[A] Win32/sirefe.ab infection

Inactive
By BaBoRains
Oct 14, 2012
Topic Status:
Not open for further replies.
  1. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next...

    Restart normally.

    ===============================

    Uninstall McAfee Security Scan Plus, typical foistware.

    ===============================

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ===============================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If restarting doesn't help use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

    Attached Files:

  2. BaBoRains

    BaBoRains Newcomer, in training Topic Starter Posts: 36

    I am slightly confused. is the fixlist.txt and the combofix the same thing?
  3. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    No.
    You're reading to fast perhaps.
    Re-read my reply carefully.
  4. BaBoRains

    BaBoRains Newcomer, in training Topic Starter Posts: 36

    I just am not seeing the attached fixlist.txt I am suppose to load on my usb
  5. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    At the end of my reply #26 there is a big box titled "Attached Files:"
  6. BaBoRains

    BaBoRains Newcomer, in training Topic Starter Posts: 36

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 15-10-2012
    Ran by SYSTEM at 2012-10-18 21:30:11 Run:1
    Running from H:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
    C:\Windows\System32\consrv.dll not found.
    HKEY_USERS\Guest\Software\Microsoft\Windows\CurrentVersion\Run\\MyWebSearch Email Plugin Value deleted successfully.
    C:\PROGRA~1\MYWEBS~1 not found.
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default value was restored successfully .
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}] should be deleted in normal mode (if present).
    fhqtpzyi service deleted successfully.
    gibgecjl service deleted successfully.
    C:\Windows\system32\drivers\gibgecjl.sys not found.
    nnrtuekm service deleted successfully.
    C:\Windows\system32\drivers\nnrtuekm.sys not found.
    pdjzabbz service deleted successfully.
    C:\Windows\system32\drivers\pdjzabbz.sys not found.
    ujhacxnl service deleted successfully.
    C:\Windows\system32\drivers\ujhacxnl.sys not found.
    Could not move C:\$Recycle.Bin\S-1-5-18\$7faaaafacf142f743593878a94dc601b.
    Could not move C:\$Recycle.Bin\S-1-5-21-2555096432-530049489-2058458779-1000\$7faaaafacf142f743593878a94dc601b.
    Could not move C:\$Recycle.Bin\S-1-5-18\$7faaaafacf142f743593878a94dc601b.

    ==== End of Fixlog ====
  7. BaBoRains

    BaBoRains Newcomer, in training Topic Starter Posts: 36

    ComboFix 12-10-18.03 - Stephen D. Rains 10/18/2012 21:47:40.1.2 - x86
    MicrosoftÆ Windows Vistaô Home Basic 6.0.6002.2.1252.1.1033.18.2037.893 [GMT -4:00]
    Running from: c:\users\Stephen D. Rains\Desktop\ComboFix.exe
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\Fast Browser Search
    c:\program files\Fast Browser Search\IE\FBStoolbar.exe
    c:\users\Stephen D. Rains\AppData\Local\assembly\tmp
    c:\users\Stephen D. Rains\AppData\Roaming\inst.exe
    c:\users\Stephen D. Rains\AppData\Roaming\VAP
    c:\users\Stephen D. Rains\AppData\Roaming\VAP\fwl
    c:\users\Stephen D. Rains\AppData\Roaming\vso_ts_preview.xml
    c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
    c:\windows\iun6002.exe
    c:\windows\system32\bcm35F1.tmp
    c:\windows\system32\bcm38D1.tmp
    c:\windows\system32\bcm3B04.tmp
    c:\windows\system32\bcm3DB5.tmp
    c:\windows\system32\bcm3F8B.tmp
    c:\windows\system32\bcm3FBB.tmp
    c:\windows\system32\bcm4143.tmp
    c:\windows\system32\bcm430A.tmp
    c:\windows\system32\bcm4BF1.tmp
    c:\windows\system32\bcm564C.tmp
    c:\windows\system32\msstdfmt.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-09-19 to 2012-10-19 )))))))))))))))))))))))))))))))
    .
    .
    2012-10-19 01:58 . 2012-10-19 02:04--------d-----w-c:\users\Stephen D. Rains\AppData\Local\temp
    2012-10-19 01:58 . 2012-10-19 01:58--------d-----w-c:\users\STEPHE~1RAI\AppData\Local\temp
    2012-10-19 01:58 . 2012-10-19 01:58--------d-----w-c:\users\STEPHE~1~RAI\AppData\Local\temp
    2012-10-19 01:58 . 2012-10-19 01:58--------d-----w-c:\users\Guest\AppData\Local\temp
    2012-10-19 01:58 . 2012-10-19 01:58--------d-----w-c:\users\Default\AppData\Local\temp
    2012-10-16 01:14 . 2012-10-17 06:18--------d-----w-c:\users\Stephen D. Rains\{5ba16cdb-c405-4d72-bcdc-1174ab014368}
    2012-10-16 01:12 . 2012-10-16 01:147586----a-w-c:\windows\bcm4DB4.tmp
    2012-10-15 10:59 . 2012-09-19 04:596980552----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B835C972-FAEF-4C45-93A1-4D146A1BB75D}\mpengine.dll
    2012-10-14 19:17 . 2012-10-14 19:17--------dc----w-C:\FRST
    2012-10-13 14:16 . 2012-09-19 04:596980552----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-10-12 00:04 . 2012-10-17 06:18--------d-----w-c:\programdata\McAfee Security Scan
    2012-10-12 00:04 . 2012-10-13 00:39--------d-----w-c:\program files\McAfee Security Scan
    2012-10-12 00:02 . 2012-10-12 00:0293672----a-w-c:\windows\system32\WindowsAccessBridge.dll
    2012-10-10 19:51 . 2012-08-21 17:0126840----a-w-c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-10-10 19:50 . 2012-10-10 19:50--------d-----w-c:\program files\iPod
    2012-10-10 19:49 . 2012-10-10 19:51--------d-----w-c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2012-10-10 09:51 . 2012-10-10 09:49740784------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2A409F6E-E927-4373-91F7-E663DE3A8EBC}\gapaengine.dll
    2012-10-10 06:28 . 2012-06-02 00:02985088----a-w-c:\windows\system32\crypt32.dll
    2012-10-10 06:28 . 2012-06-02 00:02133120----a-w-c:\windows\system32\cryptsvc.dll
    2012-10-10 06:28 . 2012-06-02 00:0298304----a-w-c:\windows\system32\cryptnet.dll
    2012-10-10 06:22 . 2012-09-13 13:282048----a-w-c:\windows\system32\tzres.dll
    2012-10-10 06:13 . 2012-08-24 15:53172544----a-w-c:\windows\system32\wintrust.dll
    2012-10-10 06:11 . 2012-08-29 11:273602816----a-w-c:\windows\system32\ntkrnlpa.exe
    2012-10-10 06:11 . 2012-08-29 11:273550080----a-w-c:\windows\system32\ntoskrnl.exe
    2012-10-09 00:05 . 2012-07-04 14:022047488----a-w-c:\windows\system32\win32k.sys
    2012-09-22 18:47 . 2012-09-22 18:47--------d-----w-c:\users\Stephen D. Rains\AppData\Local\Ilivid Player
    2012-09-22 18:28 . 2012-09-22 18:28--------d-----w-c:\programdata\boost_interprocess
    2012-09-22 18:22 . 2012-05-11 15:57623616----a-w-c:\windows\system32\localspl.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-10-12 00:01 . 2012-07-04 01:02821736----a-w-c:\windows\system32\npDeployJava1.dll
    2012-10-12 00:01 . 2011-08-09 18:34746984----a-w-c:\windows\system32\deployJava1.dll
    2012-10-11 18:25 . 2012-05-15 11:59696760----a-w-c:\windows\system32\FlashPlayerApp.exe
    2012-10-11 18:25 . 2011-05-18 14:3673656----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-09-07 21:04 . 2010-09-01 23:5622856----a-w-c:\windows\system32\drivers\mbam.sys
    2012-08-31 02:03 . 2012-08-31 02:03193552----a-w-c:\windows\system32\drivers\MpFilter.sys
    2012-08-31 02:03 . 2011-04-27 19:2599272----a-w-c:\windows\system32\drivers\NisDrvWFP.sys
    2012-08-21 17:01 . 2009-09-13 15:00106928----a-w-c:\windows\system32\GEARAspi.dll
    2011-08-12 05:57 . 2011-08-23 15:05134104----a-w-c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-02-12 399224]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-03 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
    "PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-11-06 184320]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
    "Conime"="c:\windows\system32\conime.exe" [2009-04-11 69120]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
    "EKAiO2StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKAiO2MUI.exe" [2011-12-10 2756608]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    "Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-06-04 1466760]
    .
    c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]
    .
    c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]
    .
    c:\users\Stephen D. Rains\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-12-3 50688]
    McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-3 255536]
    QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
    WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-8-17 2043904]
    WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-8-17 8919040]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoThumbnailCache"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    2008-12-03 10:2010536----a-w-c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Users^Stephen D. Rains^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^V CAST Media Monitor.lnk]
    backup=c:\windows\pss\V CAST Media Monitor.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
    2012-09-07 21:04981656----a-w-c:\program files\Malwarebytes' Anti-Malware\mbam.exe
    .
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetworkREG_MULTI_SZ PLA DPS BFE mpssvc
    LocalServiceAndNoImpersonationREG_MULTI_SZ FontCache
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-09-08 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-03 01:12]
    .
    2012-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd98f3206bc120.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-18 22:28]
    .
    2011-11-24 c:\windows\Tasks\Launch 31047.job
    - c:\program files\Garmin\VoiceStudio\VoiceStudio.exe [2010-01-04 13:17]
    .
    2011-02-05 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
    - c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]
    .
    2011-03-23 c:\windows\Tasks\SystemToolsDailyTest.job
    - c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13]
    .
    2010-09-04 c:\windows\Tasks\User_Feed_Synchronization-{34FCC4BA-0FAF-4DB4-A747-C26B218AE2CC}.job
    - c:\windows\system32\msfeedssync.exe [2011-09-08 13:00]
    .
    2011-08-24 c:\windows\Tasks\User_Feed_Synchronization-{5F172649-F19A-448A-A85B-9039BF7A05E2}.job
    - c:\windows\system32\msfeedssync.exe [2011-09-08 13:00]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
    TCP: DhcpNameServer = 10.0.1.1
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
    FF - ProfilePath - c:\users\Stephen D. Rains\AppData\Roaming\Mozilla\Firefox\Profiles\fkndfmis.default\
    FF - prefs.js: browser.search.selectedEngine - Search Results
    FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/405
    FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=405&sr=0&q=
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{0974BA1E-64EC-11DE-B2A5-E43756D89593} - (no file)
    BHO-{74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - (no file)
    Toolbar-{0974BA1E-64EC-11DE-B2A5-E43756D89593} - (no file)
    Toolbar-10 - (no file)
    WebBrowser-{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    SafeBoot-mcmscsvc
    SafeBoot-MCODS
    SafeBoot-PskSvcRetail
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-10-18 22:04
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0]
    "ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,94,52,82,3d,0e,37,bc,41,8f,d3,58,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,94,52,82,3d,0e,37,bc,41,8f,d3,58,\
    .
    [HKEY_USERS\S-1-5-21-2555096432-530049489-2058458779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-2555096432-530049489-2058458779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Microsoft Security Client\MsMpEng.exe
    c:\program files\Dell\DellDock\DockLogin.exe
    c:\windows\system32\WLANExt.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\GiliSoft\File Lock Pro\FLService.exe
    c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    c:\windows\system32\STacSV.exe
    c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\windows\system32\DRIVERS\xaudio.exe
    c:\windows\system32\WUDFHost.exe
    c:\program files\GiliSoft\File Lock Pro\FLClient.exe
    c:\windows\system32\igfxsrvc.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    c:\program files\Microsoft Security Client\MpCmdRun.exe
    c:\program files\Microsoft Security Client\MpCmdRun.exe
    .
    **************************************************************************
    .
    Completion time: 2012-10-18 22:11:42 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-10-19 02:11
    .
    Pre-Run: 52,443,996,160 bytes free
    Post-Run: 52,098,306,048 bytes free
    .
    - - End Of File - - 545F4D02D301E562B863CAB8BD89EEB5
  8. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    I asked...
    Make sure this is done.

