Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

White Screen Problem in Windows Vista 32 bit [Closed]

Started by MadhurKul , Oct 07 2013 01:57 AM

This topic is locked

#1
MadhurKul

Posted 07 October 2013 - 01:57 AM

New Member

Member
2 posts

Hi ,
I have exactly the same problem (white screen) as described in http://www.geekstogo...-windows-vista/ . As per your first solution, I have run the FRST.exe in the infected pc (running Windows Vista-32 bit ). I got this problem around March after which I didnt get time to repair the pc. It would be great if you could help me out in solving this problem. I have generated the FRST.txt as well as Search.txt files as mentioned in the post. Here are the results:-

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by SYSTEM on MINWINPC on 06-10-2013 19:20:39
Running from F:\
Windows Vista (TM) Business Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
[b]ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.[/b]

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Yahoo Messenger] - [x]
HKU\Administrator\...\Winlogon: [Shell] explorer.exe,C:\Users\Administrator\AppData\Roaming\skype.dat [ 2011-11-18] (Software            ) <==== ATTENTION 
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2009-02-20] (Hewlett-Packard)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2009-02-20] (Hewlett-Packard)
AppInit_DLLs:   avgrsstx.dll [ 2009-02-20] ()

========================== Services (Whitelisted) =================

S4 accoca; C:\Program Files\ActivIdentity\ActivClient\accoca.exe [185896 2007-11-27] (ActivIdentity)
S4 Asset Management Daemon; C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe [114688 2007-06-29] ()
S4 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1185016 2008-10-03] (AuthenTec, Inc.)
S4 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-02-24] (Symantec Corporation)
S4 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-02-24] (Symantec Corporation)
S4 DTSRVC; C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe [73728 2007-06-29] ()
S4 LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [3093872 2007-08-11] (Symantec Corporation)
S4 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [576024 2008-04-07] (PDF Complete Inc)
S4 SmcService; C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe [1795400 2009-02-24] (Symantec Corporation)
S4 SNAC; C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE [320840 2009-02-24] (Symantec Corporation)
S4 Symantec AntiVirus; C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2440120 2009-02-24] (Symantec Corporation)
S4 UNS; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2054680 2008-07-19] (Intel Corporation)

==================== Drivers (Whitelisted) ====================

S0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-10] (Microsoft Corporation)
S3 COH_Mon; C:\Windows\system32\Drivers\COH_Mon.sys [23904 2009-02-24] (Symantec Corporation)
S3 e1kexpress; C:\Windows\System32\DRIVERS\e1k6032.sys [171104 2008-10-27] (Intel Corporation)
S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2013-03-13] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2013-03-13] (Symantec Corporation)
S3 HP1319EWS; C:\Windows\System32\Drivers\HP1319EWS.sys [12800 2008-11-09] (Marvell Semiconductor, Inc.)
S3 HP1319FAX; C:\Windows\System32\Drivers\HP1319FAX.sys [13824 2008-11-09] (Marvell Semiconductor, Inc.)
S3 NAVENG; C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20130407.007\NAVENG.SYS [93296 2013-03-13] (Symantec Corporation)
S3 NAVEX15; C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20130407.007\NAVEX15.SYS [1603824 2013-03-13] (Symantec Corporation)
S3 PdiPorts; C:\Windows\System32\Drivers\PdiPorts.sys [15920 2006-11-16] (Portrait Displays, Inc.)
S3 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [420400 2009-02-24] (Symantec Corporation)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [477240 2012-07-06] (Duplex Secure Ltd.)
S1 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [279600 2009-02-24] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [319664 2009-02-24] (Symantec Corporation)
S1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [43824 2009-02-24] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [123952 2009-07-08] (Symantec Corporation)
S3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [27696 2009-02-24] (Symantec Corporation)
S1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [191536 2009-02-24] (Symantec Corporation)
S4 SysPlant; C:\Windows\SYSTEM32\Drivers\SysPlant.sys [92488 2009-02-24] (Symantec Corporation)
S3 Teefer2; C:\Windows\System32\DRIVERS\teefer2.sys [49536 2009-02-24] (Symantec Corporation)
S1 WPS; C:\Windows\system32\drivers\wpsdrvnt.sys [42312 2009-02-24] (Symantec Corporation)
S3 WpsHelper; C:\Windows\system32\drivers\WpsHelper.sys [174056 2012-09-30] (Symantec Corporation)
S3 ZSMC211; C:\Windows\System32\Drivers\ZS211.sys [391836 2006-08-07] (ZSMC Corporation)
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 RimUsb; System32\Drivers\RimUsb.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-06 19:20 - 2013-10-06 19:20 - 00000000 ____D C:\FRST

==================== One Month Modified Files and Folders =======

2013-10-06 19:20 - 2013-10-06 19:20 - 00000000 ____D C:\FRST
2013-10-06 05:40 - 2009-12-15 07:18 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Juniper Networks
2013-10-06 05:39 - 2010-12-07 10:54 - 00000000 ____D C:\Program Files\Mozilla Firefox 4.0 Beta 7
2013-10-06 05:39 - 2010-01-24 11:15 - 00000000 ____D C:\Program Files\Yahoo!
2013-10-06 05:00 - 2013-03-27 06:24 - 00000004 _____ C:\Users\Administrator\AppData\Roaming\skype.ini
2013-10-06 05:00 - 2006-11-02 04:47 - 00003216 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-06 05:00 - 2006-11-02 04:47 - 00003216 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-06 04:13 - 2011-12-05 07:59 - 00000000 ____D C:\Windows\pss
2013-10-06 01:08 - 2009-08-14 22:43 - 00259262 _____ C:\Windows\System32\DTSSL.log
2013-10-06 00:25 - 2010-06-08 00:00 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-10-06 00:25 - 2009-07-08 22:04 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-10-06 00:25 - 2009-07-08 21:49 - 00000000 ____D C:\users\Administrator
2013-10-06 00:25 - 2006-11-02 03:18 - 00000000 __RSD C:\Windows\Media
2013-10-06 00:25 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\spool
2013-10-06 00:25 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\Msdtc
2013-10-06 00:25 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\registration
2013-10-06 00:25 - 2006-11-02 02:22 - 39321600 _____ C:\Windows\System32\config\software_previous
2013-10-06 00:25 - 2006-11-02 02:22 - 34340864 _____ C:\Windows\System32\config\components_previous
2013-10-06 00:25 - 2006-11-02 02:22 - 28573696 _____ C:\Windows\System32\config\system_previous
2013-10-06 00:25 - 2006-11-02 02:22 - 00786432 _____ C:\Windows\System32\config\default_previous
2013-10-06 00:25 - 2006-11-02 02:22 - 00262144 _____ C:\Windows\System32\config\security_previous
2013-10-06 00:25 - 2006-11-02 02:22 - 00262144 _____ C:\Windows\System32\config\sam_previous

