14 23:36:11 -------- d-----w- C:\Program Files\iPod
2012-06-14 23:36:10 -------- d-----w- C:\Program Files\iTunes
2012-06-14 23:36:10 -------- d-----w- C:\Program Files (x86)\iTunes
2012-06-14 23:27:05 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-06-14 23:27:05 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-06-14 23:27:05 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-06-14 23:27:05 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-06-14 23:27:05 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-06-14 23:27:05 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-06-14 23:27:05 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-06-14 23:12:39 -------- d-----w- C:\Users\vacca\AppData\Local\{8361B4FD-393B-4AF8-9584-55FB30E51118}
2012-06-11 23:50:28 -------- d-----w- C:\Users\vacca\AppData\Local\{C78682A5-CDF4-4C2D-8018-A0E29542D40B}
2012-06-11 23:50:16 -------- d-----w- C:\Users\vacca\AppData\Local\{F4BD6F37-F314-4DD8-A57B-3B06924DA49E}
2012-06-10 15:59:30 -------- d-----w- C:\Users\vacca\AppData\Local\{16DFB663-D69A-447F-8D08-75E971E707EA}
2012-06-10 15:58:51 -------- d-----w- C:\Users\vacca\AppData\Local\{25AEBDB3-F9A1-454B-B8E3-68E678A6D51C}
.
==================== Find3M ====================
.
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-04-19 00:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-19 00:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
.
============= FINISH: 23:50:07.33 ===============

*Moderator Edit: Moved topic from AntiVirus, Firewall and Privacy Products and Protection Methods to the proper forum. ~ Queen-Evie*

Edited by Queen-Evie, 11 July 2012 - 07:10 AM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:16 AM

Posted 14 July 2012 - 11:25 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/460023 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:16 PM

Posted 16 July 2012 - 07:45 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#4 sjv22

sjv22
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:16 AM

Posted 17 July 2012 - 09:29 PM

Thanks, I'm still here.

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:16 PM

Posted 18 July 2012 - 02:03 PM

The first thing you should do is uninstall and then reinstall your antivirus.

Now test it as you did before and let me know if the problem is still there.
Posted Image
m0le is a proud member of UNITE

#6 sjv22

sjv22
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:16 AM

Posted 19 July 2012 - 10:55 PM

Hi there. I unistalled McAfee and then reinstalled it. The same firewall problem exists.

Thanks for the continued help.

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:16 PM

Posted 20 July 2012 - 07:40 PM

Run OTL, this will show the Firewall status

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Posted Image
m0le is a proud member of UNITE

#8 sjv22

sjv22
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:16 AM

Posted 21 July 2012 - 12:27 AM

Thanks for the continued help. Here are the reports:

OTL logfile created on: 7/21/2012 1:05:10 AM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\vacca\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.27 Gb Available Physical Memory | 57.30% Memory free
7.92 Gb Paging File | 5.43 Gb Available in Paging File | 68.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 356.38 Gb Free Space | 79.01% Space Free | Partition Type: NTFS