    ======================

    Combofix log looks good.

    How is computer doing?

    =========================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  9. BaBoRains

    BaBoRains Newcomer, in training Topic Starter Posts: 36

    Still no internet connection. it says there is but explorer wont pull up. getting those otl files done now. thank you for all your help
  10. BaBoRains

    BaBoRains Newcomer, in training Topic Starter Posts: 36

    OTL logfile created on: 10/18/2012 10:55:22 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Stephen D. Rains\Desktop
    Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.99 Gb Total Physical Memory | 0.69 Gb Available Physical Memory | 34.57% Memory free
    4.21 Gb Paging File | 2.73 Gb Available in Paging File | 64.95% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 99.48 Gb Total Space | 48.58 Gb Free Space | 48.83% Space Free | Partition Type: NTFS
    Drive D: | 9.77 Gb Total Space | 4.44 Gb Free Space | 45.49% Space Free | Partition Type: NTFS
    Drive F: | 1.90 Gb Total Space | 0.01 Gb Free Space | 0.29% Space Free | Partition Type: FAT
    Drive G: | 15.98 Gb Total Space | 15.97 Gb Free Space | 99.93% Space Free | Partition Type: FAT32
    Drive H: | 697.98 Gb Total Space | 251.24 Gb Free Space | 36.00% Space Free | Partition Type: NTFS
    Drive I: | 446.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
    Drive J: | 298.09 Gb Total Space | 21.14 Gb Free Space | 7.09% Space Free | Partition Type: NTFS