Files to move or delete:
====================
C:\Users\Administrator\AppData\Roaming\skype.dat
C:\Users\Administrator\AppData\Roaming\skype.ini


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

8
Restore point made on: 2013-03-09 05:30:26
Restore point made on: 2013-03-11 05:04:18
Restore point made on: 2013-03-26 07:28:33
Restore point made on: 2013-03-26 07:29:02
Restore point made on: 2013-03-26 13:30:30
Restore point made on: 2013-04-06 01:29:16
Restore point made on: 2013-05-04 08:48:58
Restore point made on: 2013-08-18 00:50:19

==================== Memory info =========================== 

Percentage of memory in use: 21%
Total physical RAM: 1992.5 MB
Available physical RAM: 1561.72 MB
Total Pagefile: 1754.42 MB
Available Pagefile: 1618.79 MB
Total Virtual: 2047.88 MB
Available Virtual: 1965.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:147.09 GB) (Free:27.81 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (OS_TOOLS) (Fixed) (Total:1.95 GB) (Free:1.73 GB) NTFS
Drive f: (RICZ) (Removable) (Total:3.73 GB) (Free:2.71 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149 GB) (Disk ID: 450A9A59)
Partition 1: (Active) - (Size=147 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 4 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=4 GB) - (Type=0B)


LastRegBack: 2013-10-06 05:20

==================== End Of Log ============================

Search.txt

Farbar Recovery Scan Tool (x86) Version: 03-10-2013
Ran by SYSTEM at 2013-10-06 19:22:06
Running from F:\
Boot Mode: Recovery

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2009-12-14 19:19] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2008-01-20 18:25] - [2008-01-20 18:25] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

C:\Windows\System32\services.exe
[2009-12-14 19:19] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

=== End Of Search ===

#2
Essexboy

Posted 07 October 2013 - 04:56 AM

GeekU Moderator

Retired Staff
69,964 posts

Hi download the attached fixlist.txt to the same location as FRST
[attachment=66875:fixlist.txt]
Run FRST as before and press Fix
On completion a log will be saved, please post that

THEN

Boot to normal mode

Download OTL to your Desktop
Secondary link

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select All Users
Select LOP and Purity
Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
c:\program files (x86)\Google\Desktop
c:\program files\Google\Desktop
dir "%systemdrive%\*" /S /A:L /C
CREATERESTOREPOINT
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Attach both logs

#3
MadhurKul

Posted 07 October 2013 - 11:06 AM

New Member

Topic Starter
Member
2 posts

Hi,
A BIG thanks for the help. After fixing through FRST and rebooting in normal mode, the white screen problem has disappeared. I have run the procedure as mentioned by you. Please find below the logs as requested :-

Fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-10-2013
Ran by SYSTEM at 2013-10-07 21:06:41 Run:1
Running from F:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
HKU\Administrator\...\Winlogon: [Shell] explorer.exe,C:\Users\Administrator\AppData\Roaming\skype.dat [ 2011-11-18] (Software            ) <==== ATTENTION  
C:\Users\Administrator\AppData\Roaming\skype.dat 
C:\Users\Administrator\AppData\Roaming\skype.ini 

*****************

HKU\Administrator\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\Users\Administrator\AppData\Roaming\skype.dat  => Moved successfully.
C:\Users\Administrator\AppData\Roaming\skype.ini  => Moved successfully.

==== End of Fixlog ====

OTL.txt

OTL logfile created on: 10/7/2013 9:23:59 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = G:\
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.95 Gb Total Physical Memory | 0.70 Gb Available Physical Memory | 36.10% Memory free
4.13 Gb Paging File | 2.79 Gb Available in Paging File | 67.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.09 Gb Total Space | 25.82 Gb Free Space | 17.55% Space Free | Partition Type: NTFS
Drive D: | 1.95 Gb Total Space | 1.73 Gb Free Space | 88.52% Space Free | Partition Type: NTFS
Drive G: | 3.73 Gb Total Space | 2.71 Gb Free Space | 72.68% Space Free | Partition Type: FAT32
 