Computer Name: VACCA-PC | User Name: vacca | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/21 01:00:16 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\vacca\Desktop\OTL.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2011/09/06 13:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 11:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
PRC - [2011/08/18 11:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/01 13:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/01/28 13:44:38 | 000,146,432 | ---- | M] (Monsoon Multimedia Inc.) -- C:\Program Files (x86)\Monsoon Multimedia\Vulkano\Common\havasvc.exe
PRC - [2010/06/21 07:19:17 | 000,501,064 | R--- | M] (SAC) -- C:\ProgramData\ClickfreeC02\reminder\SacReminder.exe
PRC - [2010/06/21 07:19:17 | 000,087,368 | R--- | M] (Storage Appliance Corp.) -- C:\ProgramData\ClickfreeC02\UACProxy.exe
PRC - [2009/09/11 13:06:30 | 000,563,024 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2009/09/11 13:06:28 | 006,788,944 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
PRC - [2009/08/19 10:09:40 | 000,451,904 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
PRC - [2009/06/24 22:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/06/24 18:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/06/18 23:46:24 | 000,494,064 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/06/09 12:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/06/04 21:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/05/21 10:59:14 | 001,025,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Common Files\supportsoft\bin\bcont.exe
PRC - [2009/05/21 10:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/21 10:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/05/01 14:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/05/01 14:35:10 | 000,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2009/01/08 09:36:42 | 002,521,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe
PRC - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2008/04/24 13:25:22 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/02 10:21:27 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012/07/02 10:21:09 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/07/02 10:21:00 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/07/02 10:20:57 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012/05/09 21:46:50 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012/05/09 21:42:55 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/05/09 21:41:34 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/09 21:41:27 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/09 21:41:23 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/09 21:41:22 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/09 21:41:08 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/08/18 11:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/09/11 13:06:32 | 000,021,328 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll
MOD - [2009/09/11 12:48:44 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
MOD - [2009/08/25 11:55:45 | 000,290,816 | R--- | M] () -- C:\ProgramData\ClickfreeC02\reminder\iCommon.dll
MOD - [2009/06/18 23:46:24 | 000,494,064 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2009/02/27 14:52:56 | 000,258,048 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\sqlite.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/05/25 17:13:54 | 000,162,224 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2012/05/25 16:59:02 | 000,210,616 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2012/05/25 16:58:32 | 000,199,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2012/04/19 08:22:48 | 000,502,032 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2010/08/30 14:42:00 | 000,220,528 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\McAfee\MSC\McAWFwk.exe -- (McAWFwk)
SRV:64bit: - [2009/07/16 21:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/06/29 00:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/06/09 12:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2012/07/17 23:14:03 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)
SRV - [2011/08/18 11:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/01/28 13:44:38 | 000,146,432 | ---- | M] (Monsoon Multimedia Inc.) [Auto | Running] -- C:\Program Files (x86)\Monsoon Multimedia\Vulkano\Common\havasvc.exe -- (havasvc)
SRV - [2010/06/21 07:19:17 | 000,087,368 | R--- | M] (Storage Appliance Corp.) [Auto | Running] -- C:\ProgramData\ClickfreeC02\UACProxy.exe -- (CFUACProxy_clickfreec02)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/07 13:03:25 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/11 13:06:30 | 000,563,024 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2009/09/06 07:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/08/19 10:09:40 | 000,451,904 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2009/06/29 00:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe -- (STacSV)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/05/21 10:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009/05/01 14:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 13:29:46 | 000,647,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,487,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2012/02/22 13:29:46 | 000,289,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,160,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2012/02/22 13:29:46 | 000,075,936 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/02/26 17:31:34 | 000,189,568 | ---- | M] (Monsoon Multimedia Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HavaTV_10.sys -- (HavaTV_10)
DRV:64bit: - [2010/02/26 17:31:34 | 000,189,568 | ---- | M] (Monsoon Multimedia Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HavaTV.sys -- (HAVATV)
DRV:64bit: - [2010/02/26 17:31:30 | 000,045,056 | ---- | M] (Monsoon Multimedia Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\havabus.sys -- (havabus)
DRV:64bit: - [2009/09/28 10:55:42 | 000,051,760 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\OXSDIDRV_x64.sys -- (OXSDIDRV_x64) Oxford Semi eSATA Filter (x64)
DRV:64bit: - [2009/07/16 21:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/07/16 21:06:18 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 06:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/29 00:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/06/25 07:26:10 | 000,273,456 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/15 15:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 06:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/06/02 23:16:56 | 007,333,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/05/19 23:10:00 | 000,393,728 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/08 04:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2006/11/01 14:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {66062D51-C8F1-4DEF-821E-CF162FB12EA2}
