Results 1 to 5 of 5

Thread: Vista Security 2012 and Browser Redirect Problems

  1. #1
    Junior Member
    Join Date
    Dec 2011
    Posts
    3

    Default Vista Security 2012 and Browser Redirect Problems

    My laptop recently became infected with the Vista Security 2012 virus that poses as a legitimate virus scan service. My browser was shut down and the program launched, claiming to scan my PC and finding various viruses. The virus did not let me open any .exe files. I researched a solution to this problem on another PC and followed the instructions at http://www.bleepingcomputer.com/virus-removal/remove-vista-security-2012 ...

    I used FixNCR.reg to be able to run .exe files again, RKill to terminate the process, and scanned my PC with Malwarebytes' Anti-Malware, deleting all infected files found. This seemed to fix the Vista Security 2012 problems, but I decided to run SpyBot SnD and Malwarebytes' Anti-Malware again just in case and everything appeared back to normal.

    The problem persisted elsewhere, however, when I opened Firefox and found that all of my Google searches were being redirected to random malware sites. Rescanning with Spybot and Malwarebytes' Anti-Malware did not bring up any results and after a while Vista Security 2012 reappeared. Any help is greatly appreciated

    Below is my DDS Log:

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
    Run by User at 18:26:18 on 2011-12-11
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.1628 [GMT -7:00]
    .
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\agrsmsvc.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
    C:\Windows\system32\java.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Windows\sttray.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=ODT&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6827
    mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=ODT&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6827
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [FIREWALL SERVICE] c:\restore\k-1-3542-4232123213-7676767-8888886\RanDll.exe
    mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [hpqSRMon]
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
    mRun: [SigmatelSysTrayApp] sttray.exe
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [SSDMonitor] c:\program files\common files\pc tools\smonitor\SSDMonitor.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    LSP: mswsock.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{3AAF4D33-7DB6-4444-BC33-F443AE1E03F9} : DhcpNameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{AB31D837-0957-4C15-BFD6-41483FD56E7D} : DhcpNameServer = 192.168.1.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
    Notify: igfxcui - igfxdev.dll
    SEH: ShellObj Class: {f552dde6-2090-4bf4-b924-6141e87789a5} - c:\progra~1\greatis\regrun~1\RRShell.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\wpqbo2xi.default\
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\users\user\appdata\roaming\move networks\plugins\071803000001\npqmp071803000001.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-11-13 204800]
    R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-9-6 583640]
    R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-12-11 1153368]
    S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
    S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2009-4-20 34760]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2011-12-11 17:25:38 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2011-12-11 17:25:38 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-12-10 23:53:16 -------- d-----w- c:\users\user\appdata\roaming\Malwarebytes
    2011-12-10 23:53:09 -------- d-----w- c:\programdata\Malwarebytes
    2011-12-10 23:53:04 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-10 23:53:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-12-09 16:35:17 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{5fbfa707-1efc-4609-aba7-8e0b64f7e888}\mpengine.dll
    2011-12-06 02:47:09 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-12-06 02:11:13 677136 ----a-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
    2011-12-03 18:05:05 -------- d-----r- c:\program files\Skype
    .
    ==================== Find3M ====================
    .
    2011-09-20 21:02:55 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
    .
    ============= FINISH: 18:27:17.21 ===============

  2. #2
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default




    Please read Before You Post
    While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

    Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

    Running programs with Vista or Windows 7 , you need to Right Click on the program and select RUN AS ADMINISTATOR


    You do have some issues malware related going on, lets do this

    Download aswMBR.exe ( 511KB ) to your desktop.

    Double click the aswMBR.exe to run it

    Click the "Scan" button to start scan


    On completion of the scan click save log, save it to your desktop and post in your next reply





    OTL by OldTimer
    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Click the "Scan All Users" checkbox.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
        Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
    Last edited by ken545; 2011-12-16 at 00:09.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  3. #3
    Junior Member
    Join Date
    Dec 2011
    Posts
    3

    Default

    aswMBR text:

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-12-16 16:27:57
    -----------------------------
    16:27:57.050 OS Version: Windows 6.0.6002 Service Pack 2
    16:27:57.050 Number of processors: 2 586 0xF0D
    16:27:57.050 ComputerName: USER-PC UserName: User
    16:28:22.775 Initialize success
    16:29:21.142 AVAST engine defs: 11121603
    16:29:32.016 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
    16:29:32.016 Disk 0 Vendor: Hitachi_ BBCO Size: 152627MB BusType: 3
    16:29:32.047 Disk 0 MBR read successfully
    16:29:32.047 Disk 0 MBR scan
    16:29:32.047 Disk 0 Windows VISTA default MBR code
    16:29:32.078 Disk 0 scanning sectors +312576705
    16:29:32.265 Disk 0 scanning C:\Windows\system32\drivers
    16:30:01.156 Service scanning
    16:30:02.732 Modules scanning
    16:30:27.021 Disk 0 trace - called modules:
    16:30:27.068 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
    16:30:27.068 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85dd2288]
    16:30:27.084 3 CLASSPNP.SYS[8a3a58b3] -> nt!IofCallDriver -> [0x853286a8]
    16:30:27.084 5 acpi.sys[8069d6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8532a030]
    16:30:27.848 AVAST engine scan C:\Windows
    16:30:36.880 AVAST engine scan C:\Windows\system32
    16:35:23.827 AVAST engine scan C:\Windows\system32\drivers
    16:35:56.883 AVAST engine scan C:\Users\User
    16:43:34.259 AVAST engine scan C:\ProgramData
    16:45:39.839 Scan finished successfully
    16:50:41.342 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
    16:50:41.357 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"