Computer Name: 30DIT2297 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2013/10/07 21:10:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- G:\OTL.exe
PRC - [2013/03/22 04:20:35 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2010/07/18 23:39:55 | 000,774,144 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Imation\IFM\Imation Flash Detect.exe
PRC - [2009/04/11 11:58:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/11 11:57:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/24 17:23:34 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/02/24 17:23:34 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/02/24 17:23:32 | 001,795,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009/02/24 17:23:32 | 001,443,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2009/02/24 17:23:30 | 002,440,120 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2008/10/04 02:03:12 | 001,185,016 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2008/07/19 16:10:58 | 002,054,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
PRC - [2008/07/19 16:10:54 | 000,773,144 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
PRC - [2008/07/19 16:10:52 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2008/05/20 12:35:16 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2007/11/28 06:12:14 | 000,185,896 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe
PRC - [2007/11/28 06:12:12 | 000,093,736 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2007/11/28 06:10:42 | 000,298,536 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
PRC - [2007/11/02 14:52:40 | 000,036,864 | ---- | M] () -- C:\Program Files\HP\HP UT\bin\hppusg.exe
PRC - [2007/06/29 15:29:06 | 000,114,688 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
PRC - [2007/06/29 15:28:38 | 000,277,504 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files\Portrait Displays\HP Display Assistant\dthtml.exe
PRC - [2007/06/29 15:26:48 | 000,073,728 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2007/06/29 15:26:06 | 000,110,592 | ---- | M] (Portrait Displays Inc.) -- C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
PRC - [2006/08/19 11:37:06 | 000,049,152 | ---- | M] (ZSMCSNAP) -- C:\Windows\ZSSnp211.exe
PRC - [2006/08/18 16:58:14 | 000,049,152 | ---- | M] () -- C:\Windows\Domino.exe
PRC - [2004/08/24 15:01:12 | 000,065,536 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Windows\HPLiteSaver.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2013/03/23 18:01:48 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\144416ed8c3871a6de69bbe4e55f683c\System.Windows.Forms.ni.dll
MOD - [2013/03/22 04:20:33 | 000,390,096 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.43\ppgooglenaclpluginchrome.dll
MOD - [2013/03/22 04:20:31 | 004,050,896 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.43\pdf.dll
MOD - [2013/03/22 04:19:38 | 001,606,096 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.43\ffmpegsumo.dll
MOD - [2013/01/29 19:38:08 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\a2e286078c685f989cd10b035386a553\System.Runtime.Serialization.Formatters.Soap.ni.dll
MOD - [2013/01/29 19:37:24 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\839ff0054a7ab6c371325f122cec0d40\System.Configuration.ni.dll
MOD - [2013/01/29 19:37:21 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ad47238ee215a5002bf9f48b02bc9bdf\System.Xml.ni.dll
MOD - [2013/01/29 19:36:51 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\b8f3bbfe1da60b9c75346378e7faeafd\System.Drawing.ni.dll
MOD - [2013/01/29 19:35:38 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\3eddfe61bb0d8cbd0d8c186eb9e69156\System.ni.dll
MOD - [2013/01/29 19:35:21 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\854ec00bdcd23f1d36fb8405aa248b8d\mscorlib.ni.dll
MOD - [2010/07/18 23:39:55 | 000,774,144 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Imation\IFM\Imation Flash Detect.exe
MOD - [2009/10/15 18:56:24 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.hpqusg\3.0.0.0__a53cf5803f4c3827\Interop.hpqusg.dll
MOD - [2008/02/07 10:05:18 | 000,163,840 | ---- | M] () -- C:\Windows\System32\hppatusg01.dll
MOD - [2007/11/28 06:11:06 | 000,114,688 | ---- | M] () -- C:\Windows\System32\aicext.dll
MOD - [2007/11/02 14:52:40 | 000,057,344 | ---- | M] () -- C:\Program Files\HP\HP UT\bin\HPUsageTracking.dll
MOD - [2007/11/02 14:52:40 | 000,036,864 | ---- | M] () -- C:\Program Files\HP\HP UT\bin\hppusg.exe
MOD - [2007/11/02 14:52:38 | 000,114,688 | ---- | M] () -- C:\Program Files\HP\HP UT\bin\HPToolkit.dll
MOD - [2007/11/02 14:52:38 | 000,036,864 | ---- | M] () -- C:\Program Files\HP\HP UT\bin\Enumeration.dll
MOD - [2007/11/02 14:52:22 | 000,065,536 | ---- | M] () -- C:\Program Files\HP\HP UT\bin\HPTools.dll
MOD - [2007/11/02 14:52:16 | 000,016,384 | ---- | M] () -- C:\Program Files\HP\HP UT\bin\HPStreamsInterface.dll
MOD - [2007/06/29 15:26:54 | 000,167,936 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DThook.dll
MOD - [2007/06/29 15:26:50 | 000,077,824 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Plugins\CC\gui.dll
MOD - [2007/06/29 15:26:02 | 000,102,400 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\PresetsCOM.dll
MOD - [2007/06/12 11:25:48 | 000,065,536 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Drivers\vista.dll
MOD - [2006/08/18 16:58:14 | 000,049,152 | ---- | M] () -- C:\Windows\Domino.exe
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV - [2012/07/04 12:40:46 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/02/24 17:23:34 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/02/24 17:23:34 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/02/24 17:23:32 | 001,795,400 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/02/24 17:23:32 | 000,320,840 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2009/02/24 17:23:30 | 002,440,120 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/10/04 02:03:12 | 001,185,016 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2008/07/19 16:10:58 | 002,054,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS)
SRV - [2008/07/19 16:10:52 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS)
SRV - [2008/05/20 12:35:16 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2008/04/07 19:40:52 | 000,576,024 | ---- | M] (PDF Complete Inc) [Disabled | Stopped] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2008/01/21 07:53:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/28 06:12:14 | 000,185,896 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca)
SRV - [2007/08/11 20:05:27 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2007/06/29 15:29:06 | 000,114,688 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe -- (Asset Management Daemon)
SRV - [2007/06/29 15:26:48 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (a94ng9o6)
DRV - [2013/03/14 12:41:26 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20130407.007\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/03/14 12:41:26 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/03/14 12:41:26 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/03/14 12:41:26 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20130407.007\NAVENG.SYS -- (NAVENG)
DRV - [2012/09/30 18:03:24 | 000,174,056 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WpsHelper.sys -- (WpsHelper)
DRV - [2012/07/07 00:36:53 | 000,477,240 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/02/26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/02/26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/02/26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/02/26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/07/09 11:35:26 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/02/24 17:23:38 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2009/02/24 17:23:34 | 000,319,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2009/02/24 17:23:34 | 000,279,600 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2009/02/24 17:23:34 | 000,092,488 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\SysPlant.sys -- (SysPlant)
DRV - [2009/02/24 17:23:34 | 000,049,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2009/02/24 17:23:34 | 000,043,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2009/02/24 17:23:28 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2009/02/24 17:23:28 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2009/02/24 17:23:26 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/02/24 17:23:24 | 000,023,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/11/10 05:08:08 | 000,013,824 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HP1319FAX.sys -- (HP1319FAX)
DRV - [2008/11/10 05:08:08 | 000,012,800 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HP1319EWS.sys -- (HP1319EWS)
DRV - [2008/10/27 14:58:20 | 000,171,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6032.sys -- (e1kexpress)
DRV - [2008/07/19 16:10:46 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2008/01/21 07:53:51 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2006/11/16 17:20:48 | 000,015,920 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PdiPorts.sys -- (PdiPorts)
DRV - [2006/08/08 11:29:10 | 000,391,836 | ---- | M] (ZSMC Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZS211.sys -- (ZSMC211)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?ilc=8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=4.0007002"
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_in&c=93&bd=all&pf=cmdt
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_in&c=93&bd=all&pf=cmdt
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_in&c=93&bd=all&pf=cmdt
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_in&c=93&bd=all&pf=cmdt
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/enterprise/security_response/index.jsp
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/enterprise/security_response/index.jsp
 
IE - HKU\S-1-5-21-1030598212-3810331530-2025082804-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_in&c=93&bd=all&pf=cmdt
IE - HKU\S-1-5-21-1030598212-3810331530-2025082804-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com/406
IE - HKU\S-1-5-21-1030598212-3810331530-2025082804-500\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKU\S-1-5-21-1030598212-3810331530-2025082804-500\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKU\S-1-5-21-1030598212-3810331530-2025082804-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1030598212-3810331530-2025082804-500\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-1030598212-3810331530-2025082804-500\..\SearchScopes\{C961CD77-748C-4AF5-8D8B-0170738AB41C}: "URL" = http://in.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKU\S-1-5-21-1030598212-3810331530-2025082804-500\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=mkg028
IE - HKU\S-1-5-21-1030598212-3810331530-2025082804-500\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=4.0007002"
IE - HKU\S-1-5-21-1030598212-3810331530-2025082804-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1030598212-3810331530-2025082804-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=mkg030&p="
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.searchnu.com/406"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.732
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=390&systemid=406&sr=0&q="
FF - prefs.js..network.proxy.backup.ftp: "172.16.44.12"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.socks: "172.16.44.12"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "172.16.44.12"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "172.16.44.12"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "172.16.44.12"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "172.16.44.12"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "172.16.44.12"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "172.16.44.12"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 4
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Administrator\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 7\components [2012/04/03 14:32:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugins
 