IE:64bit: - HKLM\..\SearchScopes\{66062D51-C8F1-4DEF-821E-CF162FB12EA2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {47B333FB-5314-430A-9230-5B710CDD1045}
IE - HKLM\..\SearchScopes\{47B333FB-5314-430A-9230-5B710CDD1045}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-1985940298-1196603013-1040585086-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-1985940298-1196603013-1040585086-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.xfinity.com/?cid=insDate04092012
IE - HKU\S-1-5-21-1985940298-1196603013-1040585086-1001\..\SearchScopes,DefaultScope = {47B333FB-5314-430A-9230-5B710CDD1045}
IE - HKU\S-1-5-21-1985940298-1196603013-1040585086-1001\..\SearchScopes\{5164F3C5-25C8-4220-AF7A-E5C92802AEB0}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKU\S-1-5-21-1985940298-1196603013-1040585086-1001\..\SearchScopes\Comcast: "URL" = http://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfstart_tech_search
IE - HKU\S-1-5-21-1985940298-1196603013-1040585086-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1985940298-1196603013-1040585086-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\vacca\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/07/19 23:43:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/07/19 23:57:05 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120719234059.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120719234059.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1985940298-1196603013-1040585086-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [iolo Startup] C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe (iolo technologies, LLC)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1985940298-1196603013-1040585086-1001..\Run: [Desktop Software] C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-1985940298-1196603013-1040585086-1001..\Run: [Download] C:\Users\vacca\AppData\Local\SupportSoft\ddoctorv2\vacca\SSGet.exe ()
O4 - HKU\S-1-5-21-1985940298-1196603013-1040585086-1001..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1985940298-1196603013-1040585086-1001..\Run: [SacReminderHDDV2] C:\ProgramData\ClickfreeC02\reminder\SacReminder.exe (SAC)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\vacca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-1985940298-1196603013-1040585086-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-21-1985940298-1196603013-1040585086-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94C11547-F19F-40DB-8492-36BF99BD1A14}: DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\615\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/08 02:52:05 | 000,000,251 | ---- | M] () - C:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{3c87d64e-1ac7-11e0-93ed-0025647cdddc}\Shell - "" = AutoRun
O33 - MountPoints2\{3c87d64e-1ac7-11e0-93ed-0025647cdddc}\Shell\AutoRun\command - "" = E:\iStudio.exe
O33 - MountPoints2\{71e5e269-1114-11e0-ada6-0025647cdddc}\Shell - "" = AutoRun
O33 - MountPoints2\{71e5e269-1114-11e0-ada6-0025647cdddc}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{af6ad80e-226d-11e1-8ed0-415645000030}\Shell - "" = AutoRun
O33 - MountPoints2\{af6ad80e-226d-11e1-8ed0-415645000030}\Shell\AutoRun\command - "" = E:\StartClickFreeBackup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1985940298-1196603013-1040585086-1001\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/21 01:00:10 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\vacca\Desktop\OTL.exe
[2012/07/21 00:01:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/07/20 17:53:22 | 000,000,000 | ---D | C] -- C:\Users\vacca\AppData\Local\{7FA5B003-6032-446A-B4E3-57DF5D3BA808}
[2012/07/20 17:52:44 | 000,000,000 | ---D | C] -- C:\Users\vacca\AppData\Local\{41C5A8C3-821F-4868-9427-601DF9CE264E}
[2012/07/20 00:00:34 | 000,000,000 | ---D | C] -- C:\Users\vacca\AppData\Local\{E25029C0-3A37-4353-B73F-5E34B960EA66}
[2012/07/19 23:58:27 | 000,000,000 | ---D | C] -- C:\Users\vacca\AppData\Local\{71E6B184-0D03-4FAA-966B-D3FD2A5376A4}
[2012/07/19 23:45:58 | 000,000,000 | ---D | C] -- C:\Users\vacca\AppData\Local\{B4794525-ED71-47F1-9D76-D3EAB491C093}
[2012/07/19 23:40:23 | 000,647,208 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfehidk.sys
[2012/07/19 23:40:22 | 000,160,792 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeapfk.sys
[2012/07/19 23:32:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee.com
[2012/07/19 23:32:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\McAfee
[2012/07/19 23:32:20 | 000,010,248 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeclnk.sys
[2012/07/19 23:32:15 | 000,487,296 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfefirek.sys
[2012/07/19 23:32:15 | 000,289,664 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfewfpk.sys
[2012/07/19 23:32:15 | 000,229,528 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeavfk.sys
[2012/07/19 23:32:15 | 000,100,912 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mferkdet.sys
[2012/07/19 23:32:15 | 000,075,936 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfenlfk.sys
[2012/07/19 23:32:15 | 000,065,264 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\cfwids.sys
[2012/07/19 23:32:11 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2012/07/19 23:32:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2012/07/19 23:32:10 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2012/07/19 23:29:27 | 000,000,000 | ---D | C] -- C:\Users\vacca\AppData\Local\{88D3B041-B31F-4B25-8E37-B2E2F7B324BE}
[2012/07/19 23:24:07 | 000,000,000 | ---D | C] -- C:\Users\vacca\AppData\Local\{3E76E2C8-937C-43AC-8774-C94E1D852120}
[2012/07/19 20:22:00 | 000,000,000 | ---D | C] -- C:\Users\vacca\AppData\Local\{8785478A-D989-42DC-9050-3E6A8535BF36}
[2012/07/18 19:23:40 | 000,000,000 | ---D | C] -- C:\Users\vacca\AppData\Local\{6FD17BFA-0B5B-410E-B911-F3B5FF0FF98C}
[2012/07/18 19:22:33 | 000,000,000 | ---D | C] -- C:\Users\vacca\AppData\Local\{F3BA54BB-5D57-4915-B766-68906F40F3EC}
[2012/07/17 23:13:38 | 000,000,000 | ---D | C] -- C:\Users\vacca\AppData\Local\Citrix
[2012/07/17 23:13:16 | 000,000,000 | ---D | C] -- C:\Users\vacca\AppData\Local\Deployment
[2012/07/17 23:13:16 | 000,000,000 | ---D | C] -- C:\Users\vacca\AppData\Local\Apps
[2012/07/14 17:32:28 | 000,000,000 | ---D | C] -- C:\Users\vacca\AppData\Local\{F3A292AD-2B4D-421C-9026-9DD2F76F457D}