    Computer Name: BABO-PC | User Name: Stephen D. Rains | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/09/28 10:47:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Stephen D. Rains\Desktop\OTL.exe
    PRC - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\NisSrv.exe
    PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
    PRC - [2012/09/12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2012/06/04 09:31:40 | 001,466,760 | ---- | M] (Garmin) -- C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe
    PRC - [2012/02/12 08:09:09 | 000,399,224 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
    PRC - [2011/06/26 22:36:34 | 000,419,328 | ---- | M] () -- C:\Program Files\GiliSoft\File Lock Pro\FLClient.exe
    PRC - [2011/06/09 18:39:14 | 000,086,016 | ---- | M] () -- C:\Program Files\GiliSoft\File Lock Pro\FLService.exe
    PRC - [2009/08/17 11:52:08 | 002,043,904 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    PRC - [2009/08/17 11:52:08 | 000,098,304 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    PRC - [2009/08/17 11:50:32 | 008,919,040 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
    PRC - [2009/06/16 10:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
    PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/11/06 18:47:50 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
    PRC - [2008/09/24 00:09:52 | 001,295,656 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
    PRC - [2008/09/24 00:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
    PRC - [2008/05/04 05:25:32 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
    PRC - [2008/05/04 05:25:26 | 000,167,936 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
    PRC - [2008/05/04 05:25:26 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
    PRC - [2008/05/04 05:25:26 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
    PRC - [2008/02/22 19:01:38 | 001,193,240 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
    PRC - [2007/09/20 15:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
    PRC - [2007/09/13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
    PRC - [2007/03/21 15:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2007/03/21 15:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/06/13 09:15:22 | 015,880,192 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MenuSkinning\e4ead33e7390326a9814a511c566054b\MenuSkinning.ni.dll
    MOD - [2012/06/13 09:15:11 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\2467a133aee73396c830b9b0a9c7ec0d\Microsoft.VisualBasic.ni.dll
    MOD - [2012/06/13 09:15:02 | 000,284,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\53ff6fb64982a15d164f25e727be6bb4\VistaBridgeLibrary.ni.dll
    MOD - [2012/06/13 09:15:01 | 002,500,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\a2117f9d2b9670193889149f0ec777d5\DellDock.ni.exe
    MOD - [2012/06/13 09:14:59 | 000,274,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\d8dfd448743194309366caa97c215c21\MyDock.Util.ni.dll
    MOD - [2012/06/13 09:14:58 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8bbcd31ecc8edc7d1f9cdd83ef2bb2d3\System.ServiceProcess.ni.dll
    MOD - [2012/06/13 09:14:57 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll
    MOD - [2012/06/13 09:12:54 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
    MOD - [2012/06/13 09:12:44 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
    MOD - [2012/06/13 08:59:34 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll
    MOD - [2012/06/13 08:53:19 | 018,000,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\199683f6e79076b634ee6cc0a82c0654\PresentationFramework.ni.dll
    MOD - [2012/06/13 08:52:56 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll
    MOD - [2012/06/13 08:52:37 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll
    MOD - [2012/06/13 08:52:23 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll
    MOD - [2012/05/15 07:52:22 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\4837a5c6204d53e7aa4f7dd94b98207c\System.Xml.Linq.ni.dll
    MOD - [2012/05/15 07:52:21 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll
    MOD - [2012/05/15 07:46:22 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll
    MOD - [2012/05/15 07:46:13 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
    MOD - [2012/05/15 07:45:54 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
    MOD - [2012/05/15 07:45:47 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\1b337cf9a031145849bc48c11b2cfe58\Accessibility.ni.dll
    MOD - [2012/05/15 07:44:17 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
    MOD - [2012/05/15 07:43:31 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\bfdd10e0a0aacf46bac557ffc5d55ba5\System.Data.ni.dll
    MOD - [2012/05/15 07:42:44 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
    MOD - [2012/05/15 07:42:33 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
    MOD - [2012/05/15 04:34:35 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a5fa2a1cfc6e9fdc39d9a8f2baa57bc9\PresentationFramework.Aero.ni.dll
    MOD - [2012/05/15 04:30:58 | 000,736,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\5a3beae8b211b91bfc620c029cf4c2d4\System.Security.ni.dll
    MOD - [2012/05/15 04:30:45 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll
    MOD - [2012/05/15 04:30:34 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll
    MOD - [2012/05/15 04:30:14 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll
    MOD - [2012/05/15 04:30:06 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
    MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/06/06 22:16:32 | 000,700,416 | ---- | M] () -- C:\Program Files\GiliSoft\File Lock Pro\KernalUI.dll
    MOD - [2011/06/01 15:57:08 | 000,053,248 | ---- | M] () -- C:\Program Files\GiliSoft\File Lock Pro\FolderLockPlugin.dll
    MOD - [2009/08/17 11:26:24 | 000,049,152 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Memeo.API.dll
    MOD - [2009/07/29 17:24:14 | 000,504,293 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\sqlite3.dll
    MOD - [2009/03/30 00:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll


    ========== Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (TuneUp.UtilitiesSvc)
    SRV - File not found [Auto | Stopped] -- -- (sprtsvc_dellsupportcenter)
    SRV - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2011/12/19 16:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) [Auto | Stopped] -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
    SRV - [2011/07/20 04:35:34 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
    SRV - [2011/07/07 15:07:59 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2011/06/09 18:39:14 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\GiliSoft\File Lock Pro\FLService.exe -- (FLService)
    SRV - [2009/08/17 11:52:08 | 000,098,304 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
    SRV - [2009/06/16 10:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
    SRV - [2008/12/03 06:20:20 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
    SRV - [2008/09/24 00:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
    SRV - [2008/01/20 22:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/09/20 15:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
    SRV - [2007/09/13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
    SRV - [2007/03/21 15:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (USBModem)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (UsbDiag)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (usbbus)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (TuneUpUtilitiesDrv)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
    DRV - File not found [Kernel | System | Stopped] -- system32\drivers\networx.sys -- (networx)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\BCM42RLY.sys -- (BCM42RLY)
    DRV - [2012/08/30 22:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV - [2011/08/04 21:17:24 | 000,035,328 | ---- | M] (Gili Soft Inc.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\FileLock.sys -- (FileLock)
    DRV - [2010/11/17 20:36:02 | 000,021,744 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc.pkms -- (PCDSRVC{E9D79540-57D5953E-06020101}_0)
    DRV - [2009/12/30 12:21:16 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
    DRV - [2009/09/30 21:22:08 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
    DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
    DRV - [2009/04/11 00:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST)
    DRV - [2009/01/15 10:15:26 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
    DRV - [2008/06/26 11:25:28 | 000,197,888 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\neti1634.sys -- (NETIMFLT01060034)
    DRV - [2008/06/23 08:45:44 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2008/05/06 17:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
    DRV - [2008/05/04 05:25:24 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2008/03/06 03:58:44 | 000,111,616 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
    DRV - [2008/01/20 22:32:51 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
    DRV - [2007/11/12 07:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
    DRV - [2007/09/06 12:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2007/09/06 12:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2007/09/06 12:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
    DRV - [2002/07/17 16:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}
    IE - HKLM\..\SearchScopes\{41396b1b-447e-473b-a34b-bb583136c7fc}: "URL" = http://search.mywebsearch.com/myweb...8570&st=sb&n=77deabf0&searchfor={searchTerms}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...&oe={outputEncoding}&sourceid=ie7&rlz=1I7DMUS
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=405&sr=0&q={searchTerms}
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1066435


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



    IE - HKU\S-1-5-21-2555096432-530049489-2058458779-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-2555096432-530049489-2058458779-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKU\S-1-5-21-2555096432-530049489-2058458779-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKU\S-1-5-21-2555096432-530049489-2058458779-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
    IE - HKU\S-1-5-21-2555096432-530049489-2058458779-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-2555096432-530049489-2058458779-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}
    IE - HKU\S-1-5-21-2555096432-530049489-2058458779-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?c...pn_sauid=778E16D9-4C7D-4068-BE93-C24ABF3F7BED
    IE - HKU\S-1-5-21-2555096432-530049489-2058458779-1000\..\SearchScopes\{2038FF9C-F580-4E43-9100-751C41A89DF8}: "URL" = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
    IE - HKU\S-1-5-21-2555096432-530049489-2058458779-1000\..\SearchScopes\{21ED8F41-7CEF-4503-8F7A-33B918FC8400}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=MS8TDF&pc=MS8TDF&src=IE-SearchBox
    IE - HKU\S-1-5-21-2555096432-530049489-2058458779-1000\..\SearchScopes\{41396b1b-447e-473b-a34b-bb583136c7fc}: "URL" = http://search.mywebsearch.com/myweb...8570&st=sb&n=77deabf0&searchfor={searchTerms}
    IE - HKU\S-1-5-21-2555096432-530049489-2058458779-1000\..\SearchScopes\{4C5B6047-21C3-4B97-AB8C-7E7FA8E19F69}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ie8
    IE - HKU\S-1-5-21-2555096432-530049489-2058458779-1000\..\SearchScopes\{4D9C0429-BC7E-41B5-8162-1B30F5D873A2}: "URL" = http://2song.net/search?q={searchTerms}
    IE - HKU\S-1-5-21-2555096432-530049489-2058458779-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...={outputEncoding}&sourceid=ie7&rlz=1I7DMUS_en
    IE - HKU\S-1-5-21-2555096432-530049489-2058458779-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=405&sr=0&q={searchTerms}
    IE - HKU\S-1-5-21-2555096432-530049489-2058458779-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1066435
    IE - HKU\S-1-5-21-2555096432-530049489-2058458779-1000\..\SearchScopes\{C2994D1E-8E88-4995-B1D8-04CD16813AFA}: "URL" = http://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}
    IE - HKU\S-1-5-21-2555096432-530049489-2058458779-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2555096432-530049489-2058458779-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Search Results"
    FF - prefs.js..browser.search.order.1: "Search Results"
    FF - prefs.js..browser.search.selectedEngine: "Search Results"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com/405"
    FF - prefs.js..extensions.enabledAddons: firefox@facebook.com:1.8.2
    FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=0&systemid=405&sr=0&q="
    FF - prefs.js..network.proxy.no_proxies_on: "*.local"
    FF - prefs.js..network.proxy.type: 0
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Stephen D. Rains\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/26 09:42:23 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/08 21:29:46 | 000,000,000 | ---D | M]