    OTL:

    OTL logfile created on: 12/16/2011 4:53:26 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\User\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.99 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 64.11% Memory free
    6.18 Gb Paging File | 5.20 Gb Available in Paging File | 84.16% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 137.12 Gb Total Space | 77.95 Gb Free Space | 56.85% Space Free | Partition Type: NTFS
    Drive D: | 11.93 Gb Total Space | 5.18 Gb Free Space | 43.46% Space Free | Partition Type: NTFS
    Drive G: | 3.68 Gb Total Space | 0.05 Gb Free Space | 1.43% Space Free | Partition Type: FAT32

    Computer Name: USER-PC | User Name: User | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\User\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Windows\System32\java.exe (Sun Microsystems, Inc.)
    PRC - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
    PRC - C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
    PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
    PRC - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe ()
    PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
    PRC - C:\Windows\sttray.exe (IDT, Inc.)
    PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
    PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)


    ========== Modules (No Company Name) ==========

    MOD - C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll ()
    MOD - C:\Program Files\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll ()


    ========== Win32 Services (SafeList) ==========

    SRV - (PCToolsSSDMonitorSvc) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
    SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
    SRV - (nmservice) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
    SRV - (LinksysUpdater) -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe ()
    SRV - (SupportSoft RemoteAssist) -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe (SupportSoft, Inc.)
    SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
    SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )
    DRV - (Partizan) -- C:\Windows\System32\drivers\Partizan.sys (Greatis Software)
    DRV - (purendis) -- C:\Windows\System32\drivers\purendis.sys (Cisco Systems, Inc.)
    DRV - (pnarp) -- C:\Windows\System32\drivers\pnarp.sys (Cisco Systems, Inc.)
    DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
    DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
    DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
    DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
    DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
    DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
    DRV - (NETw2v32) Intel(R) -- C:\Windows\System32\drivers\NETw2v32.sys (Intel® Corporation)
    DRV - (TIEHDUSB) -- C:\Windows\System32\drivers\tiehdusb.sys (Texas Instruments Incorporated)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.h...s=PTB&M=M-6827


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.h...s=PTB&M=M-6827
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.h...s=PTB&M=M-6827
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.h...s=PTB&M=M-6827
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.h...s=PTB&M=M-6827
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-710243377-3777013803-3809824090-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.h...s=PTB&M=M-6827
    IE - HKU\S-1-5-21-710243377-3777013803-3809824090-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-710243377-3777013803-3809824090-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-710243377-3777013803-3809824090-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-710243377-3777013803-3809824090-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\User\AppData\Roaming\Move Networks\plugins\071803000001\npqmp071803000001.dll (Move Networks)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/01/27 17:10:12 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/11 21:29:08 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/14 13:11:27 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/01/27 17:10:12 | 000,000,000 | ---D | M]