[2012/07/14 17:30:22 | 000,000,000 | ---D | C] -- C:\Users\vacca\AppData\Local\{70985285-42BC-48B7-9243-3722AAD01CEF}
[2012/07/13 21:30:46 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/07/13 21:30:46 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/13 21:30:44 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/07/13 21:30:44 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/13 21:30:43 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/07/13 21:30:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/13 21:30:43 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/07/13 21:30:43 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/13 21:30:42 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/07/13 21:30:42 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/07/13 21:30:42 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/13 21:30:41 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/07/13 21:30:41 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/13 21:25:45 | 000,000,000 | ---D | C] -- C:\Users\vacca\AppData\Local\{C2E4283C-21C4-4C90-B645-AC4A2B2BD989}
[2012/07/13 21:25:31 | 000,000,000 | ---D | C] -- C:\Users\vacca\AppData\Local\{7275FF47-1BD8-41AD-B94C-75D2EA519CC2}
[2012/07/12 19:37:29 | 000,000,000 | ---D | C] -- C:\Users\vacca\AppData\Local\{E01B2AE2-F982-45B2-ABBB-480FABF8B702}
[2012/07/11 22:29:30 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012/07/11 22:29:30 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012/07/11 22:29:18 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/07/11 22:29:08 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012/07/11 22:29:05 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012/07/11 22:21:24 | 000,000,000 | ---D | C] -- C:\Users\vacca\AppData\Local\{9A92DF42-FAE1-44D5-9E5C-CACA7D75CB9F}
[2012/07/11 22:20:45 | 000,000,000 | ---D | C] -- C:\Users\vacca\AppData\Local\{69B330FB-DF0F-43BE-AF68-8151BC581A1A}
[2012/07/09 23:44:02 | 000,000,000 | ---D | C] -- C:\Users\vacca\AppData\Roaming\McAfee
[2012/07/08 18:03:07 | 000,000,000 | ---D | C] -- C:\Users\vacca\AppData\Local\{5E0E5D31-E735-4F30-AB14-EFF4EF721294}
[2012/07/08 06:02:42 | 000,000,000 | ---D | C] -- C:\Users\vacca\AppData\Local\{06134092-AAB9-426A-AB14-E3A1DC37F476}
[2012/07/07 18:02:02 | 000,000,000 | ---D | C] -- C:\Users\vacca\AppData\Local\{1B9E06B3-3F29-4E12-A8FD-0EE43247A5C9}
[2012/07/07 18:01:50 | 000,000,000 | ---D | C] -- C:\Users\vacca\AppData\Local\{8F23206C-1A16-497B-808E-F03538AF6A36}
[2012/07/06 09:16:28 | 000,000,000 | ---D | C] -- C:\Users\vacca\AppData\Local\{A72E8229-2A17-43A2-93C7-9FF38666CBDA}
[2012/07/06 09:15:22 | 000,000,000 | ---D | C] -- C:\Users\vacca\AppData\Local\{79F7C8A2-AF5B-437F-BCF8-6B8AFF2DA22B}
[2012/07/05 13:17:03 | 000,000,000 | ---D | C] -- C:\Users\vacca\AppData\Local\{4504B4AF-1963-4A9A-9B23-F8B848AB87A1}
[2012/07/05 13:16:52 | 000,000,000 | ---D | C] -- C:\Users\vacca\AppData\Local\{DEA4AC54-28B3-4B4C-8B94-607337AC5354}
[2012/07/04 21:38:01 | 000,000,000 | ---D | C] -- C:\Users\vacca\AppData\Local\{72DD9D35-0D5A-4D5E-8738-77C2CABD115A}
[2012/07/03 17:53:29 | 000,000,000 | ---D | C] -- C:\Users\vacca\AppData\Local\{F99C1FBD-5454-4EE0-AB21-CE274D128BE3}
[2012/07/03 17:52:22 | 000,000,000 | ---D | C] -- C:\Users\vacca\AppData\Local\{FAC6BF2E-0AA6-4043-9FC6-44781C022FDD}
[2012/07/03 16:45:45 | 000,000,000 | ---D | C] -- C:\Users\vacca\AppData\Local\{094A1414-5773-4D75-B447-0BF7652AFB51}
[2012/07/03 00:50:55 | 000,000,000 | ---D | C] -- C:\Users\vacca\AppData\Local\{E93D8036-EBE7-4FF9-A8EE-2262F44D8B4A}
[2012/07/03 00:50:18 | 000,000,000 | ---D | C] -- C:\Users\vacca\AppData\Local\{65ADA208-BD76-4E9B-BD40-04C46D0895C1}
[2012/07/02 10:18:12 | 000,000,000 | ---D | C] -- C:\Users\vacca\AppData\Local\{A4D659E2-A945-4286-B394-B3A30BCECDF8}
[2012/07/02 10:17:04 | 000,000,000 | ---D | C] -- C:\Users\vacca\AppData\Local\{7796B2FC-7695-4CCB-AC0B-0C991DD35C2E}
[2012/07/02 09:55:05 | 000,000,000 | ---D | C] -- C:\Users\vacca\AppData\Local\{E5BD5875-F3AC-4A6B-8131-D2C6B5B4C092}
[2012/07/01 23:59:51 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/07/01 23:59:50 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/07/01 23:59:50 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/07/01 23:59:26 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/07/01 23:59:24 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/07/01 23:59:23 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/07/01 23:59:15 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/07/01 23:59:01 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/07/01 23:58:59 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/07/01 23:35:45 | 000,000,000 | ---D | C] -- C:\Users\vacca\AppData\Local\{950BBC0D-AE79-48E0-8D79-7046786CB195}
[2012/07/01 15:22:39 | 000,000,000 | ---D | C] -- C:\Users\vacca\AppData\Local\{28876C0F-09B7-4E05-85B1-5D89E7A16E68}
[2012/07/01 15:21:32 | 000,000,000 | ---D | C] -- C:\Users\vacca\AppData\Local\{B41FEE83-DF66-4F65-97FF-E57957E6F4D6}
[2012/06/30 23:22:36 | 000,000,000 | ---D | C] -- C:\Users\vacca\AppData\Local\{65CD71E4-8865-47E1-A478-01F85ACABA95}
[2012/06/30 23:22:19 | 000,000,000 | ---D | C] -- C:\Users\vacca\AppData\Local\{7EDA7B80-1E9E-46AC-92E8-483BAD7C6838}
[2012/06/28 20:40:45 | 000,000,000 | ---D | C] -- C:\Users\vacca\AppData\Local\{C8767A4F-5DEE-49EF-BBA5-072A816BAD26}
[2012/06/28 20:40:31 | 000,000,000 | ---D | C] -- C:\Users\vacca\AppData\Local\{48F93809-90B2-4D6B-8ECF-70AED0D12E99}
[2012/06/27 19:52:58 | 000,000,000 | ---D | C] -- C:\Users\vacca\AppData\Local\{9623DE78-3A9C-486E-9082-96FCB870485F}
[2012/06/27 19:52:21 | 000,000,000 | ---D | C] -- C:\Users\vacca\AppData\Local\{42D07D65-2DC7-45F1-A6CA-91C52338BCE0}
[2012/06/25 23:02:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-zip
[2012/06/25 18:56:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/06/25 18:56:34 | 000,000,000 | ---D | C] -- C:\Users\vacca\AppData\Local\{2D6644D8-58A0-4D00-BC44-E00300A10F4E}
[2012/06/25 18:55:26 | 000,000,000 | ---D | C] -- C:\Users\vacca\AppData\Local\{F1569BFD-CAF1-4A79-AA7B-713DC0CF9B79}
[2012/06/24 21:40:41 | 000,000,000 | ---D | C] -- C:\Users\vacca\AppData\Roaming\Kodak
[2012/06/24 21:40:20 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2012/06/24 21:39:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kodak
[2012/06/24 21:39:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Kodak
[2012/06/24 20:53:33 | 000,000,000 | ---D | C] -- C:\Users\vacca\AppData\Local\{D6A43151-5582-4B14-8DBB-306AB595264A}
[2012/06/24 20:49:55 | 000,000,000 | ---D | C] -- C:\Users\vacca\AppData\Local\{0D90BAF8-78FC-4FDE-ACBD-663CC11A2B4C}