    [2012/09/22 14:37:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stephen D. Rains\AppData\Roaming\Mozilla\Extensions
    [2009/01/31 22:45:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stephen D. Rains\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
    [2012/09/22 14:37:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stephen D. Rains\AppData\Roaming\Mozilla\Firefox\Profiles\fkndfmis.default\extensions
    [2012/05/31 13:55:18 | 000,000,000 | ---D | M] (Bloody Red) -- C:\Users\Stephen D. Rains\AppData\Roaming\Mozilla\Firefox\Profiles\fkndfmis.default\extensions\{2458abc0-f443-11dd-87af-0800200c9a66}
    [2012/07/09 22:05:22 | 000,000,000 | ---D | M] (FT DeepDark) -- C:\Users\Stephen D. Rains\AppData\Roaming\Mozilla\Firefox\Profiles\fkndfmis.default\extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66}
    [2012/07/09 21:08:40 | 000,319,802 | ---- | M] () (No name found) -- C:\Users\Stephen D. Rains\AppData\Roaming\Mozilla\Firefox\Profiles\fkndfmis.default\extensions\firefox@facebook.com.xpi
    [2012/07/03 21:14:54 | 000,002,299 | ---- | M] () -- C:\Users\Stephen D. Rains\AppData\Roaming\Mozilla\Firefox\Profiles\fkndfmis.default\searchplugins\askcom.xml
    [2012/09/22 14:28:35 | 000,002,515 | ---- | M] () -- C:\Users\Stephen D. Rains\AppData\Roaming\Mozilla\Firefox\Profiles\fkndfmis.default\searchplugins\Search_Results.xml
    [2012/09/22 14:37:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/10/22 11:15:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011/08/09 14:34:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    [2011/08/17 11:21:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
    File not found (No name found) -- C:\PROGRAM FILES\SAVEVID TOOLBAR\DATAMNGR\FIREFOXEXTENSION
    [2009/06/25 03:01:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
    [2011/08/12 01:57:31 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2010/09/14 08:41:12 | 000,002,506 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\BearShareWebSearch.xml
    [2011/08/11 23:16:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/09/22 14:28:35 | 000,002,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml

    O1 HOSTS File: ([2012/10/18 22:03:02 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {0EEDB912-C5FA-486F-8334-57288578C627} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (FLockObj Class) - {97F4988F-6D68-4abc-9F18-7B5AAFFDACE4} - C:\Program Files\GiliSoft\File Lock Pro\FolderLockPlugin.dll ()
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [Conime] C:\Windows\System32\conime.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [EKAiO2StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKAiO2MUI.exe (Eastman Kodak Company)
    O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
    O4 - HKU\S-1-5-21-2555096432-530049489-2058458779-1000..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
    O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    O4 - Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    O4 - Startup: C:\Users\Stephen D. Rains\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2555096432-530049489-2058458779-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2555096432-530049489-2058458779-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
    O7 - HKU\S-1-5-21-2555096432-530049489-2058458779-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Value error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.7.2)
    O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{542293BC-CD09-473B-A7AF-22B90951B04D}: DhcpNameServer = 10.0.1.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
    O24 - Desktop WallPaper: C:\Users\Stephen D. Rains\Pictures\Wallpaper\boondock.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Stephen D. Rains\Pictures\Wallpaper\boondock.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2009/06/18 17:12:18 | 000,000,088 | ---- | M] () - I:\autorun.inf -- [ UDF ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/10/18 22:35:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Stephen D. Rains\Desktop\OTL.exe
    [2012/10/18 22:03:05 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/10/18 21:58:23 | 000,000,000 | ---D | C] -- C:\Users\Stephen D. Rains\AppData\Local\temp
    [2012/10/18 21:58:19 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/10/18 21:43:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/10/18 21:43:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/10/18 21:43:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/10/18 21:43:07 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2012/10/18 21:43:03 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/10/18 21:42:24 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/10/18 21:33:03 | 004,984,103 | R--- | C] (Swearware) -- C:\Users\Stephen D. Rains\Desktop\ComboFix.exe
    [2012/10/15 21:14:49 | 000,000,000 | ---D | C] -- C:\Users\Stephen D. Rains\{5ba16cdb-c405-4d72-bcdc-1174ab014368}
    [2012/10/14 15:17:39 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/10/10 15:52:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2012/10/10 15:50:05 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2012/10/10 15:49:42 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
    [2012/09/22 14:47:20 | 000,000,000 | ---D | C] -- C:\Users\Stephen D. Rains\AppData\Local\Ilivid Player
    [2012/09/22 14:28:37 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
    [2011/07/01 13:09:29 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Stephen D. Rains\AppData\Roaming\pcouffin.sys
    [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/10/18 22:50:12 | 000,606,136 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/10/18 22:50:12 | 000,105,044 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/10/18 22:43:09 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/10/18 22:43:08 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/10/18 22:43:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/10/18 22:35:16 | 000,000,000 | ---- | M] () -- C:\Windows\FileLock.bin
    [2012/10/18 22:03:02 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/10/18 07:20:38 | 004,984,103 | R--- | M] (Swearware) -- C:\Users\Stephen D. Rains\Desktop\ComboFix.exe
    [2012/10/17 09:25:19 | 000,199,680 | ---- | M] () -- C:\Users\Stephen D. Rains\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/10/15 21:12:25 | 000,022,729 | ---- | M] () -- C:\newkey
    [2012/10/15 21:12:25 | 000,022,729 | ---- | M] () -- C:\newfile.enc
    [2012/10/14 14:51:10 | 000,455,904 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/10/08 21:49:35 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/09/28 10:47:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Stephen D. Rains\Desktop\OTL.exe
    [2012/09/22 14:50:25 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cd98f3206bc120.job
    [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/10/18 21:43:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/10/18 21:43:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/10/18 21:43:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/10/18 21:43:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/10/18 21:43:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/10/15 21:12:25 | 000,022,729 | ---- | C] () -- C:\newkey
    [2012/10/15 21:12:25 | 000,022,729 | ---- | C] () -- C:\newfile.enc
    [2012/10/15 20:36:32 | 000,773,882 | ---- | C] () -- C:\Windows\System32\oem7.inf
    [2012/09/22 14:50:25 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cd98f3206bc120.job
    [2012/06/23 13:23:49 | 000,000,218 | ---- | C] () -- C:\Users\Stephen D. Rains\.recently-used.xbel
    [2011/12/09 19:52:00 | 000,000,146 | ---- | C] () -- C:\Windows\WININIT.INI
    [2011/09/30 07:41:19 | 000,000,000 | ---- | C] () -- C:\Users\Stephen D. Rains\AppData\Local\{B7D38FCC-F155-40E3-8B6C-0E82865BEC06}
    [2011/08/10 11:24:21 | 000,000,746 | ---- | C] () -- C:\Users\Stephen D. Rains\AppData\Roaming\AtomicAlarmClock.ini
    [2011/08/10 10:41:36 | 000,000,759 | ---- | C] () -- C:\Users\Stephen D. Rains\AppData\Roaming\ClockTraySkins.ini
    [2011/08/05 14:35:30 | 000,001,056 | ---- | C] () -- C:\Windows\System32\EKaio2WiaCoInst.ini
    [2011/08/04 21:20:05 | 000,000,000 | ---- | C] () -- C:\Windows\FileLock.bin
    [2011/07/01 13:09:29 | 000,007,887 | ---- | C] () -- C:\Users\Stephen D. Rains\AppData\Roaming\pcouffin.cat
    [2011/07/01 13:09:29 | 000,001,144 | ---- | C] () -- C:\Users\Stephen D. Rains\AppData\Roaming\pcouffin.inf
    [2010/12/09 09:46:26 | 000,000,384 | ---- | C] () -- C:\Users\Stephen D. Rains\Documents - Shortcut.lnk
    [2010/11/16 15:54:20 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
    [2010/09/10 07:51:38 | 000,000,990 | -HS- | C] () -- C:\Users\Stephen D. Rains\AppData\Roaming\systemfl.$dk
    [2009/06/24 18:35:10 | 000,008,248 | ---- | C] () -- C:\Users\Stephen D. Rains\AppData\Local\en.ini
    [2009/03/03 16:04:44 | 000,001,122 | ---- | C] () -- C:\Users\Stephen D. Rains\AppData\Roaming\wklnhst.dat
    [2009/02/16 23:18:07 | 000,005,972 | ---- | C] () -- C:\Users\Stephen D. Rains\AppData\Local\d3d9caps.dat
    [2009/01/31 01:39:50 | 000,199,680 | ---- | C] () -- C:\Users\Stephen D. Rains\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== ZeroAccess Check ==========

    [2006/11/02 08:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 02:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2009/02/20 10:12:32 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\LimeWire
    [2012/07/14 08:36:10 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Western Digital
    [2011/08/10 11:59:18 | 000,000,000 | ---D | M] -- C:\Users\Stephen D. Rains\AppData\Roaming\Active Alarm Clock
    [2012/05/15 10:11:38 | 000,000,000 | ---D | M] -- C:\Users\Stephen D. Rains\AppData\Roaming\Audacity
    [2011/12/07 00:00:24 | 000,000,000 | ---D | M] -- C:\Users\Stephen D. Rains\AppData\Roaming\avidemux
    [2011/06/06 12:55:05 | 000,000,000 | ---D | M] -- C:\Users\Stephen D. Rains\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2011/02/07 05:45:51 | 000,000,000 | ---D | M] -- C:\Users\Stephen D. Rains\AppData\Roaming\deluge
    [2010/12/07 12:19:15 | 000,000,000 | ---D | M] -- C:\Users\Stephen D. Rains\AppData\Roaming\Digiarty
    [2010/09/07 11:58:36 | 000,000,000 | ---D | M] -- C:\Users\Stephen D. Rains\AppData\Roaming\DriverFinder
    [2009/07/14 07:19:45 | 000,000,000 | ---D | M] -- C:\Users\Stephen D. Rains\AppData\Roaming\F-Secure
    [2011/09/23 13:01:35 | 000,000,000 | ---D | M] -- C:\Users\Stephen D. Rains\AppData\Roaming\FaceOffMax
    [2012/08/06 08:44:42 | 000,000,000 | ---D | M] -- C:\Users\Stephen D. Rains\AppData\Roaming\FixCleaner
    [2011/08/03 13:21:11 | 000,000,000 | ---D | M] -- C:\Users\Stephen D. Rains\AppData\Roaming\FreeAudioPack
    [2011/08/04 16:37:17 | 000,000,000 | ---D | M] -- C:\Users\Stephen D. Rains\AppData\Roaming\FreeCDRipper
    [2011/03/29 12:47:10 | 000,000,000 | ---D | M] -- C:\Users\Stephen D. Rains\AppData\Roaming\FrostWire
    [2011/11/24 10:27:34 | 000,000,000 | ---D | M] -- C:\Users\Stephen D. Rains\AppData\Roaming\Garmin
    [2012/07/05 13:04:05 | 000,000,000 | ---D | M] -- C:\Users\Stephen D. Rains\AppData\Roaming\GetRightToGo
    [2011/08/05 07:28:48 | 000,000,000 | ---D | M] -- C:\Users\Stephen D. Rains\AppData\Roaming\Gili File Lock
    [2012/06/23 13:16:22 | 000,000,000 | ---D | M] -- C:\Users\Stephen D. Rains\AppData\Roaming\griffith
    [2012/02/13 08:57:10 | 000,000,000 | ---D | M] -- C:\Users\Stephen D. Rains\AppData\Roaming\gtk-2.0
    [2011/02/20 09:42:25 | 000,000,000 | ---D | M] -- C:\Users\Stephen D. Rains\AppData\Roaming\HandBrake
    [2011/08/09 13:33:45 | 000,000,000 | ---D | M] -- C:\Users\Stephen D. Rains\AppData\Roaming\HotMP3Downloader
    [2011/08/10 16:17:40 | 000,000,000 | ---D | M] -- C:\Users\Stephen D. Rains\AppData\Roaming\IObit
    [2010/11/16 16:41:04 | 000,000,000 | ---D | M] -- C:\Users\Stephen D. Rains\AppData\Roaming\LimeWireTurbo
    [2011/09/08 08:42:51 | 000,000,000 | ---D | M] -- C:\Users\Stephen D. Rains\AppData\Roaming\MP3Rocket
    [2011/03/10 05:13:59 | 000,000,000 | ---D | M] -- C:\Users\Stephen D. Rains\AppData\Roaming\MusicNet
    [2011/10/22 11:43:58 | 000,000,000 | ---D | M] -- C:\Users\Stephen D. Rains\AppData\Roaming\OpenOffice.org
    [2009/03/13 08:55:15 | 000,000,000 | ---D | M] -- C:\Users\Stephen D. Rains\AppData\Roaming\Panda Security
    [2010/12/17 07:30:59 | 000,000,000 | ---D | M] -- C:\Users\Stephen D. Rains\AppData\Roaming\PCDr
    [2010/12/09 08:26:15 | 000,000,000 | ---D | M] -- C:\Users\Stephen D. Rains\AppData\Roaming\RegistryOptimizerFree
    [2010/07/05 21:12:19 | 000,000,000 | ---D | M] -- C:\Users\Stephen D. Rains\AppData\Roaming\Smith Micro
    [2011/08/02 09:52:07 | 000,000,000 | ---D | M] -- C:\Users\Stephen D. Rains\AppData\Roaming\Temp
    [2009/03/03 16:04:45 | 000,000,000 | ---D | M] -- C:\Users\Stephen D. Rains\AppData\Roaming\Template
    [2011/07/07 13:00:24 | 000,000,000 | ---D | M] -- C:\Users\Stephen D. Rains\AppData\Roaming\TuneUp Software
    [2011/08/09 13:36:28 | 000,000,000 | ---D | M] -- C:\Users\Stephen D. Rains\AppData\Roaming\URSoft
    [2012/10/18 22:54:44 | 000,000,000 | ---D | M] -- C:\Users\Stephen D. Rains\AppData\Roaming\uTorrent
    [2011/01/26 18:39:28 | 000,000,000 | ---D | M] -- C:\Users\Stephen D. Rains\AppData\Roaming\Video DVD Maker FREE
    [2012/08/09 17:18:05 | 000,000,000 | ---D | M] -- C:\Users\Stephen D. Rains\AppData\Roaming\Vso
    [2011/11/30 14:47:52 | 000,000,000 | ---D | M] -- C:\Users\Stephen D. Rains\AppData\Roaming\Western Digital
    [2012/06/27 09:37:10 | 000,000,000 | ---D | M] -- C:\Users\Stephen D. Rains\AppData\Roaming\Windows Live Writer

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 209 bytes -> C:\ProgramData\TEMP:CB0AACC9
    @Alternate Data Stream - 157 bytes -> C:\ProgramData\TEMP:1CE11B51

    < End of report >
  11. BaBoRains

    BaBoRains Newcomer, in training Topic Starter Posts: 36

    OTL Extras logfile created on: 10/18/2012 10:55:22 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Stephen D. Rains\Desktop
    Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.99 Gb Total Physical Memory | 0.69 Gb Available Physical Memory | 34.57% Memory free
    4.21 Gb Paging File | 2.73 Gb Available in Paging File | 64.95% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 99.48 Gb Total Space | 48.58 Gb Free Space | 48.83% Space Free | Partition Type: NTFS
    Drive D: | 9.77 Gb Total Space | 4.44 Gb Free Space | 45.49% Space Free | Partition Type: NTFS
    Drive F: | 1.90 Gb Total Space | 0.01 Gb Free Space | 0.29% Space Free | Partition Type: FAT
    Drive G: | 15.98 Gb Total Space | 15.97 Gb Free Space | 99.93% Space Free | Partition Type: FAT32
    Drive H: | 697.98 Gb Total Space | 251.24 Gb Free Space | 36.00% Space Free | Partition Type: NTFS
    Drive I: | 446.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
    Drive J: | 298.09 Gb Total Space | 21.14 Gb Free Space | 7.09% Space Free | Partition Type: NTFS

    Computer Name: BABO-PC | User Name: Stephen D. Rains | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "TCP Query User{12E182DA-029E-4723-A605-D2F2A367CE25}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "UDP Query User{EB278B62-B1F8-4C42-ADE0-1127A92FDBBC}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
    "{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
    "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D555D04-78C9-41F7-A1ED-4EC837140FCD}" = Panda Internet Security 2009
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
    "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
    "{12EA0FCE-663F-45B1-9D35-3715F2B125C8}" = MyxerMagic Web Extensions
    "{13F054F3-0B07-4D15-9E80-C55B496AB557}" = Garmin Communicator Plugin
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
    "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
    "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
    "{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
    "{294EAADF-E50F-4DD8-AD8D-19587EA10512}" = Modem Diagnostic Tool
    "{30AB2FCD-FBF2-4bed-AC6A-13E6A1468621}_is1" = GiliSoft File Lock Pro 5.0
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{376348C2-E372-48BC-A138-E896757BD86A}" = aioscnnr
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
    "{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
    "{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{56BA241F-580C-43D2-8403-947241AAE633}" = center
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
    "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
    "{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
    "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.2.3
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
    "{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9AAD03E8-4F65-4DE2-8F6C-1B079C0C8521}" = Garmin Lifetime Updater
    "{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AB4EDC19-3B5E-4838-80E7-92454323B0FE}" = Garmin VoiceStudio v2.10
    "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
    "{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
    "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
    "{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
    "{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
    "{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
    "{C39A4E1F-9AF1-4FE1-A80E-A5B867FABB42}" = Dell Best of Web
    "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}" = WinZip 15.0
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
    "{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
    "{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.19.365
    "{DD7A785B-45C9-4DDB-A726-0889F7A9C006}" = WD SmartWare
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software
    "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
    "{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
    "{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "AC3Filter_is1" = AC3Filter 1.62b
    "Active Alarm Clock_is1" = Active Alarm Clock 3.6
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
    "Avidemux 2.5" = Avidemux 2.5 (32-bit)
    "CCleaner" = CCleaner
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
    "Dell Support Center" = Dell Support Center
    "FaceOffMax" = Face Off Max
    "Fly on Desktop_is1" = Fly on Desktop 1.3
    "Google Updater" = Google Updater
    "GoToAssist" = GoToAssist 8.0.0.514
    "Griffith_is1" = Griffith 0.12.1
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Client" = Microsoft Security Essentials
    "Mozilla Firefox 6.0 (x86 en-US)" = Mozilla Firefox 6.0 (x86 en-US)
    "MVApplication1" = Memorex exPressit Label Design Studio
    "Paper Jamz Pro" = Paper Jamz Pro 1.8.0
    "uTorrent" = µTorrent
    "VLC media player" = VLC media player 1.1.7
    "WAV MP3 Converter 4.2 Build 1259" = WAV MP3 Converter 4.2 Build 1259
    "WinLiveSuite" = Windows Live Essentials
    "WinX DVD Ripper Platinum_is1" = WinX DVD Ripper Platinum 6.0.2

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2555096432-530049489-2058458779-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "f031ef6ac137efc5" = Dell Driver Download Manager
    "UnityWebPlayer" = Unity Web Player

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 10/18/2012 10:07:15 PM | Computer Name = BaBo-PC | Source = Microsoft-Windows-SpoolerSpoolss | ID = 1031
    Description =

    Error - 10/18/2012 10:12:36 PM | Computer Name = BaBo-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 10/18/2012 10:12:40 PM | Computer Name = BaBo-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 10/18/2012 10:12:40 PM | Computer Name = BaBo-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 10/18/2012 10:12:40 PM | Computer Name = BaBo-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 10/18/2012 10:12:54 PM | Computer Name = BaBo-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 10/18/2012 10:43:07 PM | Computer Name = BaBo-PC | Source = Application Error | ID = 1000
    Description = Faulting application EKAiOHostService.exe, version 7.3.7.1, time stamp
    0x4ebea8ef, faulting module EKAiOHostService.exe, version 7.3.7.1, time stamp 0x4ebea8ef,
    exception code 0xc0000005, fault offset 0x0000fbd4, process id 0x1e4, application
    start time 0x01cdada3784690fd.