    [2009/12/03 18:06:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Extensions
    [2011/12/16 12:47:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wpqbo2xi.default\extensions
    [2010/08/08 16:54:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wpqbo2xi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/11/11 21:29:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    () (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WPQBO2XI.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
    [2011/11/11 21:29:08 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2011/09/03 12:55:52 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2011/11/11 21:29:08 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2011/12/12 21:07:40 | 000,440,443 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.1001-search.info
    O1 - Hosts: 127.0.0.1 1001-search.info
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.123topsearch.com
    O1 - Hosts: 127.0.0.1 123topsearch.com
    O1 - Hosts: 127.0.0.1 www.132.com
    O1 - Hosts: 127.0.0.1 132.com
    O1 - Hosts: 127.0.0.1 www.136136.net
    O1 - Hosts: 15157 more lines...
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll File not found
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Windows\System32\BAE.dll (Gateway Inc.)
    O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4 - HKLM..\Run: [hpqSRMon] File not found
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
    O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (IDT, Inc.)
    O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
    O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-21-710243377-3777013803-3809824090-1000..\Run: [FIREWALL SERVICE] c:\RESTORE\k-1-3542-4232123213-7676767-8888886\RanDll.exe File not found
    O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-21-710243377-3777013803-3809824090-1000\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-21-710243377-3777013803-3809824090-1000\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - %SystemRoot%\System32\winrnr.dll File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3AAF4D33-7DB6-4444-BC33-F443AE1E03F9}: DhcpNameServer = 209.18.47.61 209.18.47.62
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB31D837-0957-4C15-BFD6-41483FD56E7D}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
    O18 - Protocol\Filter\application/x-mfe-ipt - No CLSID value found
    O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O28 - HKLM ShellExecuteHooks: {F552DDE6-2090-4bf4-B924-6141E87789A5} - C:\Program Files\Greatis\RegRunSuite\RRShell.dll (Greatis Software, LLC)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2004/04/30 02:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
    O33 - MountPoints2\{1b9dd57d-be3a-11dd-a2a7-00e0b8fa39ea}\Shell - "" = AutoRun
    O33 - MountPoints2\{1b9dd57d-be3a-11dd-a2a7-00e0b8fa39ea}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
    O33 - MountPoints2\{b570a1a6-935a-11dd-b4c4-00e0b8fa39ea}\Shell\AutoRun\command - "" = RESTORE\k-1-3542-4232123213-7676767-8888886\RanDll.exe
    O33 - MountPoints2\{b570a1a6-935a-11dd-b4c4-00e0b8fa39ea}\Shell\open\command - "" = RESTORE\k-1-3542-4232123213-7676767-8888886\RanDll.exe
    O33 - MountPoints2\G\Shell - "" = AutoRun
    O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (Partizan)
    O34 - HKLM BootExecute: (ootExecute settings...)
    O34 - HKLM BootExecute: (on\E)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKU\S-1-5-21-710243377-3777013803-3809824090-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/12/16 16:50:51 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
    [2011/12/16 16:22:05 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\User\Desktop\aswMBR.exe
    [2011/12/14 23:20:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    [2011/12/14 23:20:04 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
    [2011/12/14 03:07:37 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2011/12/14 03:07:35 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
    [2011/12/14 03:07:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2011/12/14 03:07:34 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
    [2011/12/14 03:07:34 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2011/12/14 03:07:31 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
    [2011/12/13 18:07:33 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
    [2011/12/13 18:07:33 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
    [2011/12/13 18:07:28 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [2011/12/13 18:07:26 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
    [2011/12/13 18:07:25 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
    [2011/12/13 18:07:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
    [2011/12/11 18:15:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/12/11 18:14:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
    [2011/12/11 18:14:30 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
    [2011/12/11 18:13:10 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\User\Desktop\dds.scr
    [2011/12/11 10:25:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
    [2011/12/11 10:25:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2011/12/11 10:25:38 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2011/12/10 16:53:16 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
    [2011/12/10 16:53:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/12/10 16:53:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/12/10 16:53:04 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2011/12/10 16:53:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/12/10 16:48:33 | 009,851,496 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\User\Desktop\mbam-setup.exe
    [2011/12/05 19:47:09 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2011/12/03 11:05:18 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Skype
    [2011/12/03 11:05:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2011/12/03 11:05:05 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
    [2011/12/03 11:05:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype

    ========== Files - Modified Within 30 Days ==========

    [2011/12/16 16:50:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
    [2011/12/16 16:50:41 | 000,000,512 | ---- | M] () -- C:\Users\User\Desktop\MBR.dat
    [2011/12/16 16:32:21 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/12/16 16:32:21 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/12/16 16:25:17 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/12/16 16:25:17 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/12/16 16:24:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/12/16 16:24:47 | 3211,190,272 | -HS- | M] () -- C:\hiberfil.sys
    [2011/12/16 16:24:44 | 279,562,475 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2011/12/16 16:22:07 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\User\Desktop\aswMBR.exe
    [2011/12/16 14:14:26 | 000,000,240 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
    [2011/12/14 23:20:25 | 000,000,830 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
    [2011/12/14 19:54:08 | 000,000,252 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
    [2011/12/14 03:28:10 | 000,393,656 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2011/12/14 03:24:50 | 000,000,400 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for User.job
    [2011/12/12 21:07:40 | 000,440,443 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011/12/11 18:47:48 | 000,004,387 | ---- | M] () -- C:\Users\User\Documents\Attach.zip
    [2011/12/11 18:14:31 | 000,000,704 | ---- | M] () -- C:\Users\User\Desktop\NTREGOPT.lnk
    [2011/12/11 18:14:31 | 000,000,685 | ---- | M] () -- C:\Users\User\Desktop\ERUNT.lnk
    [2011/12/11 18:13:11 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\User\Desktop\dds.scr
    [2011/12/11 17:00:59 | 000,006,922 | -HS- | M] () -- C:\Users\User\AppData\Local\54e0w245m2huy6u70n6ac
    [2011/12/11 17:00:56 | 000,006,624 | -HS- | M] () -- C:\ProgramData\54e0w245m2huy6u70n6ac
    [2011/12/11 10:25:47 | 000,001,050 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2011/12/11 10:25:47 | 000,001,026 | ---- | M] () -- C:\Users\User\Desktop\Spybot - Search & Destroy.lnk
    [2011/12/10 16:53:10 | 000,000,877 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/12/10 16:46:30 | 000,009,576 | -HS- | M] () -- C:\Users\User\AppData\Local\m2um34a6ru1bqe
    [2011/12/10 16:46:30 | 000,009,576 | -HS- | M] () -- C:\ProgramData\m2um34a6ru1bqe
    [2011/12/10 16:36:12 | 009,851,496 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\User\Desktop\mbam-setup.exe
    [2011/12/10 16:32:18 | 001,008,120 | ---- | M] () -- C:\Users\User\Desktop\iExplore.exe
    [2011/12/10 16:31:22 | 001,008,120 | ---- | M] () -- C:\Users\User\Desktop\rkill.exe
    [2011/12/10 16:29:16 | 000,001,205 | ---- | M] () -- C:\Users\User\Desktop\FixNCR.reg
    [2011/12/10 15:40:43 | 000,196,608 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
    [2011/12/10 15:40:14 | 000,002,337 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
    [2011/12/10 09:39:06 | 000,041,984 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/12/10 06:38:17 | 000,000,775 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2011/12/05 19:47:09 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2011/12/01 23:32:02 | 000,000,107 | ---- | M] () -- C:\Users\User\webct_upload_applet.properties
    [2011/11/23 06:37:27 | 002,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