========== Files - Modified Within 30 Days ==========

[2012/07/21 01:00:16 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\vacca\Desktop\OTL.exe
[2012/07/21 00:56:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/21 00:01:06 | 000,001,830 | ---- | M] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
[2012/07/20 17:59:11 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/20 17:59:11 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/20 17:51:20 | 3190,050,816 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/17 23:13:37 | 000,103,784 | ---- | M] () -- C:\Users\vacca\GoToAssistDownloadHelper.exe
[2012/07/13 21:54:33 | 000,312,640 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/03 23:21:07 | 521,661,879 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/07/02 10:11:18 | 000,760,482 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/02 10:11:18 | 000,637,322 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/02 10:11:18 | 000,112,726 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/28 18:32:13 | 000,000,039 | RH-- | M] () -- C:\Users\vacca\Desktop\stinger.opt
[2012/06/25 21:23:32 | 000,080,579 | ---- | M] () -- C:\Users\vacca\Desktop\scan results.png
[2012/06/25 21:23:15 | 000,021,878 | ---- | M] () -- C:\Users\vacca\Desktop\trojan2.png
[2012/06/25 19:17:02 | 000,022,555 | ---- | M] () -- C:\Users\vacca\Desktop\trojan message.png

========== Files Created - No Company Name ==========

[2012/07/17 23:13:37 | 000,103,784 | ---- | C] () -- C:\Users\vacca\GoToAssistDownloadHelper.exe
[2012/06/25 23:01:18 | 000,000,039 | RH-- | C] () -- C:\Users\vacca\Desktop\stinger.opt
[2012/06/25 21:23:32 | 000,080,579 | ---- | C] () -- C:\Users\vacca\Desktop\scan results.png
[2012/06/25 19:37:20 | 000,021,878 | ---- | C] () -- C:\Users\vacca\Desktop\trojan2.png
[2012/06/25 19:17:02 | 000,022,555 | ---- | C] () -- C:\Users\vacca\Desktop\trojan message.png
[2012/01/12 17:46:55 | 000,183,296 | ---- | C] () -- C:\Windows\SysWow64\RESecure42.dll
[2012/01/12 17:46:54 | 000,017,632 | ---- | C] () -- C:\Windows\staadpro31.ini
[2012/01/12 17:46:42 | 000,000,044 | ---- | C] () -- C:\Windows\DRAW.INI
[2012/01/12 17:28:38 | 000,425,472 | ---- | C] () -- C:\Windows\SysWow64\QESQL04.DLL
[2012/01/12 17:28:38 | 000,203,264 | ---- | C] () -- C:\Windows\SysWow64\QELIB.DLL
[2012/01/11 22:31:06 | 000,002,048 | -HS- | C] () -- C:\Users\vacca\AppData\Local\{22490271-46a9-cce7-3c0c-eb5e153f8e40}\@
[2011/12/09 09:48:11 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
[2011/12/07 22:58:17 | 000,012,382 | -HS- | C] () -- C:\Users\vacca\AppData\Local\663815s6c502f177c640s6gwy0d0
[2011/12/07 22:58:17 | 000,012,382 | -HS- | C] () -- C:\ProgramData\663815s6c502f177c640s6gwy0d0
[2011/07/28 20:21:20 | 000,130,168 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/07/29 19:18:17 | 000,006,656 | ---- | C] () -- C:\Users\vacca\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

< End of report >


OTL Extras logfile created on: 7/21/2012 1:05:10 AM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\vacca\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.27 Gb Available Physical Memory | 57.30% Memory free
7.92 Gb Paging File | 5.43 Gb Available in Paging File | 68.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 356.38 Gb Free Space | 79.01% Space Free | Partition Type: NTFS