    Error - 10/18/2012 10:43:23 PM | Computer Name = BaBo-PC | Source = Microsoft-Windows-SpoolerSpoolss | ID = 1031
    Description =

    Error - 10/18/2012 10:44:41 PM | Computer Name = BaBo-PC | Source = Microsoft-Windows-SpoolerSpoolss | ID = 1031
    Description =

    Error - 10/18/2012 10:45:50 PM | Computer Name = BaBo-PC | Source = Microsoft-Windows-SpoolerSpoolss | ID = 1031
    Description =

    [ Broadcom Wireless LAN Events ]
    Error - 12/18/2011 5:50:04 PM | Computer Name = BaBo-PC | Source = WLAN-Tray | ID = 0
    Description = 16:50:03, Sun, Dec 18, 11 Error - Unable to gain access to user store

    Error - 3/14/2012 7:07:36 AM | Computer Name = BaBo-PC | Source = WLAN-Tray | ID = 0
    Description = 07:07:36, Wed, Mar 14, 12 Error - Unable to gain access to user store

    Error - 3/31/2012 7:54:38 AM | Computer Name = BaBo-PC | Source = WLAN-Tray | ID = 0
    Description = 07:54:38, Sat, Mar 31, 12 Error - Unable to gain access to user store

    Error - 5/7/2012 2:45:48 PM | Computer Name = BaBo-PC | Source = WLAN-Tray | ID = 0
    Description = 14:45:48, Mon, May 07, 12 Error - Unable to gain access to user store

    Error - 7/17/2012 8:05:01 PM | Computer Name = BaBo-PC | Source = WLAN-Tray | ID = 0
    Description = 20:05:01, Tue, Jul 17, 12 Error - Unable to gain access to user store

    Error - 10/6/2012 5:44:54 PM | Computer Name = BaBo-PC | Source = WLAN-Tray | ID = 0
    Description = 17:44:54, Sat, Oct 06, 12 Error - Unable to gain access to user store

    Error - 10/8/2012 9:21:40 PM | Computer Name = BaBo-PC | Source = WLAN-Tray | ID = 0
    Description = 21:21:40, Mon, Oct 08, 12 Error - Unable to gain access to user store

    [ System Events ]
    Error - 10/18/2012 10:43:42 PM | Computer Name = BaBo-PC | Source = Service Control Manager | ID = 7009
    Description =

    Error - 10/18/2012 10:43:42 PM | Computer Name = BaBo-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 10/18/2012 10:43:42 PM | Computer Name = BaBo-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 10/18/2012 10:43:42 PM | Computer Name = BaBo-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 10/18/2012 10:43:42 PM | Computer Name = BaBo-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 10/18/2012 10:43:42 PM | Computer Name = BaBo-PC | Source = Service Control Manager | ID = 7031
    Description =

    Error - 10/18/2012 10:44:41 PM | Computer Name = BaBo-PC | Source = Service Control Manager | ID = 7031
    Description =

    Error - 10/18/2012 10:45:50 PM | Computer Name = BaBo-PC | Source = Service Control Manager | ID = 7034
    Description =

    Error - 10/18/2012 10:46:15 PM | Computer Name = BaBo-PC | Source = Service Control Manager | ID = 7001
    Description =

    Error - 10/18/2012 10:55:43 PM | Computer Name = BaBo-PC | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.137.1746.0 Update Source: %%859 Update Stage:
    %%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
    User:
    NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error
    code: 0x8024402c Error description: An unexpected problem occurred while checking
    for updates. For information on installing or troubleshooting updates, see Help
    and Support.


    < End of report >
     
  12. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    You didn't say:
    [​IMG]

    ===============================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      SRV - File not found [Auto | Stopped] -- -- (TuneUp.UtilitiesSvc)
      FF - prefs.js..browser.search.defaultengine: "Ask.com"
      [2012/07/03 21:14:54 | 000,002,299 | ---- | M] () -- C:\Users\Stephen D. Rains\AppData\Roaming\Mozilla\Firefox\Profiles\fkndfmis.default\searchplugins\askcom.xml
      O2 - BHO: (no name) - {0EEDB912-C5FA-486F-8334-57288578C627} - No CLSID value found.
      O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
      O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
      O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
      O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Value error.)
      O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB (Reg Error: Key error.)
      [2012/10/14 15:17:39 | 000,000,000 | ---D | C] -- C:\FRST
      [2006/11/02 08:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
      
      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      
      [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
      "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 02:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both
      @Alternate Data Stream - 209 bytes -> C:\ProgramData\TEMP:CB0AACC9
      @Alternate Data Stream - 157 bytes -> C:\ProgramData\TEMP:1CE11B51
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    =================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    4. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    5. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  13. BaBoRains

    BaBoRains Newcomer, in training Topic Starter Posts: 36

    Did answer about computer in #34. working on above now.
  14. BaBoRains

    BaBoRains Newcomer, in training Topic Starter Posts: 36

    All processes killed
    ========== OTL ==========
    Service TuneUp.UtilitiesSvc stopped successfully!
    Service TuneUp.UtilitiesSvc deleted successfully!
    Prefs.js: "Ask.com" removed from browser.search.defaultengine
    C:\Users\Stephen D. Rains\AppData\Roaming\Mozilla\Firefox\Profiles\fkndfmis.default\searchplugins\askcom.xml moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0EEDB912-C5FA-486F-8334-57288578C627}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EEDB912-C5FA-486F-8334-57288578C627}\ deleted successfully.
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Starting removal of ActiveX control Garmin Communicator Plug-In
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
    C:\FRST\Quarantine folder moved successfully.
    C:\FRST\Logs folder moved successfully.
    C:\FRST\Hives folder moved successfully.
    C:\FRST folder moved successfully.
    C:\Windows\assembly\Desktop.ini moved successfully.
    File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
    File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found.
    File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
    Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found.
    Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.
    ADS C:\ProgramData\TEMP:CB0AACC9 deleted successfully.
    ADS C:\ProgramData\TEMP:1CE11B51 deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 85357306 bytes
    ->Flash cache emptied: 10626 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Stephen D. Rains
    ->Temp folder emptied: 49228 bytes
    ->Temporary Internet Files folder emptied: 1652064 bytes
    ->Java cache emptied: 464488 bytes
    ->FireFox cache emptied: 53997591 bytes
    ->Flash cache emptied: 523 bytes

    User: STEPHE~1RAI
    ->Temp folder emptied: 0 bytes

    User: STEPHE~1~RAI
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 7586 bytes
    %systemroot%\System32 .tmp files removed: 2007 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 13357 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 5736713 bytes

    Total Files Cleaned = 140.00 mb


    [EMPTYJAVA]

    User: Administrator

    User: All Users

    User: Default

    User: Default User

    User: Guest

    User: Public

    User: Stephen D. Rains
    ->Java cache emptied: 0 bytes

    User: STEPHE~1RAI

    User: STEPHE~1~RAI

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default

    User: Default User

    User: Guest
    ->Flash cache emptied: 0 bytes

    User: Public

    User: Stephen D. Rains
    ->Flash cache emptied: 0 bytes

    User: STEPHE~1RAI

    User: STEPHE~1~RAI

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 10192012_113456
    Files\Folders moved on Reboot...
    File\Folder C:\Users\Stephen D. Rains\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS0000.tmp not found!
    PendingFileRenameOperations files...
    Registry entries deleted on Reboot...
  15. BaBoRains

    BaBoRains Newcomer, in training Topic Starter Posts: 36

    Results of screen317's Security Check version 0.99.51
    Windows Vista Service Pack 2 x86 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Microsoft Security Essentials
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.65.0.1400
    CCleaner
    JavaFX 2.1.1
    Java(TM) 6 Update 22
    Java(TM) 6 Update 26
    Java 7 Update 7
    Java(TM) 6 Update 7
    Adobe Flash Player 10 Flash Player out of Date!
    Adobe Flash Player10.3.183.7 Flash Player out of Date!
    Adobe Reader 9 Adobe Reader out of Date!
    Mozilla Firefox 6.0 Firefox out of Date!
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 17 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
    ````````````````````End of Log``````````````````````
  16. BaBoRains

    BaBoRains Newcomer, in training Topic Starter Posts: 36

    Farbar Service Scanner Version: 19-10-2012
    Ran by Stephen D. Rains (administrator) on 19-10-2012 at 11:53:44
    Running from "G:\"
    MicrosoftÆ Windows Vistaô Home Basic Service Pack 2 (X86)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
    LAN connected.
    Attempt to access Google IP returned error: Other errors
    Attempt to access Google.com returned error: Other errors
    Attempt to access Yahoo IP returned error: Other errors
    Attempt to access Yahoo.com returned error: Other errors
    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================
    System Restore:
    ============
    System Restore Disabled Policy:
    ========================
    Security Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================
    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.
    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1
    Other Services:
    ==============
    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys => MD5 is legit
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll => MD5 is legit
    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\wuaueng.dll => MD5 is legit
    C:\Windows\system32\qmgr.dll => MD5 is legit
    C:\Windows\system32\es.dll => MD5 is legit
    C:\Windows\system32\cryptsvc.dll
    [2012-10-10 02:28] - [2012-06-01 20:02] - 0133120 ____A (Microsoft Corporation) F1E8C34892336D33EDDCDFE44E474F64
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit
    **** End of log ****
  17. BaBoRains

    BaBoRains Newcomer, in training Topic Starter Posts: 36

    # AdwCleaner v2.005 - Logfile created 10/19/2012 at 11:56:07
    # Updated 14/10/2012 by Xplode
    # Operating system : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
    # User : Stephen D. Rains - BABO-PC
    # Boot Mode : Normal
    # Running from : G:\adwcleaner.exe
    # Option [Delete]
    ***** [Services] *****
    ***** [Files / Folders] *****
    File Deleted : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
    File Deleted : C:\Users\Stephen D. Rains\AppData\Roaming\Mozilla\Firefox\Profiles\fkndfmis.default\searchplugins\Search_Results.xml
    Folder Deleted : C:\ProgramData\Ask
    Folder Deleted : C:\ProgramData\boost_interprocess
    Folder Deleted : C:\Users\Stephen D. Rains\AppData\Local\Ilivid Player
    Folder Deleted : C:\Users\Stephen D. Rains\AppData\Local\OpenCandy
    Folder Deleted : C:\Users\Stephen D. Rains\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Stephen D. Rains\AppData\LocalLow\MyWebSearch
    ***** [Registry] *****
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1066435
    Key Deleted : HKLM\Software\Freeze.com
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v9.0.8112.16421
    [OK] Registry is clean.
    -\\ Mozilla Firefox v6.0 (en-US)
    Profile name : default
    File : C:\Users\Stephen D. Rains\AppData\Roaming\Mozilla\Firefox\Profiles\fkndfmis.default\prefs.js
    Deleted : user_pref("browser.search.defaultenginename", "Search Results");
    Deleted : user_pref("browser.search.order.1", "Search Results");
    Deleted : user_pref("browser.search.selectedEngine", "Search Results");
    Deleted : user_pref("browser.startup.homepage", "hxxp://www.searchqu.com/405");
    Deleted : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=405&sr=0&q=");
    *************************
    AdwCleaner[S1].txt - [2654 octets] - [19/10/2012 11:56:07]
    ########## EOF - C:\AdwCleaner[S1].txt - [2714 octets] ##########
  18. BaBoRains

    BaBoRains Newcomer, in training Topic Starter Posts: 36

    I ran everything but the Online Scanner. Still no wifi connection. My ethernet cable got damaged also (italian greyhound puppy)........my computer is running better it seems, just the internet connection.
     
  19. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    Go Start>Run (Start search in Vista and 7), type in:
    cmd
    Click OK (in Vista and 7, while holding CTRL, and SHIFT, press Enter).

    At Command Prompt, type in:
    netsh int ip reset reset.log
    Hit Enter.
    Type in:
    netsh winsock reset catalog
    Hit Enter.

    Restart computer.
    Post new FSS log.
  20. BaBoRains

    BaBoRains Newcomer, in training Topic Starter Posts: 36

    Farbar Service Scanner Version: 19-10-2012
    Ran by Stephen D. Rains (administrator) on 19-10-2012 at 20:41:37
    Running from "G:\Tech Fixes"
    MicrosoftÆ Windows Vistaô Home Basic Service Pack 2 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
    LAN connected.
    Attempt to access Google IP returned error: Other errors
    Attempt to access Google.com returned error: Other errors
    Attempt to access Yahoo IP returned error: Other errors
    Attempt to access Yahoo.com returned error: Other errors


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============
    wscsvc Service is not running. Checking service configuration:
    The start type of wscsvc service is OK.
    The ImagePath of wscsvc service is OK.
    The ServiceDll of wscsvc service is OK.


    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    The start type of wuauserv service is OK.
    The ImagePath of wuauserv service is OK.
    The ServiceDll of wuauserv service is OK.


    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys => MD5 is legit
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll => MD5 is legit
    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\wuaueng.dll => MD5 is legit
    C:\Windows\system32\qmgr.dll => MD5 is legit
    C:\Windows\system32\es.dll => MD5 is legit
    C:\Windows\system32\cryptsvc.dll
    [2012-10-10 02:28] - [2012-06-01 20:02] - 0133120 ____A (Microsoft Corporation) F1E8C34892336D33EDDCDFE44E474F64

    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit


    **** End of log ****
  21. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    Did the commands execute successfully?
  22. BaBoRains

    BaBoRains Newcomer, in training Topic Starter Posts: 36

    It said the both did.
  23. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    64-bit users go HERE
    • Double-click SystemLook.exe to run it.
    • Vista users:: Right click on SystemLook.exe, click Run As Administrator
    • Copy the content of the following box and paste it into the main textfield:
      Code:
      :filefind
      cryptsvc.dll
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
  24. BaBoRains

    BaBoRains Newcomer, in training Topic Starter Posts: 36

    SystemLook 30.07.11 by jpshortstuff
    Log created at 21:51 on 20/10/2012 by Stephen D. Rains
    Administrator - Elevation successful
    ========== filefind ==========
    Searching for "cryptsvc.dll"
    C:\Windows\erdnt\cache\cryptsvc.dll--a---- 133120 bytes[02:09 19/10/2012][00:02 02/06/2012] F1E8C34892336D33EDDCDFE44E474F64
    C:\Windows\System32\cryptsvc.dll--a---- 133120 bytes[06:28 10/10/2012][00:02 02/06/2012] F1E8C34892336D33EDDCDFE44E474F64
    C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6001.18000_none_75ff99649acf4de9\cryptsvc.dll--a---- 128000 bytes[02:34 21/01/2008][02:34 21/01/2008] 6DE363F9F99334514C46AEC02D3E3678
    C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.18005_none_77eb127097f11935\cryptsvc.dll--a---- 129024 bytes[17:32 12/09/2009][06:28 11/04/2009] FB27772BEAF8E1D28CCD825C09DA939B
    C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.18618_none_77e34ec697f67015\cryptsvc.dll--a---- 133120 bytes[10:21 13/06/2012][16:00 23/04/2012] 75C6A297E364014840B48ECCD7525E30
    C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.18643_none_77bddd9098134535\cryptsvc.dll--a---- 133120 bytes[06:28 10/10/2012][00:02 02/06/2012] F1E8C34892336D33EDDCDFE44E474F64
    C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.22840_none_78447b63b1339621\cryptsvc.dll--a---- 135168 bytes[10:21 13/06/2012][14:48 23/04/2012] C979AEA8C4D8F875CD25507D08980006
    C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.22869_none_7837de25b13bb212\cryptsvc.dll--a---- 135168 bytes[06:28 10/10/2012][11:09 02/06/2012] DD9CCF40ED80DD0D62F1B607A1EA4449
    -= EOF =-
  25. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    Download Windows Repair (all in one) from this site

    Install the program then run it.

    Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

    [​IMG]



    Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

    [​IMG]


    Go to Step 4 and under "System Restore" click on Create button:

    [​IMG]


    Go to Start Repairs tab and click Start button.

    [​IMG]


    Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

    [​IMG]

    Click on box next to the Restart System when Finished. Then click on Start.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.