    ========== Files Created - No Company Name ==========

    [2011/12/16 16:50:41 | 000,000,512 | ---- | C] () -- C:\Users\User\Desktop\MBR.dat
    [2011/12/16 16:24:44 | 279,562,475 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2011/12/16 14:14:26 | 000,000,240 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
    [2011/12/14 23:20:25 | 000,000,830 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
    [2011/12/11 18:47:48 | 000,004,387 | ---- | C] () -- C:\Users\User\Documents\Attach.zip
    [2011/12/11 18:14:31 | 000,000,704 | ---- | C] () -- C:\Users\User\Desktop\NTREGOPT.lnk
    [2011/12/11 18:14:31 | 000,000,685 | ---- | C] () -- C:\Users\User\Desktop\ERUNT.lnk
    [2011/12/11 16:59:42 | 000,006,922 | -HS- | C] () -- C:\Users\User\AppData\Local\54e0w245m2huy6u70n6ac
    [2011/12/11 16:59:42 | 000,006,624 | -HS- | C] () -- C:\ProgramData\54e0w245m2huy6u70n6ac
    [2011/12/11 10:25:47 | 000,001,050 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2011/12/11 10:25:47 | 000,001,026 | ---- | C] () -- C:\Users\User\Desktop\Spybot - Search & Destroy.lnk
    [2011/12/10 16:53:10 | 000,000,877 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/12/10 16:48:34 | 001,008,120 | ---- | C] () -- C:\Users\User\Desktop\rkill.exe
    [2011/12/10 16:48:34 | 001,008,120 | ---- | C] () -- C:\Users\User\Desktop\iExplore.exe
    [2011/12/10 16:48:34 | 000,001,205 | ---- | C] () -- C:\Users\User\Desktop\FixNCR.reg
    [2011/12/10 16:45:47 | 3211,190,272 | -HS- | C] () -- C:\hiberfil.sys
    [2011/12/10 15:35:06 | 000,009,576 | -HS- | C] () -- C:\Users\User\AppData\Local\m2um34a6ru1bqe
    [2011/12/10 15:35:06 | 000,009,576 | -HS- | C] () -- C:\ProgramData\m2um34a6ru1bqe
    [2011/12/03 11:05:06 | 000,002,337 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
    [2010/09/06 18:49:43 | 000,037,336 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe
    [2009/12/03 08:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
    [2009/10/19 18:07:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/10/19 18:07:52 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2009/09/27 12:44:48 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
    [2009/04/20 17:07:25 | 000,020,192 | ---- | C] () -- C:\Windows\WinBait.exe
    [2009/03/08 12:32:44 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2009/01/27 16:42:38 | 000,164,648 | ---- | C] () -- C:\Windows\hpoins33.dat
    [2008/10/06 16:04:03 | 000,041,984 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/10/06 15:21:18 | 000,000,374 | ---- | C] () -- C:\Users\User\AppData\Roaming\wklnhst.dat
    [2008/06/17 02:23:23 | 000,001,526 | ---- | C] () -- C:\Windows\hpomdl33.dat
    [2008/06/09 23:43:19 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
    [2008/06/09 23:43:19 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
    [2008/06/09 23:43:19 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
    [2008/06/09 23:43:18 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
    [2008/06/09 23:41:14 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [2008/02/11 18:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
    [2008/02/11 18:34:48 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
    [2008/02/11 18:34:48 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
    [2008/02/11 18:34:48 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
    [2008/02/04 22:33:35 | 000,360,448 | ---- | C] () -- C:\Windows\System32\HotlineClient.exe
    [2006/11/02 05:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 05:47:37 | 000,393,656 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 03:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 03:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