Computer Name: VACCA-PC | User Name: vacca | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1985940298-1196603013-1040585086-1001\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08173139-0927-418E-A863-1A24BD67ED0A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0B34C365-0E0A-4F5D-B6D6-3C8D8EB1F747}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{10CE5F05-A5EA-43EB-BBCE-205B57AA2B51}" = lport=137 | protocol=17 | dir=in | app=system |
"{14A141B7-E239-45E5-AC49-ADB4E895857C}" = lport=138 | protocol=17 | dir=in | app=system |
"{172A902E-56E6-4909-A0CF-C647DF139378}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1989C0CF-04AF-4F0C-9325-0E02B092191C}" = lport=1778 | protocol=17 | dir=in | name=vulkano service |
"{198FCA44-0C86-47A3-A885-090A9F109721}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{232EA34C-7A1B-4834-93BA-9AFC72B991D6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{33249E15-2AE5-4FE2-BD16-1D6E9252EA5A}" = lport=139 | protocol=6 | dir=in | app=system |
"{335B71A3-FF46-4D77-AA00-58BB3C247723}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{392D6634-86E0-4F85-B4CC-E0D80FF71AFA}" = lport=445 | protocol=6 | dir=in | app=system |
"{3F31231A-A277-48A9-9630-CBFEBA921085}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{678085AA-FEB0-4ABE-92E5-C5F3A47607B6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6A7962C0-35B7-4F49-817C-6DCA36480321}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7F25A56D-864E-4B9E-9071-ABE6A6220682}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7FD8B589-0168-4A55-97BE-5E3C909B2159}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{85FE0D6F-C94D-4059-AEB2-D07C9EBD9A26}" = rport=138 | protocol=17 | dir=out | app=system |
"{895E0161-0E88-469E-89F8-BA06E7CA7E0F}" = rport=137 | protocol=17 | dir=out | app=system |
"{8EF8A856-A19F-4764-AECB-3C7297B01BFF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A1DA4126-BAC8-4652-B366-CFCE5D366AA0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AD9D99A5-2D5B-4D38-9A59-5043C6CB071A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B04E5AD0-0A35-4289-9B73-9C75D74EFE7A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{B5DC427F-46BE-4E2C-ABF6-D3DA249B9EBB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D3E70E82-911B-4940-9EEA-3420AE3B1B35}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D9E76F8E-2378-4ADA-BC09-6FB9B6E2A606}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DC4C21E9-5211-4DC1-BBF6-42BCF8948CB8}" = rport=445 | protocol=6 | dir=out | app=system |
"{EA74F04E-2DE0-4916-B749-2B857E79D89A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FBE64698-5E18-427B-A5C9-5E720A61C124}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02C31321-5882-4C40-A868-B9701CEC1D93}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{05D648E8-E6C4-4652-8755-9F25C7734E1D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{14307B4D-1910-46E8-BB99-51030E422E7A}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{14BDA9FD-51EA-4DC2-B1BE-EB44CFF5F64E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{244FBD5B-27A5-49D0-BF23-2EE3A2D81782}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{2D01019E-78F4-4F07-BCC8-94A4595AB75E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2D3FDD1F-6EEC-4770-B569-C6FB7A0BEB3E}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{34693056-B49E-47F7-9597-86E6A8DB9BF1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{35A7C283-9FD1-4A39-9D60-436465941FB0}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{37D6F088-6C30-4165-908E-96104A44B383}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3908F777-492E-44AF-9E17-38B51FDD51CE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3F4EB3AC-7FCF-4490-8FC2-D116DD3419D2}" = protocol=17 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{4092BCD4-6CB4-49F3-8599-4B8C5204A81B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4AA7F3FC-E3F6-440D-A25F-6EE6BED32FA8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{4CC13653-FB63-4697-9944-9FE6A949CAB9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4D4CD931-DD13-4FE1-A581-263B122F45F7}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\powerdvd.exe |
"{4DC9CB21-08AF-45CA-AE69-2225E0048BB2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4FC6B417-91DC-4A48-9959-97C42210EED0}" = protocol=17 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{597F5D85-88A9-4824-B112-D0CC82B7E04B}" = protocol=6 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{5BAD5953-CB0C-4024-AA6B-08D128C85FCE}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\hp1006mc.exe |
"{608B6317-9292-425F-943C-8F4F9BC3083A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{66D72C33-DDCA-4B0F-A349-77639F6D96CF}" = protocol=6 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{77A175CE-4F89-477D-B63A-57C428F1BFED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7B101C17-033D-4AB9-85DC-2E023F68FAB1}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{880A747B-CFC5-4C25-BA79-2F444695DA27}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\hp1006mc.exe |
"{88486A25-422A-442E-82A1-365272E354DB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{8EC84E18-ABC9-4919-AA70-40B514CF1076}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{98BAA294-C93E-4542-B4B7-907E5A84291C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9A63357F-43C3-40DA-AD17-C86B8AB7B972}" = protocol=6 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{A1DDEED0-A30B-4024-9D3B-A50842F55541}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A7D6DB80-2595-4090-8A63-BD69262052F6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AD3F0A45-86A2-4FE0-9226-A01A554AE070}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CAA536F3-16E7-4612-976E-CDA69434822D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D087501B-79F1-4422-9E5A-816F3D5586C1}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{D5A7377C-FEDA-4367-9600-8AC468D375EB}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{DB706A8E-EF02-4C74-B230-1E656B3826B6}" = protocol=6 | dir=out | app=system |
"{DE74573D-92B8-4A00-AABB-ED1D4812990D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E1DD86BB-4967-4731-8249-CFB9D56D18C4}" = protocol=17 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{E4993367-0B2C-4224-B52F-7E7F685DD8E7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E51AA344-DA36-4F14-8AED-0E8583A9C8E1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E6B9E08B-F1BA-48E0-A958-82573AB66B44}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{F31729CF-CB74-4239-B091-45444D396A84}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F93299DF-48D9-4A1B-9392-43E6BD260792}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{08AABBF5-353E-43E5-9E38-94989DDE600C}" = Iomega Encryption
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java™ 6 Update 14 (64-bit)
"{41BC9E31-0D39-462E-8E4C-767B21A3B1C3}" = MobileMe Control Panel
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = IntelŪ Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Dell Touchpad