[2012/09/30 14:42:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2013/03/09 23:09:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ai34znko.default\extensions
[2010/09/21 21:18:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ai34znko.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013/03/08 23:08:08 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ai34znko.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(178)
[2012/07/30 22:52:40 | 000,002,519 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ai34znko.default\searchplugins\Search_Results.xml
[2012/05/02 19:32:59 | 000,003,930 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ai34znko.default\searchplugins\sweetim.xml
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=crb&appid=390&systemid=406&sr=0&q={searchTerms}
CHR - default_search_provider: suggest_url = 
CHR - homepage: http://www.searchnu.com/406
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
 
O1 HOSTS File: ([2006/09/19 03:11:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{F3FEE66E-E034-436a-86E4-9690573BEE8A} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Domino] C:\Windows\Domino.exe ()
O4 - HKLM..\Run: [DT HWP] C:\Program Files\Portrait Displays\HP Display Assistant\DTHtml.exe (Portrait Displays, Inc)
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe ()
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
O4 - HKLM..\Run: [SetRefresh] C:\Program Files\HP\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Yahoo Messenger]  File not found
O4 - HKLM..\Run: [ZSSnp211] C:\Windows\ZSSnp211.exe (ZSMCSNAP)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10l_Plugin.exe -update plugin File not found
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10l_Plugin.exe -update plugin File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1030598212-3810331530-2025082804-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1030598212-3810331530-2025082804-500\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-1030598212-3810331530-2025082804-500\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1030598212-3810331530-2025082804-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-1030598212-3810331530-2025082804-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E8027D8-C0A2-44D9-A3B9-A13A10A270DD}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (avgrsstx.dll) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 03:13:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0413ec60-c79e-11e1-ad1b-93c49e1d851a}\Shell - "" = AutoRun
O33 - MountPoints2\{0413ec60-c79e-11e1-ad1b-93c49e1d851a}\Shell\AutoRun\command - "" = F:\FarCryAutoCD.exe
O33 - MountPoints2\{14f4f4db-3cd8-11df-b4ed-f2866c35922c}\Shell\AutoRun\command - "" = 3o.exe
O33 - MountPoints2\{14f4f4db-3cd8-11df-b4ed-f2866c35922c}\Shell\explore\Command - "" = 3o.exe
O33 - MountPoints2\{14f4f4db-3cd8-11df-b4ed-f2866c35922c}\Shell\open\Command - "" = 3o.exe
O33 - MountPoints2\{4b125467-a89d-11df-80c2-d08ab721be28}\Shell - "" = AutoRun
O33 - MountPoints2\{4b125467-a89d-11df-80c2-d08ab721be28}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{5491dcfb-4a45-11df-87fa-d4e33dc3c1fc}\Shell - "" = AutoRun
O33 - MountPoints2\{5491dcfb-4a45-11df-87fa-d4e33dc3c1fc}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ac72d6f9-1d67-11df-a86d-b9305fb4e997}\Shell - "" = AutoRun
O33 - MountPoints2\{ac72d6f9-1d67-11df-a86d-b9305fb4e997}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ac72d714-1d67-11df-a86d-b9305fb4e997}\Shell - "" = AutoRun
O33 - MountPoints2\{ac72d714-1d67-11df-a86d-b9305fb4e997}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b78789ab-40bf-11df-8d73-c3bb13ad500f}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\XEAyAL.EXe
O33 - MountPoints2\{c8e06849-30ba-11df-85ea-876d6794d17c}\Shell - "" = AutoRun
O33 - MountPoints2\{c8e06849-30ba-11df-85ea-876d6794d17c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d29cf187-312a-11df-a8d3-9ccb54ca022f}\Shell - "" = AutoRun
O33 - MountPoints2\{d29cf187-312a-11df-a8d3-9ccb54ca022f}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e38a0223-fa19-11de-8678-002481ea39ce}\Shell\AutoRun\command - "" = folder.tmp/tmp.exe
O33 - MountPoints2\{e38a0223-fa19-11de-8678-002481ea39ce}\Shell\explore\command - "" = folder.tmp/tmp.exe
O33 - MountPoints2\{e38a0223-fa19-11de-8678-002481ea39ce}\Shell\open\command - "" = folder.tmp/tmp.exe
O33 - MountPoints2\{e9a8b279-3454-11df-9080-befaaaa6b916}\Shell - "" = AutoRun
O33 - MountPoints2\{e9a8b279-3454-11df-9080-befaaaa6b916}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2013/10/07 08:50:24 | 000,000,000 | ---D | C] -- C:\FRST
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2013/10/07 21:27:40 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1ce1ccf2becf2c0.job
[2013/10/07 21:27:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/07 21:23:48 | 000,612,086 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/10/07 21:23:48 | 000,109,534 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/10/07 21:19:31 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/07 21:19:31 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/07 21:18:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/07 21:18:39 | 2090,070,016 | -HS- | M] () -- C:\hiberfil.sys
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2013/10/07 21:16:56 | 000,001,558 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Display LiteSaver Startup.lnk
[2013/10/07 21:16:56 | 000,001,167 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Imation Flash Detect.lnk
[2013/10/07 21:08:20 | 2090,070,016 | -HS- | C] () -- C:\hiberfil.sys
[2013/01/29 19:47:52 | 000,266,266 | ---- | C] () -- C:\Users\Administrator\anjuku.jpg
[2011/12/11 20:56:06 | 000,000,471 | ---- | C] () -- C:\ProgramData\ReclaiMe.config
[2011/12/11 20:56:06 | 000,000,438 | ---- | C] () -- C:\Users\Administrator\AppData\Local\ReclaiMe.config
[2010/10/11 01:05:20 | 000,022,328 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\PnkBstrK.sys
[2009/08/15 12:33:29 | 000,025,088 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/09 12:04:07 | 000,000,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/02/26 18:36:12 | 001,064,672 | ---- | C] () -- C:\Users\Administrator\download.jpg
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2006/11/02 18:24:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:17:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 11:58:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 11:58:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010/08/29 18:47:01 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\com.bigfatsimulations.airportmadness3.3A85083A650345D1ADAB4572C5816AD2DC9802A3.1
[2012/07/07 00:42:11 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite
[2010/08/15 23:33:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Net
[2010/08/16 00:19:12 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Pro
[2009/08/15 12:14:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DisplayTune
[2012/05/02 19:32:32 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Easy MP3 Recorder
[2013/10/06 19:10:19 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Juniper Networks
[2010/09/06 21:54:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Nokia
[2011/03/16 23:11:01 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PC Suite
[2011/09/02 23:54:01 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Research In Motion
[2010/12/16 00:34:11 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Uniblue
[2012/09/30 14:37:59 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\uTorrent
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
[color=#E56717]========== Base Services ==========[/color]
SRV - [2006/11/02 15:16:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2008/01/21 07:54:43 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2008/01/21 07:54:42 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2009/04/11 11:58:23 | 000,758,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2009/04/11 11:58:18 | 000,334,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2011/11/16 19:42:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/04/11 11:58:19 | 000,268,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2008/01/21 07:54:58 | 000,081,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2012/06/02 05:32:32 | 000,133,120 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2009/04/11 11:58:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2009/04/11 11:58:18 | 000,204,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcsvc.dll -- (Dhcp)
SRV - [2011/03/02 21:14:27 | 000,086,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2008/01/21 07:55:28 | 000,057,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/04/11 11:58:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2008/01/21 07:54:35 | 000,288,256 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2009/04/11 11:58:20 | 000,364,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009/04/11 11:58:24 | 000,311,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2008/01/21 07:55:20 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2008/01/21 07:54:39 | 000,274,432 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2008/01/21 07:54:49 | 000,237,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2008/01/21 07:54:11 | 000,168,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2008/01/21 07:55:11 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2009/04/11 11:58:25 | 000,222,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2010/08/17 19:41:37 | 000,128,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/16 19:42:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
SRV - [2009/04/11 11:58:19 | 000,564,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\emdmgmt.dll -- (EMDMgmt)
SRV - [2008/01/21 07:54:45 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2009/04/11 11:58:24 | 000,262,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2009/04/11 11:58:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2008/01/21 07:54:57 | 000,019,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2011/11/16 19:42:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/04/11 11:58:26 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/09/06 21:50:29 | 000,125,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/10 17:17:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/04/11 11:57:49 | 003,408,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SLsvc.exe -- (slsvc)
SRV - [2010/11/05 00:25:12 | 000,601,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2009/04/11 11:58:24 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/10 17:17:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (Themes)
SRV - [2009/04/11 11:58:23 | 000,153,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2009/04/11 11:58:10 | 001,055,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2009/04/11 11:58:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2009/04/11 11:58:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2008/01/21 07:53:52 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2008/01/21 07:53:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/11 11:58:25 | 001,017,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (Eventlog)
SRV - [2009/04/11 11:58:20 | 000,407,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2009/04/11 11:58:25 | 000,453,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (stisvc)
SRV - [2009/04/11 11:57:45 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/04/11 11:58:25 | 000,162,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/03 03:49:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2009/04/11 11:58:18 | 000,175,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/12 00:31:42 | 000,513,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2009/06/10 17:12:23 | 000,160,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
[color=#A23BEC]< c:\program files (x86)\Google\Desktop >[/color]
[2006/11/02 18:31:23 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006/11/02 18:31:23 | 000,032,602 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/04/03 18:46:48 | 000,000,900 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012/07/04 12:40:47 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013/03/09 19:35:36 | 000,000,882 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce1ccf2becf2c0.job
 
[color=#A23BEC]< c:\program files\Google\Desktop  >[/color]
 
[color=#A23BEC]< dir "%systemdrive%\*" /S /A:L /C >[/color]
 Volume in drive C has no label.
 Volume Serial Number is 46B4-D1F4
 Directory of C:\
11/02/2006  06:32 PM    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
 Directory of C:\ProgramData
11/02/2006  06:32 PM    <JUNCTION>     Application Data [C:\ProgramData]
11/02/2006  06:32 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
11/02/2006  06:32 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
11/02/2006  06:32 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
11/02/2006  06:32 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
11/02/2006  06:32 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users
11/02/2006  06:32 PM    <SYMLINKD>     All Users [C:\ProgramData]
11/02/2006  06:32 PM    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
 Directory of C:\Users\Administrator
07/09/2009  11:19 AM    <JUNCTION>     Application Data [C:\Users\Administrator\AppData\Roaming]
07/09/2009  11:19 AM    <JUNCTION>     Cookies [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies]
07/09/2009  11:19 AM    <JUNCTION>     Local Settings [C:\Users\Administrator\AppData\Local]
07/09/2009  11:19 AM    <JUNCTION>     My Documents [C:\Users\Administrator\Documents]
07/09/2009  11:19 AM    <JUNCTION>     NetHood [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/09/2009  11:19 AM    <JUNCTION>     PrintHood [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/09/2009  11:19 AM    <JUNCTION>     Recent [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent]
07/09/2009  11:19 AM    <JUNCTION>     SendTo [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\SendTo]
07/09/2009  11:19 AM    <JUNCTION>     Start Menu [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu]
07/09/2009  11:19 AM    <JUNCTION>     Templates [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Administrator\AppData\Local
07/09/2009  11:19 AM    <JUNCTION>     Application Data [C:\Users\Administrator\AppData\Local]
07/09/2009  11:19 AM    <JUNCTION>     History [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History]
07/09/2009  11:19 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Administrator\Documents
07/09/2009  11:19 AM    <JUNCTION>     My Music [C:\Users\Administrator\Music]
07/09/2009  11:19 AM    <JUNCTION>     My Pictures [C:\Users\Administrator\Pictures]
07/09/2009  11:19 AM    <JUNCTION>     My Videos [C:\Users\Administrator\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\All Users
11/02/2006  06:32 PM    <JUNCTION>     Application Data [C:\ProgramData]
11/02/2006  06:32 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
11/02/2006  06:32 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
11/02/2006  06:32 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
11/02/2006  06:32 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
11/02/2006  06:32 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default
11/02/2006  06:32 PM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
11/02/2006  06:32 PM    <JUNCTION>     Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
11/02/2006  06:32 PM    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
11/02/2006  06:32 PM    <JUNCTION>     My Documents [C:\Users\Default\Documents]
11/02/2006  06:32 PM    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
11/02/2006  06:32 PM    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
11/02/2006  06:32 PM    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
11/02/2006  06:32 PM    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
11/02/2006  06:32 PM    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
11/02/2006  06:32 PM    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local
11/02/2006  06:32 PM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
11/02/2006  06:32 PM    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
11/02/2006  06:32 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\Documents
11/02/2006  06:32 PM    <JUNCTION>     My Music [C:\Users\Default\Music]
11/02/2006  06:32 PM    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
11/02/2006  06:32 PM    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Public\Documents
11/02/2006  06:32 PM    <JUNCTION>     My Music [C:\Users\Public\Music]
11/02/2006  06:32 PM    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
11/02/2006  06:32 PM    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
              50 Dir(s)  27,555,205,120 bytes free

< End of report >

Extras.txt

OTL Extras logfile created on: 10/7/2013 9:23:59 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = G:\
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.95 Gb Total Physical Memory | 0.70 Gb Available Physical Memory | 36.10% Memory free
4.13 Gb Paging File | 2.79 Gb Available in Paging File | 67.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.09 Gb Total Space | 25.82 Gb Free Space | 17.55% Space Free | Partition Type: NTFS
Drive D: | 1.95 Gb Total Space | 1.73 Gb Free Space | 88.52% Space Free | Partition Type: NTFS
Drive G: | 3.73 Gb Total Space | 2.71 Gb Free Space | 72.68% Space Free | Partition Type: FAT32
 
Computer Name: 30DIT2297 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1030598212-3810331530-2025082804-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 4.0 Beta 7\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1030598212-3810331530-2025082804-500]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B3ED497-308A-4A29-8E5E-B7C32C0FFE4E}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{11F4FBD2-3363-47A6-A2D4-985DB121CAF7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{1810768E-20DE-4946-81AF-163D26FFA61C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4058F48E-6792-49A0-83FB-77976021D61A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{428AAF7D-6239-4AD3-8354-C2512909A221}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{4AF2EF1F-F250-41BF-86BF-98EAA5F20FC6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4C760B2B-084E-4A3D-8924-D3B4BACEA708}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{51A47B6C-7324-4085-BE75-7D8822CA3F94}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{5311925B-48D3-4650-8BB9-DF68F50F515F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{543F081E-9409-46C2-8664-DCE42D27BE3C}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5B7BB312-2FDC-4700-8F3D-3825B67F6DE2}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{635290E0-5E6F-4C5B-B0A4-54D0897542D7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{688A79F2-2EE8-4CC0-96A4-8625BE60FFF0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{68FB676A-2E74-429B-BD5F-90668E930310}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6F2E3032-3BC3-4298-9756-EC025F0CF204}" = rport=445 | protocol=6 | dir=out | app=system | 
"{79346584-5DBE-4B7C-9552-FE905706D12D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{815072B4-E489-4614-B2E6-D97527B8B41F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8E5C7C64-3F84-41D8-9D6D-B68E234C2416}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{912DBC04-A784-4E30-B69A-8BCC94BDA802}" = rport=138 | protocol=17 | dir=out | app=system | 
"{AC6B8CF4-0844-48FD-93F4-0E4B38333ECA}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C0E3DE07-0D46-48D8-8C20-6838290B1B8E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{E4182BF4-E0F4-4573-9732-6CDE5EBE90B7}" = lport=445 | protocol=6 | dir=in | app=system | 
"{EB191695-FD0F-4EB1-8298-BAFACA9ECB1E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F1E942DE-6E57-499B-B0A3-534F252E158C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F76D6EAC-F6C4-4C86-8986-9099A5DA8B6C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{FAB1866F-1323-4A4B-80E7-0A3D8F6401F9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FCC4A2B1-77FD-4F7B-971E-BC8F81A016D8}" = lport=137 | protocol=17 | dir=in | app=system | 
"{FFE88DD3-0C46-4A76-A647-E60838EF28C9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00698493-266F-4F0B-BB40-CAF5B1B24A6F}" = protocol=17 | dir=in | app=c:\program files\ubisoft\prince of persia\prince of persia.exe | 
"{010EFD6E-DC1F-45F7-8BD4-BFD73334D40E}" = protocol=17 | dir=in | app=c:\program files\id software\doom 3 resurrection evil\doom3.exe | 
"{05C77F90-84D4-4779-974D-880AEDE7BD2E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{07108098-849A-4B29-8041-54F36AAB0609}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe | 
"{07DB6F27-25A2-4A18-94F7-0798C238FBAC}" = protocol=6 | dir=in | app=c:\program files\ubisoft\prince of persia\princeofpersia_launcher.exe | 
"{0A4E6E40-CF49-4F07-81CD-EAA98F674AA8}" = protocol=17 | dir=in | app=c:\program files\id software\doom 3 resurrection evil\doom3ded.exe | 
"{11887CD3-96D1-41F3-B1CD-01A4BA081CF1}" = protocol=6 | dir=out | app=system | 
"{1ED421E8-6E7D-4D21-AA16-A8027C655635}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{209A7726-AE23-44F3-9EE3-AE480AD25E17}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe | 
"{25A65E08-D664-4A0C-8E0E-B8B9520AD500}" = protocol=1 | dir=out | [email protected],-28544 | 
"{2A5424AA-10E5-4B47-B620-647BF142797E}" = protocol=17 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe | 
"{2C975FD9-B4BB-4BCC-BF6D-1C29174B8C77}" = protocol=6 | dir=in | app=c:\program files\id software\doom 3 resurrection evil\doom3ded.exe | 
"{304EAEF0-5827-4654-A824-54A844F17D2E}" = protocol=17 | dir=in | app=c:\program files\ubisoft\prince of persia\princeofpersia_launcher.exe | 
"{32B07C36-DA84-4634-8A19-2A046991419F}" = protocol=58 | dir=in | [email protected],-28545 | 
"{39098469-1FDE-4355-A924-222C967EFE08}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3ABCDECA-9729-45BF-9444-EAF293FC1EA3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{3C549133-7EA8-4201-B0AC-D935A0134151}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{3C8259AB-879B-442D-9DD5-A3031375FA55}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3D7603F1-C344-4F3D-8F86-9BD9E219C6ED}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3EC5D009-6194-4D07-9674-52CC1662709F}" = protocol=6 | dir=in | app=c:\program files\id software\doom 3 resurrection evil\doom3.exe | 
"{40B9ADAE-0B61-494F-AEC9-E1A204B58D95}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe | 
"{46DAECAD-B0A1-4C8F-A671-B4B8CDCDDC1A}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe | 
"{4941A03A-B32A-4E43-A1DB-5C5C31BEE6F6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4DE19683-CF39-4919-AA28-C8A74761207C}" = protocol=6 | dir=in | app=c:\valve\steam\steam.exe | 
"{4F687DA1-2066-4383-A3E0-ADAD148972F1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{551235E6-066A-4865-B9C6-2DC1B69D0A3E}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe | 
"{56235F56-02D6-424E-A123-60C36BB6855D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{5B4550A3-2EAE-4A55-A99A-2F5FFB697A2B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5E15C963-A6EA-41E0-A50E-407BB9981E14}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{629AC594-256B-4D92-8350-059D44BDDEAB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{697246ED-6883-4F67-87F1-1001908709EB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6E2FD2E4-FCA1-4D7E-B467-F33A2B14390E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7BAE11C3-9634-4F56-9AD6-B66709B2C9EE}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{825E2698-024B-4900-9AE0-9DA15A93BF5E}" = protocol=17 | dir=in | app=c:\program files\id software\doom 3 resurrection evil\d3roe3_c.exe | 
"{8843A36E-5CCB-484D-920B-DD1571123FFD}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe | 
"{8A8397D9-9EEC-42B8-892F-CA46E2FCFF7A}" = protocol=6 | dir=in | app=c:\program files\id software\doom 3 resurrection evil\d3roe3_c.exe | 
"{9159FF3E-3A91-48EC-82AA-7E4E3EE1D4B3}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe | 
"{9531E661-DE68-4E44-BF37-9239269675CC}" = protocol=6 | dir=in | app=c:\program files\ubisoft\prince of persia\prince of persia.exe | 
"{98D283A5-7459-4A2C-A9AA-635ED2A610E3}" = protocol=58 | dir=out | [email protected],-28546 | 