    ========== LOP Check ==========

    [2009/03/15 13:38:24 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Canon
    [2010/02/27 13:22:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\McGraw-HillLicensing
    [2009/01/31 16:46:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SampleView
    [2011/12/16 14:54:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Spotify
    [2008/10/05 12:32:06 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SupportSoft
    [2008/10/06 15:21:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Template
    [2011/12/14 19:54:08 | 000,000,252 | ---- | M] () -- C:\Windows\Tasks\RMSchedule.job
    [2011/12/16 13:07:27 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:D1B5B4F1

    < End of report >

  4. #4
    Junior Member
    Join Date
    Dec 2011
    Posts
    3

    Default

    Extras.txt:

    OTL Extras logfile created on: 12/16/2011 4:53:26 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\User\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.99 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 64.11% Memory free
    6.18 Gb Paging File | 5.20 Gb Available in Paging File | 84.16% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 137.12 Gb Total Space | 77.95 Gb Free Space | 56.85% Space Free | Partition Type: NTFS
    Drive D: | 11.93 Gb Total Space | 5.18 Gb Free Space | 43.46% Space Free | Partition Type: NTFS
    Drive G: | 3.68 Gb Total Space | 0.05 Gb Free Space | 1.43% Space Free | Partition Type: FAT32

    Computer Name: USER-PC | User Name: User | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-710243377-3777013803-3809824090-1000\SOFTWARE\Classes\<extension>]
    .exe [@ = exefile] -- Reg Error: Key error. File not found
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{00280665-DE92-4B9D-A6BE-A73CEE4F2648}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{0206A253-9CFA-4A5F-945C-3D37BD32C1F1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{11A98F4B-381C-460D-9961-E829750684F0}" = rport=138 | protocol=17 | dir=out | app=system |
    "{121B00E0-1889-44B9-8B5E-33DEC3DDB6DD}" = lport=137 | protocol=17 | dir=in | app=system |
    "{1A74EBEA-18B6-4495-8E97-17A80EA2F247}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{2C591208-986D-4556-89DF-EB41E0446C9B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{3713A44F-5055-4759-83C6-2B39ED15B071}" = rport=445 | protocol=6 | dir=out | app=system |
    "{381B6BB8-EF0D-4BEB-9C1D-4123D7B0426C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{3E627DA9-D222-4EAC-9D6B-3286680F36D4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
    "{47E0951C-78A5-4FE9-A938-B8210D4E3780}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\netproj.exe |
    "{55E4781E-B150-492E-B7D3-6CBB6CF9A3C2}" = lport=139 | protocol=6 | dir=in | app=system |
    "{5A69B986-2F14-4592-9CE4-E865174110E9}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{5A86852D-5610-40EF-8274-64A2790A2C56}" = lport=445 | protocol=6 | dir=in | app=system |
    "{64BF3B47-2262-4E93-8637-2163A3F4C875}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{6879D2F8-C921-4D13-BEEC-5764A1021BD7}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{6D41FAAE-3D38-40CD-BA56-1FEA38552261}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{6F78A1FB-6825-4F7D-BA88-7ABDD5D14B78}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{70ECE967-E53A-4076-A115-E70732C6838D}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
    "{75C19352-C4F8-430D-81AC-7DB9EBB77A7A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{775FDCF2-6245-47C4-8742-E1DE3AF44A90}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{78ADCEA4-4478-47B4-9AB7-401EC4DCF321}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{78B37D79-C4C2-4C93-BAD7-65B4CFD1EC62}" = rport=5358 | protocol=6 | dir=out | app=system |
    "{7AFE261D-4304-44B6-9804-84F86D18480F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{80F6C237-5184-4CBD-AFEC-2DEEFF2ABB14}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{87B88C39-5850-4104-8B11-BEDA078A3653}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
    "{8923C763-7B5F-4F8F-B415-246C7BECA270}" = rport=137 | protocol=17 | dir=out | app=system |
    "{89EB13F0-3993-4049-B9A0-6B3DD6384C38}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{8D6E9359-EEA9-4122-A2E5-1F6FE54B2641}" = lport=5358 | protocol=6 | dir=in | app=system |
    "{901800BE-E548-45D4-B0E2-C2E4703A69D8}" = lport=138 | protocol=17 | dir=in | app=system |
    "{B02E57AF-9B56-4906-8C25-AF3207850159}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C287A62B-8D8A-47D6-AF71-18AF7DCB9EC2}" = rport=5357 | protocol=6 | dir=out | app=system |
    "{CB1692AF-FD9F-4C17-A6A7-3ED3783ADF06}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{D105AD49-80CC-4D2E-A4EC-4447013B32E5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{D4943283-FF18-4053-B898-45B78C0F1AD7}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
    "{DBA4B0D1-3658-414B-A0E5-BAEC40361478}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{DD49A0ED-4844-44A1-9B08-8F45D80345A8}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
    "{E02DC8F4-3814-43D6-8A06-92BE41302B7C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{E14C2E3B-3D0B-4CE4-9AC1-E66EA8C56977}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\netproj.exe |
    "{E7C226D4-7E55-44D6-B389-F6824476609C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{E81E819E-34B9-45CB-9D6A-7F784A85629D}" = lport=5357 | protocol=6 | dir=in | app=system |
    "{E868BEE2-1E1C-4B49-BAE9-4CF7A266A82F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{EDEC4A82-9D3B-453A-BF94-1893C14BB309}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{EE69B390-CFF9-42DE-A254-54F7963936F6}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{017DA46C-C353-42BB-ABBB-1120CD204463}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{05F15CB5-477C-4339-BB71-86C2C120CAAA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