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04F3038E-4120-44CC-B330-E05F737246A5}" = Roxio Update Manager
"{04FCD5DE-1662-4F99-BDA9-C57212113EF2}" = RemoteComms External Disk Access
"{0A15E13F-ED77-4F9C-8969-B6673EB61E31}" = Vulkano Software
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{118C3943-1683-42EF-824D-C22E70DB42E7}" = Comcast Desktop Software (v1.2.1)
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{231A1A09-FDF2-45F2-B3D1-964CECE372BC}" = Seagate Manager Installer
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 30
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{395A57A6-E0E1-C599-3A28-19A96682B4C6}" = Adobe Photoshop.com Inspiration Browser
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{51FC5315-20D4-4B6D-89B4-8776DC5A12CA}" = H&R Block Pennsylvania 2009
"{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1" = iolo technologies' System Mechanic
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58ECE031-9AAD-4011-B34A-BC78E77527E2}" = hppMSRedist
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B307310-53C1-8F80-465E-E2A96FA5EA5D}" = FlipShare
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72552C46-944B-4E16-BBC8-0D85F31C1800}" = Aventail Access Manager
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92A0792A-E771-4C4A-9A4A-C2917AA19EEA}" = H&R Block Basic + Efile 2009
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9B0B46B3-10DF-4ADA-9501-0129D784563D}" = Aventail Web Proxy Agent
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A82D052A-0806-42DF-80CD-1730A1AC0ED3}" = MrvlUsgTracking
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{BCB4C18A-ACA6-4383-8688-E19933A705DD}" = Microsoft SOAP Toolkit 3.0
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1AC923B-2A52-4C5D-8011-5FC83CD58CF4}" = hppusgP1000
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"2B0D8F3C-18AD-4D8E-879A-74A867C5C3CB_is1" = Belkin Router Monitor and Setup
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"BookSmartŪ 2.9.1 2.9.1" = BookSmartŪ 2.9.1 2.9.1
"Cisco Connect" = Cisco Connect
"Dell Webcam Central" = Dell Webcam Central
"Driver Wizard_is1" = Driver Wizard
"GoToAssist" = GoToAssist Corporate
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP LaserJet P1000 series" = HP LaserJet P1000 series
"InstallShield_{0A15E13F-ED77-4F9C-8969-B6673EB61E31}" = Vulkano Software
"InstallShield_{231A1A09-FDF2-45F2-B3D1-964CECE372BC}" = Seagate Manager Installer
"Intelli-studio" = SAMSUNG Intelli-studio
"MSC" = McAfee AntiVirus Plus
"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
"STAADPro Rel 3.1 Demo" = STAADPro Rel 3.1 Demo
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1985940298-1196603013-1040585086-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{72552C46-944B-4E16-BBC8-0D85F31C1800}" = Aventail Access Manager
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/23/2012 6:02:44 PM | Computer Name = vacca-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/23/2012 6:02:44 PM | Computer Name = vacca-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 129776108

Error - 5/23/2012 6:02:44 PM | Computer Name = vacca-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 129776108

Error - 5/23/2012 6:02:55 PM | Computer Name = vacca-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/23/2012 6:02:55 PM | Computer Name = vacca-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 129786607

Error - 5/23/2012 6:02:55 PM | Computer Name = vacca-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 129786607

Error - 5/23/2012 7:07:52 PM | Computer Name = vacca-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/23/2012 7:07:52 PM | Computer Name = vacca-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 133683731

Error - 5/23/2012 7:07:52 PM | Computer Name = vacca-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 133683731

Error - 5/23/2012 7:09:51 PM | Computer Name = vacca-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

[ Broadcom Wireless LAN Events ]
Error - 7/3/2012 11:23:13 PM | Computer Name = vacca-PC | Source = WLAN-Tray | ID = 0
Description = 23:23:13, Tue, Jul 03, 12 Error - Unable to gain access to user store


[ Dell Events ]
Error - 2/10/2011 9:18:02 PM | Computer Name = vacca-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 2/10/2011 9:20:39 PM | Computer Name = vacca-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 2/10/2011 9:20:39 PM | Computer Name = vacca-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 2/10/2011 9:25:27 PM | Computer Name = vacca-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 2/10/2011 9:25:27 PM | Computer Name = vacca-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 2/10/2011 9:26:33 PM | Computer Name = vacca-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 2/10/2011 9:26:33 PM | Computer Name = vacca-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 2/24/2011 8:37:44 PM | Computer Name = vacca-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 2/24/2011 8:37:44 PM | Computer Name = vacca-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/7/2011 10:10:33 PM | Computer Name = vacca-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ Media Center Events ]
Error - 8/11/2010 9:03:39 PM | Computer Name = vacca-PC | Source = MCUpdate | ID = 0
Description = 9:03:39 PM - Error connecting to the internet. 9:03:39 PM - Unable
to contact server..

Error - 8/11/2010 9:04:11 PM | Computer Name = vacca-PC | Source = MCUpdate | ID = 0
Description = 9:04:09 PM - Error connecting to the internet. 9:04:09 PM - Unable
to contact server..

Error - 8/11/2010 10:04:50 PM | Computer Name = vacca-PC | Source = MCUpdate | ID = 0
Description = 10:04:50 PM - Error connecting to the internet. 10:04:50 PM - Unable
to contact server..

Error - 8/11/2010 10:05:20 PM | Computer Name = vacca-PC | Source = MCUpdate | ID = 0
Description = 10:05:19 PM - Error connecting to the internet. 10:05:19 PM - Unable
to contact server..

Error - 8/11/2010 11:05:58 PM | Computer Name = vacca-PC | Source = MCUpdate | ID = 0
Description = 11:05:58 PM - Error connecting to the internet. 11:05:58 PM - Unable
to contact server..

Error - 8/11/2010 11:06:28 PM | Computer Name = vacca-PC | Source = MCUpdate | ID = 0
Description = 11:06:27 PM - Error connecting to the internet. 11:06:27 PM - Unable
to contact server..

Error - 8/12/2010 12:07:07 AM | Computer Name = vacca-PC | Source = MCUpdate | ID = 0
Description = 12:07:07 AM - Error connecting to the internet. 12:07:07 AM - Unable
to contact server..

Error - 8/12/2010 12:07:37 AM | Computer Name = vacca-PC | Source = MCUpdate | ID = 0
Description = 12:07:36 AM - Error connecting to the internet. 12:07:36 AM - Unable
to contact server..