"{AC759FFE-B4F7-4EC5-9198-FC13F20F5AF3}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe | 
"{B937A6D2-4E18-4438-B902-9A3AED7ED23F}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe | 
"{B9B6833D-5DE0-40E8-8200-851E37E41282}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe | 
"{C2BA2A6A-1A38-4332-8DF7-7BF9A68D6F0B}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe | 
"{C848A8D0-A0A6-4C6A-9ADB-27B14B25E8F2}" = protocol=6 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe | 
"{D1D69314-0F33-4DCB-8601-C588E2D7DAB8}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe | 
"{D364F195-8B97-41FD-A638-1A5682182E0C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D787E388-7DDA-4F36-86BB-DC08E68BABEA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D7CEFEBD-C227-4BB6-AA2A-18F8C44F51A9}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{DF1E9BD6-2DE7-4968-AF1E-AA874D86E9BD}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe | 
"{DF997450-9C3C-460A-9B84-9BEB8A0BB5EF}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{E46FB6CE-7209-4734-A702-C617B9B1655E}" = protocol=1 | dir=in | [email protected],-28543 | 
"{EB35D635-4EBE-4AC6-9B6E-C6076D756BB8}" = protocol=17 | dir=in | app=c:\valve\steam\steam.exe | 
"{ECBF9A55-3F64-41F0-BBCD-0668C9208DB7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EEC36BA2-FD0D-4F6F-9F34-8A68EB1FD0A3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F4D34D74-1568-4323-9D6A-63E4EC324510}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe | 
"{F9DAF5FA-93A5-47D2-AB47-5E1E61DC67C7}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{FCAECA0C-D937-4F7F-B9B1-4865CADB7CE5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FD9E0693-F7C0-4CC5-B66D-B8C5DA64D267}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"TCP Query User{067822F8-6220-49CD-8B54-651E9340F193}C:\study material\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\study material\eclipse\eclipse.exe | 
"TCP Query User{80D30B35-DC2F-4D26-8988-7BB551DD810C}C:\program files\atari\terminator 3 - war of the machines\t3.exe" = protocol=6 | dir=in | app=c:\program files\atari\terminator 3 - war of the machines\t3.exe | 
"TCP Query User{9068F27D-8370-4D30-8B9C-0147E2541FFC}C:\program files\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike 1.6\hl.exe | 
"TCP Query User{9776C018-50AE-4BF8-9DD5-98B4AB1CF08D}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"TCP Query User{B45CB068-1489-47AA-ADF5-9DAAAD7E259B}C:\program files\mozilla firefox 3.6 beta 4\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox 3.6 beta 4\firefox.exe | 
"TCP Query User{D2146E7E-D638-4ED4-A1FF-BD50CD37E2AE}C:\valve\condition zero\czero.exe" = protocol=6 | dir=in | app=c:\valve\condition zero\czero.exe | 
"TCP Query User{E440A8B6-3F77-430D-82E5-58FC7BC88441}C:\program files\java\jre1.6.0_07\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_07\bin\javaw.exe | 
"TCP Query User{EA031C3E-C9EC-4EBA-8B92-BF8A17EF8306}C:\program files\return to castle wolfenstein\wolfmp.exe" = protocol=6 | dir=in | app=c:\program files\return to castle wolfenstein\wolfmp.exe | 
"UDP Query User{25026A01-B0BA-4934-B568-DFC8344E77D6}C:\program files\java\jre1.6.0_07\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_07\bin\javaw.exe | 
"UDP Query User{3C9BA516-594B-40B7-B7BB-66DDB6D09D06}C:\program files\mozilla firefox 3.6 beta 4\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox 3.6 beta 4\firefox.exe | 
"UDP Query User{723030EE-4927-4BC0-8930-5EDA2F1BE135}C:\program files\return to castle wolfenstein\wolfmp.exe" = protocol=17 | dir=in | app=c:\program files\return to castle wolfenstein\wolfmp.exe | 
"UDP Query User{892B76DD-D2E4-4B3E-B0CE-64A2A973258B}C:\program files\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike 1.6\hl.exe | 
"UDP Query User{89D31DFB-2FB8-4651-A414-BCA94E76A310}C:\valve\condition zero\czero.exe" = protocol=17 | dir=in | app=c:\valve\condition zero\czero.exe | 
"UDP Query User{BF7D33BA-E46A-447F-A403-115F9764EC4D}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"UDP Query User{D1ED31C6-3E25-4E72-AFF3-CC474746EA9A}C:\program files\atari\terminator 3 - war of the machines\t3.exe" = protocol=17 | dir=in | app=c:\program files\atari\terminator 3 - war of the machines\t3.exe | 
"UDP Query User{DB40C5BD-E8F1-44BD-A57F-58D0C0C4CBBC}C:\study material\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\study material\eclipse\eclipse.exe | 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{17B371B7-740F-4C83-BDFE-0C3A2C585103}" = HP Display Assistant
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{1F2E313E-CBAA-4337-A46B-794E8E4FE6C2}" = FaxSetupInstaller
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 26
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3BAB4914-9CC1-4CC2-A3DA-56EF62DFD373}" = Symantec Endpoint Protection
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{43BEE5D4-E522-450A-817D-02BCC18C1517}" = hppusgM1310
"{44D02D8B-FFB3-4245-8D26-68D10B4C4023}" = USB PC Camera (ZS211)
"{485D80AA-AFD9-4FF1-91D4-A44978B99F3D}" = AuthenTec Fingerprint System
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{509E7E30-8EC3-449B-8C59-B952E7489B0F}" = D-Link DSLs
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76643356-611A-4A07-8BEC-79E85546916F}" = HP Display LiteSaver
"{76B86AE2-6558-46FB-BB39-E6F02898FBE7}" = HP LaserJet Toolbox
"{8487219F-6929-4FC9-B5F7-7D990DD6EECB}" = HP Advisor
"{8FD8E8C4-D53E-4C52-81B1-0017A9546D1E}" = Hindi Indic IME 1 V 5.0
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{96BFE9CE-5A9D-4F6E-A406-7E0206BE5A6A}" = HP LaserJet M1319 MFP Series Toolbox
"{9BC9B87B-66D9-BF1C-4714-9FDD85FC6BED}" = AirportMadness3
"{A82D052A-0806-42DF-80CD-1730A1AC0ED3}" = MrvlUsgTracking
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC194855-F7AC-4D04-B4C9-07BA46FCB697}" = ActivClient 6.1 x86
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C6909E04-B7C6-4426-BE4F-098275147ADA}" = Scan To
"{C876CEE1-32CC-4E96-832F-1D321E35A451}" = FaxSendInstaller
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"7-Zip" = 7-Zip 4.57
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"CCleaner" = CCleaner
"com.bigfatsimulations.airportmadness3.3A85083A650345D1ADAB4572C5816AD2DC9802A3.1" = AirportMadness3
"DAEMON Tools Lite" = DAEMON Tools Lite
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP LaserJet M1319 MFP" = HP LaserJet M1319 MFP Series
"InstallShield_{362C6A81-4C88-4B26-8C79-B2EE0076F65F}" = Wolfenstein(TM) 1.11 Patch
"InstallShield_{76643356-611A-4A07-8BEC-79E85546916F}" = HP Display LiteSaver
"InstallShield_{8FD8E8C4-D53E-4C52-81B1-0017A9546D1E}" = Hindi Indic IME 1 V 5.0
"InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"MESOL" = Intel® Active Management Technology
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"PDF Complete" = PDF Complete
"STANDARD" = Microsoft Office Standard 2007
"VLC media player" = VLC media player 1.1.1
"Yahoo! Messenger" = Yahoo! Messenger
 
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 10/7/2013 11:53:45 AM | Computer Name = 30dit2297 | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 10/7/2013 11:53:45 AM | Computer Name = 30dit2297 | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 10/7/2013 11:53:45 AM | Computer Name = 30dit2297 | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 10/7/2013 11:53:46 AM | Computer Name = 30dit2297 | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 10/7/2013 11:54:31 AM | Computer Name = 30dit2297 | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 10/7/2013 11:54:31 AM | Computer Name = 30dit2297 | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 10/7/2013 11:54:48 AM | Computer Name = 30dit2297 | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 10/7/2013 11:54:48 AM | Computer Name = 30dit2297 | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 10/7/2013 11:56:31 AM | Computer Name = 30dit2297 | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 10/7/2013 11:56:31 AM | Computer Name = 30dit2297 | Source = Windows Search Service | ID = 3013
Description = 
 
[ OSession Events ]
Error - 8/18/2010 1:23:26 PM | Computer Name = 30dit2297 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 911
 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error - 8/19/2010 3:19:54 PM | Computer Name = 30dit2297 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 10
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 8/19/2010 3:23:10 PM | Computer Name = 30dit2297 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 187
 seconds with 180 seconds of active time.  This session ended with a crash.
 
Error - 1/12/2011 3:58:10 AM | Computer Name = 30dit2297 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 56
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 1/12/2011 4:01:28 AM | Computer Name = 30dit2297 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 93
 seconds with 60 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 10/6/2013 5:13:35 AM | Computer Name = 30dit2297 | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 10/6/2013 5:13:35 AM | Computer Name = 30dit2297 | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 10/6/2013 5:13:35 AM | Computer Name = 30dit2297 | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 10/6/2013 5:13:35 AM | Computer Name = 30dit2297 | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 10/6/2013 5:13:35 AM | Computer Name = 30dit2297 | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 10/6/2013 5:13:35 AM | Computer Name = 30dit2297 | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 10/6/2013 5:13:35 AM | Computer Name = 30dit2297 | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 10/6/2013 5:13:35 AM | Computer Name = 30dit2297 | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 10/7/2013 11:50:01 AM | Computer Name = 30dit2297 | Source = WMPNetworkSvc | ID = 866312
Description = 
 
Error - 10/7/2013 11:50:02 AM | Computer Name = 30dit2297 | Source = WMPNetworkSvc | ID = 866312
Description = 
 
 
< End of report >

#4
Essexboy

Posted 07 October 2013 - 11:21 AM

GeekU Moderator

Retired Staff
69,964 posts

OK could you let me know how the computer is behaving on completion of this run

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:Commands
[CREATERESTOREPOINT]

:OTL
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (a94ng9o6) 
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms} 
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=4.0007002" 
IE - HKU\S-1-5-21-1030598212-3810331530-2025082804-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com/406 
IE - HKU\S-1-5-21-1030598212-3810331530-2025082804-500\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found 
IE - HKU\S-1-5-21-1030598212-3810331530-2025082804-500\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} 
IE - HKU\S-1-5-21-1030598212-3810331530-2025082804-500\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms} 
IE - HKU\S-1-5-21-1030598212-3810331530-2025082804-500\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=4.0007002" 
FF - prefs.js..browser.startup.homepage: "http://www.searchnu.com/406" 
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=390&systemid=406&sr=0&q=" 
FF - prefs.js..network.proxy.backup.ftp: "172.16.44.12" 
FF - prefs.js..network.proxy.backup.ftp_port: 8080 
FF - prefs.js..network.proxy.backup.socks: "172.16.44.12" 
FF - prefs.js..network.proxy.backup.socks_port: 8080 
FF - prefs.js..network.proxy.backup.ssl: "172.16.44.12" 
FF - prefs.js..network.proxy.backup.ssl_port: 8080 
FF - prefs.js..network.proxy.ftp: "172.16.44.12" 
FF - prefs.js..network.proxy.ftp_port: 8080 
FF - prefs.js..network.proxy.gopher: "172.16.44.12" 
FF - prefs.js..network.proxy.gopher_port: 8080 
FF - prefs.js..network.proxy.http: "172.16.44.12" 
FF - prefs.js..network.proxy.http_port: 8080 
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1" 
FF - prefs.js..network.proxy.share_proxy_settings: true 
FF - prefs.js..network.proxy.socks: "172.16.44.12" 
FF - prefs.js..network.proxy.socks_port: 8080 
FF - prefs.js..network.proxy.ssl: "172.16.44.12" 
FF - prefs.js..network.proxy.ssl_port: 8080 
FF - prefs.js..network.proxy.type: 4 
[2012/05/02 19:32:59 | 000,003,930 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ai34znko.default\searchplugins\sweetim.xml 
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. 
O2 - BHO: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found. 
O3 - HKLM\..\Toolbar: (no name) - !{F3FEE66E-E034-436a-86E4-9690573BEE8A} - No CLSID value found. 
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found. 
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. 
O33 - MountPoints2\{14f4f4db-3cd8-11df-b4ed-f2866c35922c}\Shell\AutoRun\command - "" = 3o.exe 
O33 - MountPoints2\{14f4f4db-3cd8-11df-b4ed-f2866c35922c}\Shell\explore\Command - "" = 3o.exe 
O33 - MountPoints2\{14f4f4db-3cd8-11df-b4ed-f2866c35922c}\Shell\open\Command - "" = 3o.exe 
O33 - MountPoints2\{b78789ab-40bf-11df-8d73-c3bb13ad500f}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\XEAyAL.EXe 
O33 - MountPoints2\{e38a0223-fa19-11de-8678-002481ea39ce}\Shell\AutoRun\command - "" = folder.tmp/tmp.exe 
O33 - MountPoints2\{e38a0223-fa19-11de-8678-002481ea39ce}\Shell\explore\command - "" = folder.tmp/tmp.exe 
O33 - MountPoints2\{e38a0223-fa19-11de-8678-002481ea39ce}\Shell\open\command - "" = folder.tmp/tmp.exe 
 
:Commands
[resethosts]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Attach the entire report in your next reply.

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

#5
Essexboy

Posted 12 October 2013 - 06:11 AM

GeekU Moderator

Retired Staff
69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.