    "{0CF1076B-2981-4764-8A3F-D2CC2FC1E2D1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
    "{118018BF-B6D4-4489-A439-958CAA66E2A6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{181D8DB5-4FBA-414E-AC8F-E451DB0D5B22}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{2448A7C9-BE2A-4378-BD0A-AB618DB20A80}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
    "{2F615C5F-0006-4642-A3FA-2937D9CB471F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
    "{2FCAD554-FEE7-46F5-87B3-A7ABF73A4E4D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{37E167AF-FAE4-4502-93AC-19AF936C85A8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{3E419B19-BCD5-432E-82BC-F245397A17BA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{444600C0-DA41-4145-810D-32816B5FAAA7}" = protocol=6 | dir=out | app=c:\windows\system32\netproj.exe |
    "{46C4FF08-6EDF-4874-A7ED-EB094BA4822E}" = protocol=6 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
    "{4C41FCDD-7D29-41DF-B5CA-EDE012431097}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{4C52D409-36A8-4921-9297-E1E363DAAC2E}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
    "{55942926-536D-40A3-AE8E-EAC2E1D4DE11}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{56C7F142-F7C2-4664-AEE1-3C5AE20DFE3E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
    "{586D851F-4CB1-45EF-9205-2B54B6207F12}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
    "{5A36B604-696E-40CC-9810-F1C8B1C3B7AA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{5F83DC36-DC68-4AD9-B326-4D06C0FC37B2}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
    "{667353D1-DDAB-49C3-A411-CE315D07797A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
    "{6DC1AAB8-0008-4C98-BAF5-C1B3CCAF63B5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
    "{738A1A2B-558B-46DD-8832-A1FB9E939E9E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{773281F2-B9AE-4B32-B1BA-81E4F2C7E0A1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
    "{7FFECDC4-A142-45E4-B1B6-ADC3743A8AA6}" = protocol=17 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
    "{8454660E-2772-442B-9ACB-53CCE19D6D79}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{940E23DF-7C59-4D96-982B-5D5881873316}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{969A8A7E-22D2-44C4-B71C-31AD0DB65209}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
    "{9D9C2C32-EBF0-4770-A449-379EE1B9AAC2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{A153F0CC-68BC-429C-B04A-86CB2FF95EFA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{B2342474-F17C-4944-9C71-886C5D8FDA04}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{B2E1F41F-33CD-45B8-B22B-9FA79422DDC5}" = protocol=6 | dir=out | app=system |
    "{B5A99461-11F2-4B37-92F9-B85A88C91ECB}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
    "{B6087DF4-A37A-4A1C-98FC-FB1BF23A10C1}" = protocol=6 | dir=out | app=system |
    "{B6639308-510A-4225-9CF5-4519FB7DFC69}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{BCAD6BE4-F520-4069-BEF3-8C46C3748984}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
    "{C9F25FAB-FA55-40C7-885E-4DAFA9AF055E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{CC241329-DB0A-4EB7-9A53-CDFF7D5D8340}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
    "{D08BE483-7D2E-4228-ABCC-5ED5FAAF4ED2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{D3B4D4B0-ED50-4DC1-9012-48A148C60B57}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{D7E2C9F9-90E7-4BDD-9E6F-A083372AF25A}" = protocol=6 | dir=in | app=c:\windows\system32\netproj.exe |
    "{DE7F10BA-096A-49E1-A219-3FF358D69668}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{E31D2E89-2601-4B41-9502-07D23C186F18}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
    "{E43FC40B-0DE1-4953-88FB-3F0B3E5E71EE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{EA912B92-D3E8-4E39-A3B6-30A5AB085A3B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{EB098A2C-BE79-418C-AF59-F2947895650E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
    "{ECB66928-365E-46DE-8BB7-CD0078076391}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{FEF8150A-1F79-4C92-8622-E5D4758FC3FE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "TCP Query User{04DEAACF-BC14-479C-B1BD-96EC1D9A96CE}C:\users\user\desktop\halo\haloce.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\halo\haloce.exe |
    "TCP Query User{17529CE1-756C-4176-8CF6-DB559E01FF22}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
    "TCP Query User{26DF8BA9-542A-4C94-A288-7D7D194E84CD}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "TCP Query User{277073D7-D9EE-46F4-A452-4424E563BAB8}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
    "TCP Query User{5DAC2BF5-A9AF-4A51-8924-63FA9B27FC88}C:\users\user\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe |
    "TCP Query User{AA20215F-B835-4F49-B347-B3F0AB74F9F4}F:\halo\haloce.exe" = protocol=6 | dir=in | app=f:\halo\haloce.exe |
    "TCP Query User{ADAE9037-4A42-4000-83C7-FE2E7FD6EF31}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
    "TCP Query User{B7B43C23-2548-4482-A56D-EC476227BB41}E:\win32\launcher\dist\launch.exe" = protocol=6 | dir=in | app=e:\win32\launcher\dist\launch.exe |
    "TCP Query User{DFD7802B-4A1C-4297-B67C-8CB2F7BFA792}E:\win32\launcher\dist\launch.exe" = protocol=6 | dir=in | app=e:\win32\launcher\dist\launch.exe |
    "UDP Query User{36878FE4-6679-492A-8097-16119FB7AF9B}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
    "UDP Query User{5742756B-5CBB-4164-B307-6DDA60FAD5A7}E:\win32\launcher\dist\launch.exe" = protocol=17 | dir=in | app=e:\win32\launcher\dist\launch.exe |
    "UDP Query User{5D999999-226F-46C1-BAAE-32752E58AB53}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{6BBB29DC-BA8F-413B-95FE-3755A5E08AE7}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
    "UDP Query User{6FF66846-036F-4E25-8DD0-C6431E0FFD29}F:\halo\haloce.exe" = protocol=17 | dir=in | app=f:\halo\haloce.exe |