Error - 8/12/2010 9:18:29 AM | Computer Name = vacca-PC | Source = MCUpdate | ID = 0
Description = 9:18:29 AM - Error connecting to the internet. 9:18:29 AM - Unable
to contact server..

Error - 8/12/2010 9:18:59 AM | Computer Name = vacca-PC | Source = MCUpdate | ID = 0
Description = 9:18:58 AM - Error connecting to the internet. 9:18:58 AM - Unable
to contact server..

[ System Events ]
Error - 7/20/2012 12:16:29 AM | Computer Name = vacca-PC | Source = Service Control Manager | ID = 7003
Description = The McAfee Personal Firewall Service service depends the following
service: MpsSvc. This service might not be installed.

Error - 7/20/2012 12:16:29 AM | Computer Name = vacca-PC | Source = Service Control Manager | ID = 7003
Description = The McAfee Personal Firewall Service service depends the following
service: MpsSvc. This service might not be installed.

Error - 7/20/2012 5:51:36 PM | Computer Name = vacca-PC | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 7/20/2012 5:51:39 PM | Computer Name = vacca-PC | Source = Service Control Manager | ID = 7003
Description = The IKE and AuthIP IPsec Keying Modules service depends the following
service: BFE. This service might not be installed.

Error - 7/20/2012 5:51:42 PM | Computer Name = vacca-PC | Source = Service Control Manager | ID = 7003
Description = The McAfee Personal Firewall Service service depends the following
service: MpsSvc. This service might not be installed.

Error - 7/20/2012 5:51:42 PM | Computer Name = vacca-PC | Source = Service Control Manager | ID = 7003
Description = The IPsec Policy Agent service depends the following service: BFE.
This service might not be installed.

Error - 7/20/2012 5:54:10 PM | Computer Name = vacca-PC | Source = Service Control Manager | ID = 7003
Description = The McAfee Personal Firewall Service service depends the following
service: MpsSvc. This service might not be installed.

Error - 7/20/2012 5:54:10 PM | Computer Name = vacca-PC | Source = Service Control Manager | ID = 7003
Description = The McAfee Personal Firewall Service service depends the following
service: MpsSvc. This service might not be installed.

Error - 7/21/2012 12:56:54 AM | Computer Name = vacca-PC | Source = Service Control Manager | ID = 7003
Description = The McAfee Personal Firewall Service service depends the following
service: MpsSvc. This service might not be installed.

Error - 7/21/2012 12:56:54 AM | Computer Name = vacca-PC | Source = Service Control Manager | ID = 7003
Description = The McAfee Personal Firewall Service service depends the following
service: MpsSvc. This service might not be installed.


< End of report >

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:16 PM

Posted 21 July 2012 - 06:50 PM

We need to run an OTL Fix to clear up a little
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :OTL
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-1985940298-1196603013-1040585086-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
    O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
    O4 - Startup: C:\Users\vacca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    [2012/01/11 22:31:06 | 000,002,048 | -HS- | C] () -- C:\Users\vacca\AppData\Local\{22490271-46a9-cce7-3c0c-eb5e153f8e40}\@
    [2011/12/07 22:58:17 | 000,012,382 | -HS- | C] () -- C:\Users\vacca\AppData\Local\663815s6c502f177c640s6gwy0d0
    [2011/12/07 22:58:17 | 000,012,382 | -HS- | C] () -- C:\ProgramData\663815s6c502f177c640s6gwy0d0
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.

The firewall seems to be failing because there's a service missing, MpsSvc. Maybe the malware deleted it.

Click this link, save it and right click and select merge. Reboot and try and start it again.
Posted Image
m0le is a proud member of UNITE

#10 sjv22

sjv22
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:16 AM

Posted 22 July 2012 - 01:06 AM

Here's the output, continued thanks.


========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1985940298-1196603013-1040585086-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk moved successfully.
File move failed. C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk scheduled to be moved on reboot.
C:\Users\vacca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Users\vacca\AppData\Local\{22490271-46a9-cce7-3c0c-eb5e153f8e40}\@ moved successfully.
C:\Users\vacca\AppData\Local\663815s6c502f177c640s6gwy0d0 moved successfully.
C:\ProgramData\663815s6c502f177c640s6gwy0d0 moved successfully.

OTL by OldTimer - Version 3.2.54.0 log created on 07222012_015108

Files\Folders moved on Reboot...
File\Folder C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk not found!

PendingFileRenameOperations files...
File C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk not found!

Registry entries deleted on Reboot...

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:16 PM

Posted 22 July 2012 - 05:22 PM

Did you run the registry merge?
Posted Image
m0le is a proud member of UNITE

#12 sjv22

sjv22
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:16 AM

Posted 22 July 2012 - 10:59 PM

Sorry about that.

I ran the registry merge and a window said it was successful, however the firewall is still doing the same thing as before.

#13 sjv22

sjv22
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:16 AM

Posted 22 July 2012 - 11:48 PM

I was reading some other posts regarding Mcafee firewall issues and noticed that in those instances, the windows firewall was also not working. I checked my windows firewall and found it to be not working. It says the recommended settings are not being used. Then when I click on the button to use the recommended settings, I get an window with an error code saying the settings cannot be changed.

Any thoughts?

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:16 PM

Posted 23 July 2012 - 05:02 PM

I get an window with an error code saying the settings cannot be changed.


Yes, I'd like to have that error code please.
Posted Image
m0le is a proud member of UNITE

#15 sjv22

sjv22
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:16 AM

Posted 23 July 2012 - 08:38 PM

The error window says:

Windows Firewall can't change some of your settings.

Error Code 0x80070433

I attached a screenshot in case you'd like to see it.

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users