    "UDP Query User{A0AE7D82-0F65-4129-B481-E5DD9C93C46B}C:\users\user\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe |
    "UDP Query User{E3D4803B-818B-41CD-BE6D-CDD0005D287B}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
    "UDP Query User{FBFAB427-E6DB-4F6E-9C3A-AD6842168773}C:\users\user\desktop\halo\haloce.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\halo\haloce.exe |
    "UDP Query User{FD49A73E-FA3F-42CB-B13E-FE8E3D6BA725}E:\win32\launcher\dist\launch.exe" = protocol=17 | dir=in | app=e:\win32\launcher\dist\launch.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
    "{07D8511D-C9FE-4A93-933F-EAA5C8F20095}" = IDT Audio
    "{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
    "{114AA4D3-A577-400E-A1B2-3CF75CF8D2E2}" = C5500_Help
    "{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
    "{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
    "{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 26
    "{26BEE28E-C285-4532-82D3-7CE3C5F805D4}" = HPPhotoSmartDiscLabel_PrintOnDisc
    "{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant
    "{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply
    "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
    "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
    "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
    "{39098402-3F7A-4257-A4AE-FC1181D1B40B}" = Camera Assistant Software for Gateway
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
    "{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter
    "{5B8B9664-21C8-4A1C-AEE4-EF7B1EEB6BD3}" = PS_AIO_04_C5500_Software
    "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
    "{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
    "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
    "{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{69C2AFE6-304D-4744-BD3F-4E11590D7084}" = Body Spectrum
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{6CC1EE94-B426-478B-AE83-F83EBB4EF66A}" = HPPhotoSmartDiscLabel_PaperLabel
    "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
    "{70E1E357-E57C-4284-B04E-58196DC27BC1}" = PanoStandAlone
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7ED180E1-ADE9-4C69-8845-BDF518D763B8}" = hpphotosmartdisclabelplugin
    "{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = Gateway Recovery Center Installer
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A558B0C-541D-47e0-A177-8635CE723B07}" = HP Photosmart C5500 All-In-One Driver Software 11.0 Rel .4
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8E37A0C8-C0E7-4E7A-8739-ACF20D02E70C}" = PS_AIO_04_C5500_Software_Min
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
    "{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
    "{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{98C42F1C-B4D7-46EE-962C-B01AF7E8D795}" = TermPlus
    "{9A9310B0-FAD0-440E-97B1-5EE14568EF78}" = PS_AIO_04_C5500_ProductContext
    "{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
    "{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
    "{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
    "{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{BCC09E9C-3340-473D-A4FE-8580992CA77A}" = HPPhotoSmartDiscLabelContent1
    "{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
    "{BF2A74BF-8D12-47F1-8B19-22B30AF6B0D1}" = Linksys EasyLink Advisor
    "{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{C77A7F57-0BA5-4A17-B1C4-28E1D5F5A6EC}" = C5500
    "{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
    "{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
    "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
    "{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
    "{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
    "{FBDBC490-089D-4476-BF72-1F7A6368200A}" = Pure Networks Platform
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Agere Systems Soft Modem" = Agere Systems HDA Modem
    "CameraWindowDC" = Canon Utilities CameraWindow DC
    "CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
    "CameraWindowLauncher" = Canon Utilities CameraWindow
    "Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
    "CCleaner" = CCleaner
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "ERUNT_is1" = ERUNT 1.1j
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "HP Imaging Device Functions" = HP Imaging Device Functions 11.0
    "HP Photosmart Essential" = HP Photosmart Essential 3.0
    "HP Smart Web Printing" = HP Smart Web Printing
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0
    "HPExtendedCapabilities" = HP Customer Participation Program 11.0
    "HPOCR" = OCR Software by I.R.I.S. 11.0
    "Linksys EasyLink Advisor" = Linksys EasyLink Advisor
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Money2007b" = Microsoft Money Essentials
    "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
    "Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
    "MyCamera" = Canon Utilities MyCamera
    "MyCameraDC" = Canon Utilities MyCamera DC
    "NSS" = Norton Security Scan
    "Nursing Assistant CD" = Nursing Assistant CD
    "PhotoStitch" = Canon Utilities PhotoStitch
    "RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
    "Registry Mechanic_is1" = Registry Mechanic 10.0
    "RegRun Security Suite_is1" = RegRun Security Suite Platinum
    "RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
    "Shop for HP Supplies" = Shop for HP Supplies
    "Spotify" = Spotify
    "support.com Support Connection" = support.com Support Connection
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "ULTIMATER" = Microsoft Office Ultimate 2007
    "VLC media player" = VLC media player 1.1.11
    "WinLiveSuite" = Windows Live Essentials
    "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
    "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-710243377-3777013803-3809824090-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Move Media Player" = Move Media Player

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 2/9/2011 7:57:02 PM | Computer Name = User-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 2/9/2011 8:38:58 PM | Computer Name = User-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 2/10/2011 7:17:12 PM | Computer Name = User-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 2/10/2011 7:45:36 PM | Computer Name = User-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 2/11/2011 7:47:23 PM | Computer Name = User-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 2/13/2011 6:33:29 PM | Computer Name = User-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 2/14/2011 11:12:36 AM | Computer Name = User-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 2/14/2011 7:33:34 PM | Computer Name = User-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 2/15/2011 7:02:49 PM | Computer Name = User-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 2/16/2011 4:12:32 PM | Computer Name = User-PC | Source = WinMgmt | ID = 10
    Description =

    [ System Events ]
    Error - 12/16/2011 7:25:30 PM | Computer Name = User-PC | Source = Print | ID = 19
    Description = The print spooler failed to share printer Journal Note Writer with
    shared resource name Journal Note Writer. Error 1753. The printer cannot be used
    by others on the network.

    Error - 12/16/2011 7:25:30 PM | Computer Name = User-PC | Source = Print | ID = 19
    Description = The print spooler failed to share printer hp psc 1100 series with
    shared resource name hp psc 1100 series. Error 1753. The printer cannot be used
    by others on the network.

    Error - 12/16/2011 7:25:30 PM | Computer Name = User-PC | Source = Print | ID = 19
    Description = The print spooler failed to share printer HP Photosmart C5500 series
    with shared resource name HP Photosmart C5500 series. Error 1753. The printer cannot
    be used by others on the network.

    Error - 12/16/2011 7:26:29 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7023
    Description =

    Error - 12/16/2011 7:26:29 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 12/16/2011 7:26:29 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7003
    Description =

    Error - 12/16/2011 7:26:29 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7003
    Description =

    Error - 12/16/2011 7:26:29 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7003
    Description =

    Error - 12/16/2011 7:26:55 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7022
    Description =

    Error - 12/16/2011 7:28:59 PM | Computer Name = User-PC | Source = WMPNetworkSvc | ID = 866293
    Description =


    < End of report >

  5. #5
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    After the fix, reboot and post the logs and let me know if the redirects have stopped


    Open OTL.exe
    • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

      Code:
      :processes
      killallprocesses
      
      :OTL
      O33 - MountPoints2\{1b9dd57d-be3a-11dd-a2a7-00e0b8fa39ea}\Shell - "" = AutoRun
      O33 - MountPoints2\{1b9dd57d-be3a-11dd-a2a7-00e0b8fa39ea}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
      O33 - MountPoints2\{b570a1a6-935a-11dd-b4c4-00e0b8fa39ea}\Shell\AutoRun\command - "" = RESTORE\k-1-3542-4232123213-7676767-8888886\RanDll.exe
      O33 - MountPoints2\{b570a1a6-935a-11dd-b4c4-00e0b8fa39ea}\Shell\open\command - "" = RESTORE\k-1-3542-4232123213-7676767-8888886\RanDll.exe
      O33 - MountPoints2\G\Shell - "" = AutoRun
      O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
      @Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:D1B5B4F1
      
      
      :Services
      
      :Reg
      
      :Files
      ipconfig /release /c
      ipconfig /renew /c
      ipconfig /flushdns /c
      
      
      
      
      
      :Commands
      [purity]
      [resethosts]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Then click the Run Fix button at the top. <--Not run Scan
    • Let the program run unhindered, reboot when it is done
    • Then post the results of the log it produces.
    • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •