Jump to content

Am I infected? Found trojan.gen


Guest rokhuff

Recommended Posts

Guest rokhuff

Yesterday I downloaded a file (freeware game) from a person I knew, with permission, however it was posted to a file share system much like Dropbox. I suspect that this share system infected said file. So I go to run this file and Symantec Endpoint Protection goes nuts saying its found 2 instances of Trojan.gen and has isolated both in quarantine. I delete both and run Symantec again with nothing found. I run Microsoft Security Essentials and it also finds nothing, but I'm paranoid so I download Malwarebytes Anti-Malware and it finds two things Hijack.ControlPanelStyle and PUM.Disable.MCProperties and quarantines both. I run Malwarebytes two more times and nothing is found, so I need to know if I'm still infected.

Thanks.

dds.txt

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2

Run by 1777777 at 17:40:32 on 2013-01-17

Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3241.1326 [GMT -7:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

C:\Windows\system32\DRIVERS\o2flash.exe

C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe

C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe

C:\Program Files\Fujitsu\PSUtility\PSUService.exe

C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files\Tablet\ISD\ISD_Tablet.exe

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\Smc.exe

c:\Program Files\Microsoft Security Client\NisSrv.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\AuthenTec TrueSuite\TouchControl.exe

C:\Program Files\AuthenTec TrueSuite\BioMonitor.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\Explorer.EXE

C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Tablet\ISD\ISD_TabletUser.exe

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Program Files\Google\Update\1.3.21.124\GoogleCrashHandler.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\vsnp2uvc.exe

C:\Program Files\Fujitsu\BatteryAid2\BatteryDaemon.exe

C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe

C:\Program Files\Fujitsu\PSUtility\TrayManager.exe

C:\Program Files\Tablet\ISD\ISD_Tablet.exe

C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe

C:\Program Files\Tablet\CalibrationAssistant.exe

C:\Program Files\Fujitsu\PointingDeviceUtility\FJPDAutoSet.exe

C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe

C:\Program Files\CyberLink\YouCam\YCMMirage.exe

C:\Program Files\CyberLink\YouCam\YouCam.exe

C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe

C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvsvr.exe

C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Real\RealPlayer\Update\realsched.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Steam\Steam.exe

C:\Program Files\RocketDock\RocketDock.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Users\1777777\Local Settings\Apps\F.lux\flux.exe

C:\Program Files\Fujitsu\Utils\fjevents.exe

C:\Program Files\Fujitsu\Utils\FjLidMon.exe

C:\Program Files\Fujitsu\Utils\FjMnuIco.exe

C:\Windows\System32\StikyNot.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe

C:\Users\1777777\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.EXE

C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.EXE

C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Common Files\Steam\SteamService.exe

C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\system32\taskeng.exe

C:\Users\1777777\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\1777777\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\1777777\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\1777777\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\conhost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k WbioSvcGroup

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k DyRemSvc

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.easylifeapp.com/

uWindow Title = Windows Internet Explorer provided by MT

uSearch Bar = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com

uSearch Page = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com

uDefault_Page_URL = hxxp://google.com

mStart Page = hxxp://search.easylifeapp.com/

uSearchAssistant = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll

BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\symantec\symantec endpoint protection\12.1.1000.157.105\bin\ips\IPSBHO.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - c:\program files\authentec truesuite\IEBHO.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>

uRun: [Google Update] "c:\users\1777777\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [steam] "c:\program files\steam\Steam.exe" -silent

uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [F.lux] "c:\users\1777777\local settings\apps\f.lux\flux.exe" /noshow

uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s

mRun: [iMSS] "c:\program files\intel\intel® management engine components\imss\PIconStartup.exe"

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [snp2uvc] c:\windows\vsnp2uvc.exe

mRun: [FJBATAID2] c:\program files\fujitsu\batteryaid2\BatteryDaemon.exe

mRun: [LoadFUJ02E3] c:\program files\fujitsu\fuj02e3\FUJ02E3.exe

mRun: [PSUTility] c:\program files\fujitsu\psutility\TrayManager.exe

mRun: [NUSB3MON] "c:\program files\renesas electronics\usb 3.0 host controller driver\application\nusb3mon.exe"

mRun: [FDM7] c:\program files\fujitsu\fdm7\FdmDaemon.exe

mRun: [PfNet] "c:\program files\fujitsu\plugfree network\PfNet.exe" /r

mRun: [startFujitsuPointingDeviceUtility] "c:\program files\fujitsu\pointingdeviceutility\FJPDAutoSet.exe"

mRun: [sSUtility] c:\program files\fujitsu\ssutility\FJSSDMN.exe

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [YouCam Mirage] "c:\program files\cyberlink\youcam\YCMMirage.exe"

mRun: [YouCam Tray] "c:\program files\cyberlink\youcam\YouCam.exe" /s

mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"

mRun: [updatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"

mRun: [KeepSafe] "c:\program files\authentec truesuite\keepsafe\fvsvr.exe" /startup

mRun: [FjStrtAp] c:\program files\fujitsu\utils\FjStrtAp.exe

mRun: [indicatorUtility] "c:\program files\fujitsu\fujitsu hotkey utility\IndicatorUty.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

StartupFolder: c:\users\1777777\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\1777777\appdata\roaming\dropbox\bin\Dropbox.exe

StartupFolder: c:\users\1777777\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\solidw~1.lnk - c:\program files\common files\solidworks installation manager\backgrounddownloading\sldBgDwld.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: MemCheckBoxInRunDlg = dword:1

uPolicies-Explorer: NoActiveDesktop = dword:1

uPolicies-Explorer: NoWelcomeScreen = dword:1

uPolicies-Explorer: NoRecentDocsNetHood = dword:1

uPolicies-System: HideLogonScripts = dword:1

uPolicies-System: HideLogoffScripts = dword:1

uPolicies-System: ConnectHomeDirToRoot = dword:1

mPolicies-Explorer: NoWelcomeScreen = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

mPolicies-System: RunStartupScriptSync = dword:1

mPolicies-System: HideShutdownScripts = dword:1

mPolicies-System: HideStartupScripts = dword:1

mPolicies-System: LogonType = dword:0

mPolicies-Windows\System: UserPolicyMode = dword:2

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

.

INFO: HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: NameServer = 24.220.0.10 24.220.0.11

TCP: Interfaces\{A54A856F-8789-4F82-9BB2-317D0DC8CE53} : DHCPNameServer = 24.220.0.10 24.220.0.11

TCP: Interfaces\{A54A856F-8789-4F82-9BB2-317D0DC8CE53}\374637D647770716 : DHCPNameServer = 151.159.3.44 151.159.3.1 151.159.3.2

TCP: Interfaces\{A54A856F-8789-4F82-9BB2-317D0DC8CE53}\374637D647F607E6 : DHCPNameServer = 10.250.10.253

TCP: Interfaces\{A54A856F-8789-4F82-9BB2-317D0DC8CE53}\45348435 : DHCPNameServer = 10.0.100.52

TCP: Interfaces\{FCB2E669-020A-4277-9887-771A2A3B27B8} : DHCPNameServer = 24.220.0.10 24.220.0.11

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Notify: igfxcui - igfxdev.dll

Notify: SEP - c:\program files\symantec\symantec endpoint protection\12.1.1000.157.105\bin\WinLogoutNotifier.dll

AppInit_DLLs= c:\progra~1\browse~1\sprote~1.dll c:\progra~1\easylife\sprote~1.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\1777777\appdata\roaming\mozilla\firefox\profiles\qnrgc02l.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.easylifeapp.com/?q=

FF - prefs.js: browser.search.selectedEngine - EasyLife

FF - prefs.js: browser.startup.homepage - hxxp://search.easylifeapp.com/

FF - prefs.js: keyword.URL - hxxp://search.easylifeapp.com/?q=

FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.124\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npEModelPlugin.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll

FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll

FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll

FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll

FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\npdlplugin.dll

FF - plugin: c:\users\1777777\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll

FF - plugin: c:\windows\system32\npdeployJava1.dll

FF - plugin: c:\windows\system32\npmproxy.dll

FF - ExtSQL: 2013-01-06 13:36; {34712C68-7391-4c47-94F3-8F88D49AD632}; c:\programdata\realnetworks\realdownloader\browserplugins\firefox\Ext

FF - ExtSQL: 2013-01-17 11:30; 50f74d5d8e5a0@50f74d5d8e5d9.com; c:\users\1777777\appdata\roaming\mozilla\firefox\profiles\qnrgc02l.default\extensions\50f74d5d8e5a0@50f74d5d8e5d9.com

.

============= SERVICES / DRIVERS ===============

.

R0 FBIOSDRV;Fujitsu BIOS Driver;c:\windows\system32\drivers\FBIOSDRV.sys [2009-6-24 17008]

R0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\drivers\FJGSDisk.sys [2011-7-28 12904]

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\sep\0c0103e8\009d.105\x86\SymDS.sys [2011-6-17 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\sep\0c0103e8\009d.105\x86\SymEFA.sys [2012-1-12 758904]

R1 BHDrvx86;BHDrvx86;c:\programdata\symantec\symantec endpoint protection\12.1.1000.157.105\data\definitions\bashdefs\20130107.011\BHDrvx86.sys [2013-1-8 995488]

R1 IDSVix86;IDSVix86;c:\programdata\symantec\symantec endpoint protection\12.1.1000.157.105\data\definitions\ipsdefs\20130116.002\IDSvix86.sys [2013-1-16 386720]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\sep\0c0103e8\009d.105\x86\Ironx86.sys [2012-1-12 137336]

R1 SYMNETS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\sep\0c0103e8\009d.105\x86\symnets.sys [2012-1-12 299640]

R2 DyRemS;Remote Services;c:\windows\system32\svchost.exe -k DyRemSvc [2012-4-12 21504]

R2 FPLService;TrueSuiteService;c:\program files\authentec truesuite\TrueSuiteService.exe [2011-7-15 265032]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-1-17 398184]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-1-17 682344]

R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-8-30 99272]

R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2011-9-15 88576]

R2 PFNService;PFNService;c:\program files\fujitsu\plugfree network\PFNService.exe [2010-10-7 249856]

R2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\fujitsu\psutility\PSUService.exe [2011-7-28 62824]

R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2012-11-29 38608]

R2 SepMasterService;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\12.1.1000.157.105\bin\ccSvcHst.exe [2012-1-12 137224]

R2 TabletServiceISD;TabletServiceISD;c:\program files\tablet\isd\ISD_Tablet.exe [2011-7-28 4733304]

R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2011-7-28 2656280]

R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-10-14 98304]

R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]

R3 acpials;ALS Sensor Filter;c:\windows\system32\drivers\acpials.sys [2011-4-11 7680]

R3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2011-4-11 895480]

R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\drivers\clwvd.sys [2010-6-20 29168]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-12-1 106656]

R3 Fjbtndrv;Fujitsu Button Driver;c:\windows\system32\drivers\FjBtndrv.sys [2003-6-20 11392]

R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2011-8-15 5632]

R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2011-7-22 269824]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-1-17 21104]

R3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2011-7-28 41088]

R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2010-12-10 62336]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2010-12-10 141440]

R3 O2MDRRDR;O2MDRRDR;c:\windows\system32\drivers\O2MDRw7.sys [2011-1-3 62440]

R3 O2SDJRDR;O2SDJRDR;c:\windows\system32\drivers\o2sdjw7.sys [2011-1-16 62312]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [2011-7-28 140456]

S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\drivers\btwampfl.sys [2011-7-28 300584]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2011-7-28 33320]

S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\solidworks corp\solidworks\swscheduler\DTSCoordinatorService.exe [2012-6-8 89192]

S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-11 62464]

S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-10-26 25088]

S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-23 23040]

S3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\o2mdfw7.sys [2011-1-3 60904]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-10-24 14848]

S3 Remote Solver for Flow Simulation 2012;Remote Solver for Flow Simulation 2012;c:\program files\solidworks corp\solidworks flow simulation\bincfw\StandAloneSlv.exe [2012-4-9 95368]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2013-1-17 27192]

S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2009-11-23 1120752]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2012-4-12 21504]

S3 SyDvCtrl;SyDvCtrl;c:\program files\symantec\symantec endpoint protection\12.1.1000.157.105\bin\SyDvCtrl32.sys [2012-1-12 23984]

S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2011-4-11 77184]

S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-10-24 24064]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-10-24 49664]

S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-10-24 27136]

S3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2011-4-11 112640]

S3 wacomhidfilter;Wacom HID Filter;c:\windows\system32\drivers\wacomhidfilter.sys [2011-7-28 14376]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-8-1 1343400]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-2-13 11520]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128]

S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]

S4 RsFx0105;RsFx0105 Driver;c:\windows\system32\drivers\RsFx0105.sys [2011-9-22 238696]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2011-9-22 370024]

.

=============== Created Last 30 ================

.

2013-01-17 17:26:09 -------- d-----w- c:\users\1777777\appdata\local\VS Revo Group

2013-01-17 17:26:02 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys

2013-01-17 17:25:23 6991832 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{18e41eeb-8621-48c8-b383-5bae435a1ec2}\mpengine.dll

2013-01-17 17:25:23 -------- d-----w- c:\program files\VS Revo Group

2013-01-17 16:35:54 -------- d-----w- c:\users\1777777\appdata\roaming\Malwarebytes

2013-01-17 16:35:35 -------- d-----w- c:\programdata\Malwarebytes

2013-01-17 16:35:31 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-01-17 16:35:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-01-17 00:55:37 740840 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{a6917314-d0fc-41e7-9645-cd77c0d9d624}\gapaengine.dll

2013-01-17 00:55:33 6991832 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2013-01-17 00:51:00 -------- d-----w- c:\program files\Microsoft Security Client

2013-01-17 00:39:26 -------- d-----w- c:\programdata\Cloud Software LTD

2013-01-17 00:39:13 -------- d-----w- c:\users\1777777\appdata\roaming\SendSpace

2013-01-17 00:39:07 -------- d-----w- c:\program files\EasyLife

2013-01-17 00:39:00 -------- d-----w- c:\program files\BrowseToSave

2013-01-17 00:38:33 -------- d-----w- c:\programdata\InstallMate

2013-01-16 07:32:48 -------- d-----w- c:\program files\Instagram Downloader

2013-01-16 07:32:33 -------- d-----w- c:\users\1777777\appdata\local\Programs

2013-01-16 06:52:05 -------- d-----w- c:\users\1777777\appdata\local\CRE

2013-01-16 06:51:00 -------- d-----w- c:\program files\Conduit

2013-01-16 06:50:46 -------- d-----w- c:\users\1777777\appdata\local\VisualBeeExe

2013-01-16 06:50:41 -------- d-----w- c:\users\1777777\appdata\local\Conduit

2013-01-16 06:50:31 -------- d-----w- c:\programdata\VisualBee

2013-01-09 14:16:37 626688 ----a-w- c:\windows\system32\usp10.dll

2013-01-09 14:16:33 2354688 ----a-w- c:\windows\system32\win32k.sys

2013-01-09 14:16:27 496128 ----a-w- c:\windows\system32\win32spl.dll

2013-01-09 14:12:07 1389568 ----a-w- c:\windows\system32\msxml6.dll

2013-01-09 14:10:54 21504 ----a-w- c:\windows\system32\grb.rs

2013-01-09 14:09:48 49152 ----a-w- c:\windows\system32\taskhost.exe

2013-01-09 04:38:59 -------- d-----w- c:\users\1777777\appdata\roaming\RealNetworks

2013-01-06 20:36:47 -------- d-----w- c:\program files\RealNetworks

2013-01-06 20:36:46 -------- d-----w- c:\programdata\RealNetworks

2013-01-06 20:36:04 -------- d-----w- c:\program files\common files\xing shared

2013-01-06 20:35:46 153296 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll

2013-01-06 20:35:37 124056 ----a-w- c:\program files\mozilla firefox\plugins\nprpplugin.dll

2013-01-06 17:52:16 34304 ----a-w- c:\windows\system32\atmlib.dll

2013-01-06 17:52:16 295424 ----a-w- c:\windows\system32\atmfd.dll

.

==================== Find3M ====================

.

2013-01-06 20:35:28 499712 ----a-w- c:\windows\system32\msvcp71.dll

2013-01-06 20:35:28 348160 ----a-w- c:\windows\system32\msvcr71.dll

2012-12-07 12:26:17 308736 ----a-w- c:\windows\system32\Wpc.dll

2012-12-07 12:20:43 2576384 ----a-w- c:\windows\system32\gameux.dll

2012-11-30 04:53:34 169984 ----a-w- c:\windows\system32\winsrv.dll

2012-11-30 04:47:45 293376 ----a-w- c:\windows\system32\KernelBase.dll

2012-11-30 02:55:25 271360 ----a-w- c:\windows\system32\conhost.exe

2012-11-30 02:38:59 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2012-11-30 02:38:59 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2012-11-30 02:38:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2012-11-30 02:38:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2012-11-20 04:51:09 220160 ----a-w- c:\windows\system32\ncrypt.dll

2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-11-09 04:42:49 2048 ----a-w- c:\windows\system32\tzres.dll

2012-11-08 18:29:12 1402312 ----a-w- c:\windows\system32\msxml4.dll

2012-11-02 05:11:31 376832 ----a-w- c:\windows\system32\dpnet.dll

.

============= FINISH: 17:41:16.40 ===============

Link to post
Share on other sites

:welcome: I am TheDarkKnight and will be assisting you. Please ask questions if anything is unclear. :)

Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review.

=====

Also, please download AdwCleaner by Xplode onto your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

=====

In your reply please provide the contents of the following logs:

  • ComboFix.txt.
  • AdwCleaner[R1].txt.

How is the computer running?

Link to post
Share on other sites

Guest rokhuff

The computer seems to be running fine, other than a bit of slowness I wouldn't notice any differences. However I have run into a problem with Symantec Endpoint. It will not let me disable it. I initially right clicked on it in the taskbar and chose disable. I then ran ComboFix and a warning popped up saying that Symantec was not disabled, even though when I went back to look at it, it stated that it still was disabled. So I did I hard restart to kill ComboFix. And now when I look at Symantec the disable option is completely grayed out. Can we somehow work around Symantec?

Link to post
Share on other sites

Guest rokhuff

Okay I'm scared to run ComboFix because I can't disable Symantec, due to what I'm guessing is admin issues.

When I run AdwCleaner this pops up :

H:\AdwCleaner[R1.txt]

The system cannot find the drive specified.

Apparently it wants to run off of one of my network drives but cannot find it.

Link to post
Share on other sites

Guest rokhuff

After playing around a bit I got AdwCleaner to produce this. I noticed that right around the time the two trojan warnings popped up 3 programs were installed VisualBee, Conduit, and something called EasyLife. I'm going to guess that they caused the trojan warnings but I'm not completely sure. Please verify if you know anything.

# AdwCleaner v2.106 - Logfile created 01/18/2013 at 16:42:00

# Updated 17/01/2013 by Xplode

# Operating system : Windows 7 Enterprise Service Pack 1 (32 bits)

# User : 1777777 - T-M1011

# Boot Mode : Normal

# Running from : C:\Users\1777777\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

Folder Found : C:\ProgramData\InstallMate

Folder Found : C:\Users\1777777\AppData\Local\Linkury

Folder Found : C:\Users\1777777\AppData\LocalLow\Conduit

Folder Found : C:\Users\1777777\AppData\Roaming\Mozilla\Firefox\Profiles\qnrgc02l.default\Smartbar

Folder Found : C:\Users\1777777\AppData\Roaming\OpenCandy

***** [Registry] *****

Data Found : HKLM\..\Windows [AppInit_DLLs] = c:\progra~1\browse~1\sprote~1.dll

Data Found : HKLM\..\Windows [AppInit_DLLs] = c:\progra~1\easylife\sprote~1.dll

Key Found : HKCU\Software\AppDataLow\Software\SmartBar

Key Found : HKCU\Software\AppDataLow\SProtector

Key Found : HKCU\Software\Conduit

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3268494

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}

Key Found : HKLM\Software\Conduit

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

Key Found : HKLM\Software\SP Global

Key Found : HKLM\Software\SProtector

Key Found : HKU\S-1-5-21-1236110383-577450606-326763393-19773\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com

[HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com

[HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com

[HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com

-\\ Mozilla Firefox v7.0.1 (en-US)

File : C:\Users\bobrien_adm\AppData\Roaming\Mozilla\Firefox\Profiles\7cxmi4y2.default\prefs.js

[OK] File is clean.

File : C:\Users\1777777\AppData\Roaming\Mozilla\Firefox\Profiles\qnrgc02l.default\prefs.js

Found : user_pref("CT3268494.1000082.isPlayDisplay", "true");

Found : user_pref("CT3268494.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]

Found : user_pref("CT3268494.CBOpenMAMSettings.enc", "MA==");

Found : user_pref("CT3268494.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");

Found : user_pref("CT3268494.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]

Found : user_pref("CT3268494.FirstTime", "true");

Found : user_pref("CT3268494.FirstTimeFF3", "true");

Found : user_pref("CT3268494.LoginRevertSettingsEnabled", true);

Found : user_pref("CT3268494.PG_ENABLE", "dHJ1ZQ==");

Found : user_pref("CT3268494.RevertSettingsEnabled", true);

Found : user_pref("CT3268494.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT326[...]

Found : user_pref("CT3268494.UserID", "UN30134620482011615");

Found : user_pref("CT3268494.addressBarTakeOverEnabledInHidden", "true");

Found : user_pref("CT3268494.autoDisableScopes", -1);

Found : user_pref("CT3268494.browser.search.defaultthis.engineName", "true");

Found : user_pref("CT3268494.cbcountry_001.enc", "VVM=");

Found : user_pref("CT3268494.cbfirsttime.enc", "V2VkIEphbiAxNiAyMDEzIDA4OjQxOjIwIEdNVC0wNzAwIChNb3VudGFpbiBT[...]

Found : user_pref("CT3268494.defaultSearch", "true");

Found : user_pref("CT3268494.embeddedsData", "[{\"appId\":\"129989109966145536\",\"apiPermissions\":{\"cross[...]

Found : user_pref("CT3268494.enableAlerts", "always");

Found : user_pref("CT3268494.enableFix404ByUser", "TRUE");

Found : user_pref("CT3268494.enableSearchFromAddressBar", "true");

Found : user_pref("CT3268494.firstTimeDialogOpened", "true");

Found : user_pref("CT3268494.fixPageNotFoundError", "true");

Found : user_pref("CT3268494.fixPageNotFoundErrorByUser", "true");

Found : user_pref("CT3268494.fixPageNotFoundErrorInHidden", "true");

Found : user_pref("CT3268494.fixUrls", true);

Found : user_pref("CT3268494.homepageuserchanged", true);

Found : user_pref("CT3268494.installDate", "15/1/2013 23:51:26");

Found : user_pref("CT3268494.installId", "116302");

Found : user_pref("CT3268494.installType", "conduitnsisintegration");

Found : user_pref("CT3268494.isCheckedStartAsHidden", true);

Found : user_pref("CT3268494.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");

Found : user_pref("CT3268494.isFirstTimeToolbarLoading", "false");

Found : user_pref("CT3268494.isPerformedSmartBarTransition", "true");

Found : user_pref("CT3268494.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");

Found : user_pref("CT3268494.keyword", "true");

Found : user_pref("CT3268494.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...]

Found : user_pref("CT3268494.lastVersion", "10.14.40.128");

Found : user_pref("CT3268494.mam_gk_installer_preapproved.enc", "ZmFsc2U=");

Found : user_pref("CT3268494.migrateAppsAndComponents", true);

Found : user_pref("CT3268494.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about[...]

Found : user_pref("CT3268494.openThankYouPage", "false");

Found : user_pref("CT3268494.openUninstallPage", "true");

Found : user_pref("CT3268494.price-gong.isManagedApp", "true");

Found : user_pref("CT3268494.revertSettingsEnabled", "true");

Found : user_pref("CT3268494.search.searchAppId", "129989109966145536");

Found : user_pref("CT3268494.search.searchCount", "0");

Found : user_pref("CT3268494.searchInNewTabEnabledByUser", "true");

Found : user_pref("CT3268494.searchInNewTabEnabledInHidden", "true");

Found : user_pref("CT3268494.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");

Found : user_pref("CT3268494.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]

Found : user_pref("CT3268494.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]

Found : user_pref("CT3268494.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]

Found : user_pref("CT3268494.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]

Found : user_pref("CT3268494.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]

Found : user_pref("CT3268494.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]

Found : user_pref("CT3268494.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1358319567516");

Found : user_pref("CT3268494.serviceLayer_services_appsMetadata_lastUpdate", "1358319567507");

Found : user_pref("CT3268494.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1358319567435");

Found : user_pref("CT3268494.serviceLayer_services_login_10.14.40.128_lastUpdate", "1358319567652");

Found : user_pref("CT3268494.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1358319567460");

Found : user_pref("CT3268494.serviceLayer_services_searchAPI_lastUpdate", "1358319566126");

Found : user_pref("CT3268494.serviceLayer_services_serviceMap_lastUpdate", "1358319565476");

Found : user_pref("CT3268494.serviceLayer_services_toolbarContextMenu_lastUpdate", "1358319567327");

Found : user_pref("CT3268494.serviceLayer_services_toolbarSettings_lastUpdate", "1358319565670");

Found : user_pref("CT3268494.serviceLayer_services_translation_lastUpdate", "1358319567361");

Found : user_pref("CT3268494.settingsINI", true);

Found : user_pref("CT3268494.shouldFirstTimeDialog", "false");

Found : user_pref("CT3268494.smartbar.CTID", "CT3268494");

Found : user_pref("CT3268494.smartbar.Uninstall", "1");

Found : user_pref("CT3268494.smartbar.homepage", true);

Found : user_pref("CT3268494.smartbar.toolbarName", "VisualBee V.1 ");

Found : user_pref("CT3268494.startPage", "true");

Found : user_pref("CT3268494.toolbarBornServerTime", "16-1-2013");

Found : user_pref("CT3268494.toolbarCurrentServerTime", "16-1-2013");

Found : user_pref("CT3268494.toolbarDisabled", "true");

Found : user_pref("CT3268494.twitter_v1.8.0_twitter_app_open_t_f.enc", "ZmFsc2U=");

Found : user_pref("CT3268494_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]

Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3268494&octid=CT326849[...]

Found : user_pref("Smartbar.ConduitSearchEngineList", "VisualBee V.1 Customized Web Search");

Found : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3268494[...]

Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&q[...]

Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3268494");

Found : user_pref("aol_toolbar.default.homepage.check", false);

Found : user_pref("aol_toolbar.default.search.check", false);

Found : user_pref("browser.search.defaultthis.engineName", "VisualBee V.1 Customized Web Search");

Found : user_pref("ct3268494.UserID", "UN30134620482011615");

Found : user_pref("extensions.BabylonToolbar.prtkDS", 0);

Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);

Found : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3268494&octid=CT3268494[...]

Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]

Found : user_pref("smartbar.machineId", "SHSTNJCQ1IOEYI9QYX7PIMFQQPY8DVKAIFLQ2PA1NQ1I+WXU5FAYCLHFWZZCPH2CKEO[...]

Found : user_pref("smartbar.originalHomepage", "google.com");

Found : user_pref("smartbar.originalSearchAddressUrl", "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&q=");

Found : user_pref("smartbar.originalSearchEngine", "Google");

Found : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");

Found : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");

Found : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");

Found : user_pref("sweetim.toolbar.previous.keyword.URL", "");

Found : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");

Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");

Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");

Found : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v24.0.1312.52

File : C:\Users\1777777\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R7].txt - [11927 octets] - [18/01/2013 16:42:00]

########## EOF - C:\AdwCleaner[R7].txt - [11988 octets] ##########

Link to post
Share on other sites

Guest rokhuff

The Dark Knight,

I was redirected to ask this question specifically to my helper, which in this case is you.

"I was wondering though how much information could "malicious" people obtain by posting information such as what you get from the dds.txt logs (and AdwCleaner logs) and all of the other data logs that are posted on this forum. Could any of this information be used against you somehow?"

Link to post
Share on other sites

rokhuff,

My apologies for the delay as I was without internet these past two days.

The logs tend to only show computer-relevant information. This includes things like your Name for your Computer/User and your IP Address, amongst others. Honestly, it is pretty harmless. If you are concerned then when we finish you could always replace your name or IP address with a random character. Otherwise don't be concerned. :)

It sounds like Symantec doesn't like ComboFix or those things it found. Let AdwCleaner below do its work first.

=====

Please do the following to re-run AdwCleaner:

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
    Note: If you get a message that you must reboot the computer before starting deletion, please do. At reboot, only AdwCleaner will run and you can only click on the Delete button.
    When the deletion is done, AdwCleaner will reboot the computer again and open the logfile.

=====

Now, please run ComboFix, and ignore Symantec if it complains. Post the logs from AdwCleaner and ComboFix in your reply please. :)

Link to post
Share on other sites

Guest rokhuff

Hey Dark Knight,

Thanks for the reply about the logs, I'm relieved that there isn't much personal info going out. :)

I know I might sound like a broken record, but can you assure me that ComboFix won't brick my PC if Symantec isn't totally disabled? It sounds like it's going to run rampant if you don't know what you're doing, and when it comes to ComboFix I have no idea what I'm doing. :unsure:

Here's the AdwCleaner log and I'll run and post ComboFix as long as it won't kill my computer.

# AdwCleaner v2.106 - Logfile created 01/22/2013 at 17:59:12

# Updated 17/01/2013 by Xplode

# Operating system : Windows 7 Enterprise Service Pack 1 (32 bits)

# User : 1777777 - T-M1011

# Boot Mode : Normal

# Running from : C:\Users\1777777\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\InstallMate

Folder Deleted : C:\Users\1777777\AppData\Local\Linkury

Folder Deleted : C:\Users\1777777\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\1777777\AppData\Roaming\Mozilla\Firefox\Profiles\qnrgc02l.default\Smartbar

Folder Deleted : C:\Users\1777777\AppData\Roaming\OpenCandy

***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~1\browse~1\sprote~1.dll

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~1\easylife\sprote~1.dll

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\AppDataLow\SProtector

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3268494

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

Key Deleted : HKLM\Software\SP Global

Key Deleted : HKLM\Software\SProtector

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com --> hxxp://www.google.com

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com --> hxxp://www.google.com

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com --> hxxp://www.google.com

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com --> hxxp://www.google.com

-\\ Mozilla Firefox v7.0.1 (en-US)

File : C:\Users\bobrien_adm\AppData\Roaming\Mozilla\Firefox\Profiles\7cxmi4y2.default\prefs.js

[OK] File is clean.

File : C:\Users\1777777\AppData\Roaming\Mozilla\Firefox\Profiles\qnrgc02l.default\prefs.js

Deleted : user_pref("CT3268494.1000082.isPlayDisplay", "true");

Deleted : user_pref("CT3268494.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]

Deleted : user_pref("CT3268494.CBOpenMAMSettings.enc", "MA==");

Deleted : user_pref("CT3268494.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");

Deleted : user_pref("CT3268494.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]

Deleted : user_pref("CT3268494.FirstTime", "true");

Deleted : user_pref("CT3268494.FirstTimeFF3", "true");

Deleted : user_pref("CT3268494.LoginRevertSettingsEnabled", true);

Deleted : user_pref("CT3268494.PG_ENABLE", "dHJ1ZQ==");

Deleted : user_pref("CT3268494.RevertSettingsEnabled", true);

Deleted : user_pref("CT3268494.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT326[...]

Deleted : user_pref("CT3268494.UserID", "UN30134620482011615");

Deleted : user_pref("CT3268494.addressBarTakeOverEnabledInHidden", "true");

Deleted : user_pref("CT3268494.autoDisableScopes", -1);

Deleted : user_pref("CT3268494.browser.search.defaultthis.engineName", "true");

Deleted : user_pref("CT3268494.cbcountry_001.enc", "VVM=");

Deleted : user_pref("CT3268494.cbfirsttime.enc", "V2VkIEphbiAxNiAyMDEzIDA4OjQxOjIwIEdNVC0wNzAwIChNb3VudGFpbiBT[...]

Deleted : user_pref("CT3268494.defaultSearch", "true");

Deleted : user_pref("CT3268494.embeddedsData", "[{\"appId\":\"129989109966145536\",\"apiPermissions\":{\"cross[...]

Deleted : user_pref("CT3268494.enableAlerts", "always");

Deleted : user_pref("CT3268494.enableFix404ByUser", "TRUE");

Deleted : user_pref("CT3268494.enableSearchFromAddressBar", "true");

Deleted : user_pref("CT3268494.firstTimeDialogOpened", "true");

Deleted : user_pref("CT3268494.fixPageNotFoundError", "true");

Deleted : user_pref("CT3268494.fixPageNotFoundErrorByUser", "true");

Deleted : user_pref("CT3268494.fixPageNotFoundErrorInHidden", "true");

Deleted : user_pref("CT3268494.fixUrls", true);

Deleted : user_pref("CT3268494.homepageuserchanged", true);

Deleted : user_pref("CT3268494.installDate", "15/1/2013 23:51:26");

Deleted : user_pref("CT3268494.installId", "116302");

Deleted : user_pref("CT3268494.installType", "conduitnsisintegration");

Deleted : user_pref("CT3268494.isCheckedStartAsHidden", true);

Deleted : user_pref("CT3268494.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");

Deleted : user_pref("CT3268494.isFirstTimeToolbarLoading", "false");

Deleted : user_pref("CT3268494.isPerformedSmartBarTransition", "true");

Deleted : user_pref("CT3268494.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");

Deleted : user_pref("CT3268494.keyword", "true");

Deleted : user_pref("CT3268494.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...]

Deleted : user_pref("CT3268494.lastVersion", "10.14.40.128");

Deleted : user_pref("CT3268494.mam_gk_installer_preapproved.enc", "ZmFsc2U=");

Deleted : user_pref("CT3268494.migrateAppsAndComponents", true);

Deleted : user_pref("CT3268494.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about[...]

Deleted : user_pref("CT3268494.openThankYouPage", "false");

Deleted : user_pref("CT3268494.openUninstallPage", "true");

Deleted : user_pref("CT3268494.price-gong.isManagedApp", "true");

Deleted : user_pref("CT3268494.revertSettingsEnabled", "true");

Deleted : user_pref("CT3268494.search.searchAppId", "129989109966145536");

Deleted : user_pref("CT3268494.search.searchCount", "0");

Deleted : user_pref("CT3268494.searchInNewTabEnabledByUser", "true");

Deleted : user_pref("CT3268494.searchInNewTabEnabledInHidden", "true");

Deleted : user_pref("CT3268494.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");

Deleted : user_pref("CT3268494.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]

Deleted : user_pref("CT3268494.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]

Deleted : user_pref("CT3268494.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]

Deleted : user_pref("CT3268494.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]

Deleted : user_pref("CT3268494.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]

Deleted : user_pref("CT3268494.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]

Deleted : user_pref("CT3268494.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1358319567516");

Deleted : user_pref("CT3268494.serviceLayer_services_appsMetadata_lastUpdate", "1358319567507");

Deleted : user_pref("CT3268494.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1358319567435");

Deleted : user_pref("CT3268494.serviceLayer_services_login_10.14.40.128_lastUpdate", "1358319567652");

Deleted : user_pref("CT3268494.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1358319567460");

Deleted : user_pref("CT3268494.serviceLayer_services_searchAPI_lastUpdate", "1358319566126");

Deleted : user_pref("CT3268494.serviceLayer_services_serviceMap_lastUpdate", "1358319565476");

Deleted : user_pref("CT3268494.serviceLayer_services_toolbarContextMenu_lastUpdate", "1358319567327");

Deleted : user_pref("CT3268494.serviceLayer_services_toolbarSettings_lastUpdate", "1358319565670");

Deleted : user_pref("CT3268494.serviceLayer_services_translation_lastUpdate", "1358319567361");

Deleted : user_pref("CT3268494.settingsINI", true);

Deleted : user_pref("CT3268494.shouldFirstTimeDialog", "false");

Deleted : user_pref("CT3268494.smartbar.CTID", "CT3268494");

Deleted : user_pref("CT3268494.smartbar.Uninstall", "1");

Deleted : user_pref("CT3268494.smartbar.homepage", true);

Deleted : user_pref("CT3268494.smartbar.toolbarName", "VisualBee V.1 ");

Deleted : user_pref("CT3268494.startPage", "true");

Deleted : user_pref("CT3268494.toolbarBornServerTime", "16-1-2013");

Deleted : user_pref("CT3268494.toolbarCurrentServerTime", "16-1-2013");

Deleted : user_pref("CT3268494.toolbarDisabled", "true");

Deleted : user_pref("CT3268494.twitter_v1.8.0_twitter_app_open_t_f.enc", "ZmFsc2U=");

Deleted : user_pref("CT3268494_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]

Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3268494&octid=CT326849[...]

Deleted : user_pref("Smartbar.ConduitSearchEngineList", "VisualBee V.1 Customized Web Search");

Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3268494[...]

Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&q[...]

Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3268494");

Deleted : user_pref("aol_toolbar.default.homepage.check", false);

Deleted : user_pref("aol_toolbar.default.search.check", false);

Deleted : user_pref("browser.search.defaultthis.engineName", "VisualBee V.1 Customized Web Search");

Deleted : user_pref("ct3268494.UserID", "UN30134620482011615");

Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);

Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);

Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3268494&octid=CT3268494[...]

Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]

Deleted : user_pref("smartbar.machineId", "SHSTNJCQ1IOEYI9QYX7PIMFQQPY8DVKAIFLQ2PA1NQ1I+WXU5FAYCLHFWZZCPH2CKEO[...]

Deleted : user_pref("smartbar.originalHomepage", "google.com");

Deleted : user_pref("smartbar.originalSearchAddressUrl", "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&q=");

Deleted : user_pref("smartbar.originalSearchEngine", "Google");

Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");

Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");

Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");

Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");

Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");

Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");

Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");

Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v24.0.1312.52

File : C:\Users\1777777\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R7].txt - [12058 octets] - [18/01/2013 16:42:00]

AdwCleaner[s2].txt - [12238 octets] - [22/01/2013 17:59:12]

########## EOF - C:\AdwCleaner[s2].txt - [12299 octets] ##########

Link to post
Share on other sites

Hey rokhuff,

Let's skip ComboFix for the moment then.

Please download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

Link to post
Share on other sites

Guest rokhuff

OTL logfile created on: 1/23/2013 11:42:41 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\1777777\Desktop

Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.17 Gb Total Physical Memory | 1.82 Gb Available Physical Memory | 57.54% Memory free

6.33 Gb Paging File | 3.98 Gb Available in Paging File | 62.82% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 148.95 Gb Total Space | 61.45 Gb Free Space | 41.25% Space Free | Partition Type: NTFS

Computer Name: T-M1011 | User Name: 1777777 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/23 07:54:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\1777777\Desktop\OTL.exe

PRC - [2013/01/18 08:54:53 | 000,541,608 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe

PRC - [2013/01/12 12:31:18 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.124\GoogleCrashHandler.exe

PRC - [2013/01/06 13:35:31 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe

PRC - [2013/01/04 14:21:22 | 000,404,712 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe

PRC - [2012/12/28 16:02:24 | 028,539,392 | ---- | M] (Dropbox, Inc.) -- C:\Users\1777777\AppData\Roaming\Dropbox\bin\Dropbox.exe

PRC - [2012/12/18 07:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2012/12/03 22:12:41 | 001,354,736 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe

PRC - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

PRC - [2012/11/29 19:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2012/11/22 19:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe

PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe

PRC - [2012/09/12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe

PRC - [2012/06/09 05:06:58 | 001,855,080 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe

PRC - [2012/01/12 08:19:11 | 000,137,224 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe

PRC - [2012/01/12 08:19:10 | 001,667,328 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\Smc.exe

PRC - [2011/09/15 12:06:04 | 000,088,576 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe

PRC - [2011/07/15 03:44:44 | 000,265,032 | ---- | M] (AuthenTec, Inc) -- C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe

PRC - [2011/07/15 03:44:20 | 000,533,832 | ---- | M] (AuthenTec Inc.) -- C:\Program Files\AuthenTec TrueSuite\TouchControl.exe

PRC - [2011/07/15 03:43:54 | 000,142,664 | ---- | M] (AuthenTec Inc.) -- C:\Program Files\AuthenTec TrueSuite\BioMonitor.exe

PRC - [2011/06/03 09:14:20 | 004,733,304 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\ISD\ISD_Tablet.exe

PRC - [2011/06/03 09:14:20 | 001,111,416 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\ISD\ISD_TabletUser.exe

PRC - [2011/06/03 09:14:10 | 000,243,064 | ---- | M] (Wacom Technology, Inc) -- C:\Program Files\Tablet\CalibrationAssistant.exe

PRC - [2011/04/28 11:03:04 | 000,027,976 | ---- | M] (Authentec) -- C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvsvr.exe

PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2011/02/03 06:53:20 | 000,026,456 | ---- | M] (Fujitsu America, Inc.) -- C:\Program Files\Fujitsu\Utils\FjLidMon.exe

PRC - [2011/02/01 20:57:48 | 000,085,104 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\PointingDeviceUtility\FJPDAutoSet.exe

PRC - [2011/01/14 12:02:28 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2011/01/14 12:02:24 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2011/01/14 12:02:08 | 001,923,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe

PRC - [2010/12/21 00:07:48 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

PRC - [2010/12/04 16:40:08 | 000,063,320 | ---- | M] (Fujitsu America, Inc.) -- C:\Program Files\Fujitsu\Utils\fjmnuico.exe

PRC - [2010/11/29 06:36:56 | 000,026,456 | ---- | M] (Fujitsu America, Inc.) -- C:\Program Files\Fujitsu\Utils\FjEvents.exe

PRC - [2010/11/20 14:29:07 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe

PRC - [2010/11/17 11:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

PRC - [2010/11/13 13:03:46 | 000,148,840 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\PSUtility\TrayManager.exe

PRC - [2010/10/29 15:01:42 | 000,107,880 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\BatteryAid2\BatteryDaemon.exe

PRC - [2010/10/15 17:14:08 | 000,836,896 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

PRC - [2010/10/15 17:14:08 | 000,656,672 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

PRC - [2010/10/07 14:58:22 | 000,249,856 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe

PRC - [2010/10/07 14:57:04 | 001,191,936 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.exe

PRC - [2010/10/07 14:57:04 | 001,055,232 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.exe

PRC - [2010/09/29 17:05:32 | 000,048,752 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe

PRC - [2010/08/15 16:40:16 | 000,191,336 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe

PRC - [2010/06/20 09:53:32 | 000,224,352 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\YouCam\YouCam.exe

PRC - [2010/06/20 09:53:32 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\YouCam\YCMMirage.exe

PRC - [2010/06/17 14:44:08 | 000,062,824 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\PSUtility\PSUService.exe

PRC - [2010/06/08 13:12:56 | 000,037,488 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe

PRC - [2010/02/10 02:50:50 | 000,072,296 | ---- | M] (O2Micro International) -- C:\Windows\System32\drivers\o2flash.exe

PRC - [2009/10/14 13:32:46 | 009,085,760 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe

PRC - [2009/10/14 13:32:46 | 002,049,344 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

PRC - [2009/10/14 13:31:02 | 000,098,304 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

PRC - [2009/08/28 23:00:12 | 000,966,656 | ---- | M] () -- C:\Users\1777777\Local Settings\Apps\F.lux\flux.exe

PRC - [2009/08/13 05:06:00 | 000,662,016 | ---- | M] (Sonix) -- C:\Windows\vsnp2uvc.exe

PRC - [2009/07/23 04:35:04 | 000,128,360 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe

PRC - [2009/07/06 13:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe

PRC - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

PRC - [2007/09/02 12:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe

========== Modules (No Company Name) ==========

MOD - [2013/01/18 08:55:28 | 000,647,168 | ---- | M] () -- C:\Program Files\Steam\sdl.dll

MOD - [2013/01/18 08:54:52 | 020,320,240 | ---- | M] () -- C:\Program Files\Steam\bin\libcef.dll

MOD - [2013/01/18 08:54:50 | 001,100,800 | ---- | M] () -- C:\Program Files\Steam\bin\avcodec-53.dll

MOD - [2013/01/18 08:54:50 | 000,969,640 | ---- | M] () -- C:\Program Files\Steam\bin\chromehtml.dll

MOD - [2013/01/18 08:54:50 | 000,192,000 | ---- | M] () -- C:\Program Files\Steam\bin\avformat-53.dll

MOD - [2013/01/18 08:54:50 | 000,124,416 | ---- | M] () -- C:\Program Files\Steam\bin\avutil-51.dll

MOD - [2013/01/09 08:34:41 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\b95e7795ea5951d09521cddfc03b5c4e\Microsoft.VisualBasic.ni.dll

MOD - [2013/01/09 07:58:49 | 000,375,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PFNGadgetClass\eb3e6b4cb6ad2086d62e93d29ee5ea94\PFNGadgetClass.ni.dll

MOD - [2013/01/09 07:58:48 | 001,302,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PFNTray\cae8fcfb580230fa4e5211a10683436a\PFNTray.ni.exe

MOD - [2013/01/09 07:58:48 | 001,156,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PFNetDm\60bb8f5260274da6c57941d4092166c2\PFNetDm.ni.exe

MOD - [2013/01/09 07:58:46 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll

MOD - [2013/01/09 07:58:45 | 000,320,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PFNSwData\60398c6224f6671931a421f0a61137da\PFNSwData.ni.dll

MOD - [2013/01/09 07:58:45 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PFNLocSet\b28e1aa7b05b1414331ea46c4413b849\PFNLocSet.ni.dll

MOD - [2013/01/09 07:56:18 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\68f617caf670fefc0be769a294dc4ffd\System.ServiceProcess.ni.dll

MOD - [2013/01/09 07:56:11 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0ac577a8ad6528ff03b50db5eeeac8be\System.Web.ni.dll

MOD - [2013/01/09 07:56:06 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll

MOD - [2013/01/09 07:56:04 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll

MOD - [2013/01/09 07:55:46 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll

MOD - [2013/01/09 07:55:41 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll

MOD - [2013/01/09 07:55:39 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll

MOD - [2013/01/09 07:55:27 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll

MOD - [2013/01/09 07:55:24 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll

MOD - [2013/01/09 07:55:23 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll

MOD - [2013/01/09 07:55:18 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll

MOD - [2012/12/09 18:46:38 | 000,600,868 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/07/15 03:44:52 | 000,094,024 | ---- | M] () -- C:\Program Files\AuthenTec TrueSuite\ssutil.dll

MOD - [2011/07/15 03:43:58 | 000,305,480 | ---- | M] () -- C:\Program Files\AuthenTec TrueSuite\DataManager.dll

MOD - [2011/06/03 09:14:12 | 000,962,936 | ---- | M] () -- C:\Program Files\Tablet\ISD\libxml2.dll

MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

MOD - [2011/02/03 21:58:10 | 000,066,856 | ---- | M] () -- C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll

MOD - [2011/01/20 12:11:08 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll

MOD - [2010/11/20 14:29:11 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

MOD - [2010/10/15 17:14:18 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll

MOD - [2009/08/28 23:00:12 | 000,966,656 | ---- | M] () -- C:\Users\1777777\Local Settings\Apps\F.lux\flux.exe

MOD - [2009/08/19 15:49:08 | 000,049,152 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Memeo.API.dll

MOD - [2009/07/29 15:24:14 | 000,504,293 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\sqlite3.dll

MOD - [2007/09/02 12:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe

MOD - [2007/09/02 12:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll

========== Services (SafeList) ==========

SRV - [2013/01/18 08:54:53 | 000,541,608 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012/12/18 07:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)

SRV - [2012/11/09 12:21:16 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/09/20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)

SRV - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV - [2012/09/04 11:05:42 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)

SRV - [2012/09/04 11:05:40 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2012/06/08 23:48:28 | 000,089,192 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)

SRV - [2012/04/09 10:18:26 | 000,095,368 | ---- | M] (Mentor Graphics Corporation) [On_Demand | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe -- (Remote Solver for Flow Simulation 2012)

SRV - [2012/01/12 08:19:13 | 000,280,496 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\snac.exe -- (SNAC)

SRV - [2012/01/12 08:19:11 | 000,137,224 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe -- (SepMasterService)

SRV - [2012/01/12 08:19:10 | 001,667,328 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\Smc.exe -- (SmcService)

SRV - [2011/09/15 12:06:04 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)

SRV - [2011/08/01 09:01:35 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2011/07/15 03:44:44 | 000,265,032 | ---- | M] (AuthenTec, Inc) [Auto | Running] -- C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe -- (FPLService)

SRV - [2011/06/03 09:14:20 | 004,733,304 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\ISD\ISD_Tablet.exe -- (TabletServiceISD)

SRV - [2011/04/15 14:37:52 | 000,039,424 | ---- | M] (Dynamic Knowledge Transfer, LLC.) [Auto | Running] -- C:\Program Files\DyKnow\Client\DyKnow.Host.dll -- (DyRemS)

SRV - [2011/01/14 12:02:28 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2011/01/14 12:02:24 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2010/10/15 17:14:08 | 000,656,672 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)

SRV - [2010/10/07 14:58:22 | 000,249,856 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe -- (PFNService)

SRV - [2010/06/17 14:44:08 | 000,062,824 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\PSUtility\PSUService.exe -- (PowerSavingUtilityService)

SRV - [2010/02/10 02:50:50 | 000,072,296 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\System32\drivers\o2flash.exe -- (O2FLASH)

SRV - [2009/11/23 03:08:10 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)

SRV - [2009/10/14 13:31:02 | 000,098,304 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)

SRV - [2009/07/13 18:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)

SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)

SRV - [2005/09/23 06:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)

DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D4035C54-69C2-4709-B408-DDBE749AAA99}\MpKslfbd08b8c.sys -- (MpKslfbd08b8c)

DRV - [2013/01/15 21:58:47 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\VirusDefs\20130123.005\NAVEX15.SYS -- (NAVEX15)

DRV - [2013/01/15 21:58:46 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\VirusDefs\20130123.005\NAVENG.SYS -- (NAVENG)

DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2012/11/14 10:55:29 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20130107.011\BHDrvx86.sys -- (BHDrvx86)

DRV - [2012/09/04 18:51:54 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\IPSDefs\20130122.001\IDSvix86.sys -- (IDSVix86)

DRV - [2012/08/30 22:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)

DRV - [2012/08/23 20:17:46 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)

DRV - [2012/08/23 20:17:46 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2012/08/23 07:46:55 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)

DRV - [2012/08/23 07:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV - [2012/08/23 07:41:34 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV - [2012/08/23 07:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2012/01/12 11:31:25 | 000,090,032 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SysPlant.sys -- (SysPlant)

DRV - [2012/01/12 09:24:22 | 000,127,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)

DRV - [2012/01/12 08:19:18 | 000,522,872 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x86\srtsp.sys -- (SRTSP)

DRV - [2012/01/12 08:19:18 | 000,299,640 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x86\symnets.sys -- (SYMNETS)

DRV - [2012/01/12 08:19:18 | 000,031,864 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x86\srtspx.sys -- (SRTSPX)

DRV - [2012/01/12 08:19:17 | 000,758,904 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x86\SymEFA.sys -- (SymEFA)

DRV - [2012/01/12 08:19:17 | 000,137,336 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x86\Ironx86.sys -- (SymIRON)

DRV - [2012/01/12 08:19:10 | 000,023,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\SyDvCtrl32.sys -- (SyDvCtrl)

DRV - [2011/09/22 16:10:34 | 000,238,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0105.sys -- (RsFx0105)

DRV - [2011/06/17 15:31:12 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x86\SymDS.sys -- (SymDS)

DRV - [2011/04/11 11:58:06 | 000,895,480 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)

DRV - [2011/02/10 14:48:00 | 002,166,784 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2011/01/16 23:46:04 | 000,062,312 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sdjw7.sys -- (O2SDJRDR)

DRV - [2011/01/03 23:41:58 | 000,062,440 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\O2MDRw7.sys -- (O2MDRRDR)

DRV - [2011/01/03 22:44:06 | 000,060,904 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\o2mdfw7.sys -- (O2MDFRDR)

DRV - [2010/12/21 03:29:30 | 000,238,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1c6232.sys -- (e1cexpress)

DRV - [2010/12/10 15:50:12 | 000,141,440 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV - [2010/12/10 15:50:12 | 000,062,336 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)

DRV - [2010/12/03 13:52:00 | 000,014,376 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacomhidfilter.sys -- (wacomhidfilter)

DRV - [2010/12/03 13:51:58 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)

DRV - [2010/12/03 13:51:54 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)

DRV - [2010/11/20 14:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)

DRV - [2010/11/20 14:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)

DRV - [2010/11/20 14:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)

DRV - [2010/11/20 14:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)

DRV - [2010/11/20 14:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)

DRV - [2010/11/20 14:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2010/11/20 14:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)

DRV - [2010/11/20 14:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)

DRV - [2010/11/20 14:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)

DRV - [2010/10/19 18:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI)

DRV - [2010/10/15 02:27:18 | 000,269,824 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)

DRV - [2010/10/09 04:34:44 | 001,760,768 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)

DRV - [2010/10/04 00:26:06 | 000,140,456 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcbtums.sys -- (bcbtums)

DRV - [2010/09/27 11:30:08 | 000,012,904 | ---- | M] (FUJITSU LIMITED) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\FJGSDisk.sys -- (FJGSDisk)

DRV - [2010/06/23 10:24:58 | 000,023,040 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)

DRV - [2010/06/20 09:53:54 | 000,029,168 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\clwvd.sys -- (clwvd)

DRV - [2009/12/30 11:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)

DRV - [2009/10/26 23:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)

DRV - [2009/09/09 16:19:16 | 000,069,664 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\oz776.sys -- (guardian2)

DRV - [2009/07/13 16:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)

DRV - [2009/07/13 16:45:20 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\acpials.sys -- (acpials)

DRV - [2009/06/24 05:33:18 | 000,017,008 | ---- | M] (FUJITSU LIMITED) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\FBIOSDRV.sys -- (FBIOSDRV)

DRV - [2009/02/13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)

DRV - [2007/06/29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)

DRV - [2006/11/01 04:59:24 | 000,005,632 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fuj02e3.sys -- (FUJ02E3)

DRV - [2006/11/01 04:20:28 | 000,005,888 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fuj02b1.sys -- (FUJ02B1)

DRV - [2003/06/20 13:30:48 | 000,011,392 | ---- | M] (Fujitsu PC Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FjBtndrv.sys -- (Fjbtndrv)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.easylifeapp.com/

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\%EasyLifeSearch_IESearchEngineGuid%: "URL" = http://search.easylifeapp.com/?q={searchTerms}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.easylifeapp.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

IE - HKCU\..\SearchScopes,DefaultScope =

IE - HKCU\..\SearchScopes\%EasyLifeSearch_IESearchEngineGuid%: "URL" = http://search.easylifeapp.com/?q={searchTerms}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "EasyLife"

FF - prefs.js..browser.search.defaultenginename,S: S", "EasyLife"

FF - prefs.js..browser.search.defaulturl: "http://search.easylifeapp.com/?q="

FF - prefs.js..browser.search.order.1: "EasyLife"

FF - prefs.js..browser.search.order.1,S: S", "EasyLife"

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"

FF - prefs.js..browser.search.selectedEngine: "EasyLife"

FF - prefs.js..browser.search.selectedEngine,S: S", "EasyLife"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://search.easylifeapp.com/"

FF - prefs.js..extensions.enabledAddons: websitelogon@truesuite.com:5.0

FF - prefs.js..extensions.enabledAddons: MafiaaFire@mafiaafire.com:0.9d

FF - prefs.js..extensions.enabledAddons: {34712C68-7391-4c47-94F3-8F88D49AD632}:1.3.0

FF - prefs.js..extensions.enabledAddons: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:11.1.1.5 - 2

FF - prefs.js..keyword.URL: "http://search.easylifeapp.com/?q="

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)

FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\1777777\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\1777777\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\IPSFFPlgn\ [2013/01/22 18:02:25 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/01/06 13:36:48 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/01/06 13:36:48 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/17 11:31:03 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/09 19:35:06 | 000,000,000 | ---D | M]

[2011/09/12 16:51:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\1777777\AppData\Roaming\mozilla\Extensions

[2013/01/17 11:30:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\1777777\AppData\Roaming\mozilla\Firefox\Profiles\qnrgc02l.default\extensions

[2013/01/17 11:30:06 | 000,000,000 | ---D | M] (Browse2save) -- C:\Users\1777777\AppData\Roaming\mozilla\Firefox\Profiles\qnrgc02l.default\extensions\50f74d5d8e5a0@50f74d5d8e5d9.com

[2012/09/10 21:01:15 | 000,123,007 | ---- | M] () (No name found) -- C:\Users\1777777\AppData\Roaming\mozilla\firefox\profiles\qnrgc02l.default\extensions\MafiaaFire@mafiaafire.com.xpi

[2013/01/16 17:39:07 | 000,000,493 | ---- | M] () -- C:\Users\1777777\AppData\Roaming\mozilla\firefox\profiles\qnrgc02l.default\searchplugins\EasyLife.xml

[2011/11/28 11:32:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/10/29 22:40:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

[2011/08/09 13:53:01 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files\Mozilla Firefox\extensions\websitelogon@truesuite.com

[2013/01/06 13:36:48 | 000,000,000 | ---D | M] (RealDownloader) -- C:\PROGRAMDATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT

[2013/01/22 18:02:25 | 000,000,000 | ---D | M] (Symantec Intrusion Prevention) -- C:\PROGRAMDATA\SYMANTEC\SYMANTEC ENDPOINT PROTECTION\12.1.1000.157.105\DATA\IPSFFPLGN

[2011/11/22 17:12:10 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/03/18 11:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll

[2012/06/06 17:50:26 | 000,258,560 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\mozilla firefox\plugins\npEModelPlugin.dll

[2011/03/18 11:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll

[2013/01/06 13:35:37 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll

[2011/11/22 17:12:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - homepage: http://search.easylifeapp.com/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}

CHR - homepage: http://search.easylifeapp.com/

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\1777777\AppData\Local\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\1777777\AppData\Local\Google\Chrome\Application\24.0.1312.52\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\1777777\AppData\Local\Google\Chrome\Application\24.0.1312.52\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\1777777\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll

CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll

CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL

CHR - plugin: Java Platform SE 7 U3 (Enabled) = C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll

CHR - plugin: Java Deployment Toolkit 7.0.30.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

CHR - plugin: Google Update (Enabled) = C:\Users\1777777\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

CHR - Extension: Adblock Plus = C:\Users\1777777\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\

CHR - Extension: Charlotte Ronson = C:\Users\1777777\AppData\Local\Google\Chrome\User Data\Default\Extensions\obakimnhgahiedhcjlcnohielmendpen\3_0\

O1 HOSTS File: ([2011/08/10 14:49:02 | 000,436,434 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 127.0.0.1 123fporn.info

O1 - Hosts: 15019 more lines...

O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\IPS\IPSBHO.dll (Symantec Corporation)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\AuthenTec TrueSuite\IEBHO.dll (AuthenTec Inc.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [bCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)

O4 - HKLM..\Run: [FDM7] C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe (FUJITSU LIMITED)

O4 - HKLM..\Run: [FJBATAID2] C:\Program Files\Fujitsu\BatteryAid2\BatteryDaemon.exe (FUJITSU LIMITED)

O4 - HKLM..\Run: [FjStrtAp] C:\Program Files\Fujitsu\Utils\FjStrtAp.exe (Fujitsu America, Inc.)

O4 - HKLM..\Run: [iMSS] C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)

O4 - HKLM..\Run: [indicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)

O4 - HKLM..\Run: [KeepSafe] C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvsvr.exe (Authentec)

O4 - HKLM..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)

O4 - HKLM..\Run: [PfNet] C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe (FUJITSU LIMITED)

O4 - HKLM..\Run: [PSUTility] C:\Program Files\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED)

O4 - HKLM..\Run: [RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix)

O4 - HKLM..\Run: [sSUtility] C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe (FUJITSU LIMITED)

O4 - HKLM..\Run: [startFujitsuPointingDeviceUtility] C:\Program Files\Fujitsu\PointingDeviceUtility\FJPDAutoSet.exe (FUJITSU LIMITED)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [updatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)

O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files\CyberLink\YouCam\YCMMirage.exe (CyberLink)

O4 - HKLM..\Run: [YouCam Tray] C:\Program Files\CyberLink\YouCam\YouCam.exe (CyberLink Corp.)

O4 - HKCU..\Run: [F.lux] C:\Users\1777777\Local Settings\Apps\F.lux\flux.exe ()

O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()

O4 - HKCU..\Run: [steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)

O4 - Startup: C:\Users\1777777\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\1777777\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O4 - Startup: C:\Users\1777777\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\New Windows present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideShutdownScripts = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonType = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\kerberos\parameters: supportedencryptiontypes = 2147483647

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Intellimenus = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConnectHomeDirToRoot = 1

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O15 - HKLM\..Trusted Domains: google.com ([]* in Local intranet)

O15 - HKLM\..Trusted Domains: mt.local ([]* in Local intranet)

O15 - HKCU\..Trusted Domains: google.com ([]* in Local intranet)

O15 - HKCU\..Trusted Domains: mt.local ([]* in Local intranet)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.9.2)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.9.2)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.220.0.10 24.220.0.11

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = MT.local

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A54A856F-8789-4F82-9BB2-317D0DC8CE53}: DhcpNameServer = 24.220.0.10 24.220.0.11

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FCB2E669-020A-4277-9887-771A2A3B27B8}: DhcpNameServer = 24.220.0.10 24.220.0.11

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - Winlogon\Notify\SEP: DllName - (C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\WinLogoutNotifier.dll) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{1997cf42-dda0-11e0-b555-c0f8dab4d448}\Shell - "" = AutoRun

O33 - MountPoints2\{1997cf42-dda0-11e0-b555-c0f8dab4d448}\Shell\AutoRun\command - "" = "D:\WD SmartWare.exe" autoplay=true

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/01/23 07:54:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\1777777\Desktop\OTL.exe

[2013/01/22 22:35:53 | 000,000,000 | ---D | C] -- C:\Users\1777777\Desktop\i

[2013/01/19 17:28:20 | 000,000,000 | ---D | C] -- C:\Users\1777777\Desktop\files

[2013/01/19 17:28:13 | 000,000,000 | ---D | C] -- C:\Users\1777777\Desktop\2_files

[2013/01/19 16:57:23 | 000,000,000 | ---D | C] -- C:\Users\1777777\Desktop\New folder

[2013/01/18 18:41:52 | 000,000,000 | ---D | C] -- C:\Users\1777777\Desktop\h1

[2013/01/18 17:13:21 | 000,000,000 | ---D | C] -- C:\Users\1777777\AppData\Roaming\WinPatrol

[2013/01/18 17:13:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol

[2013/01/18 17:12:59 | 000,000,000 | ---D | C] -- C:\Program Files\BillP Studios

[2013/01/18 16:58:09 | 000,892,104 | ---- | C] (BillP Studios) -- C:\Users\1777777\Desktop\wpsetup.exe

[2013/01/18 08:47:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2013/01/18 08:31:45 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2013/01/18 08:31:43 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW

[2013/01/17 10:26:09 | 000,000,000 | ---D | C] -- C:\Users\1777777\AppData\Local\VS Revo Group

[2013/01/17 10:26:02 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys

[2013/01/17 10:26:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro

[2013/01/17 10:25:23 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group

[2013/01/17 10:25:23 | 000,000,000 | ---D | C] -- C:\Users\1777777\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller

[2013/01/17 09:35:54 | 000,000,000 | ---D | C] -- C:\Users\1777777\AppData\Roaming\Malwarebytes

[2013/01/17 09:35:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013/01/17 09:35:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013/01/17 09:35:31 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2013/01/17 09:35:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2013/01/16 17:51:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client

[2013/01/16 17:39:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Cloud Software LTD

[2013/01/16 17:39:13 | 000,000,000 | ---D | C] -- C:\Users\1777777\AppData\Roaming\SendSpace

[2013/01/16 00:32:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Instagram Downloader

[2013/01/16 00:32:48 | 000,000,000 | ---D | C] -- C:\Program Files\Instagram Downloader

[2013/01/16 00:32:33 | 000,000,000 | ---D | C] -- C:\Users\1777777\AppData\Local\Programs

[2013/01/15 23:52:05 | 000,000,000 | ---D | C] -- C:\Users\1777777\AppData\Local\CRE

[2013/01/15 23:50:31 | 000,000,000 | ---D | C] -- C:\ProgramData\VisualBee

[2013/01/12 12:32:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

[2013/01/09 07:16:33 | 002,354,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2013/01/09 07:11:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll

[2013/01/09 07:11:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll

[2013/01/09 07:11:43 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll

[2013/01/09 07:11:43 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll

[2013/01/09 07:11:43 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll

[2013/01/09 07:11:43 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll

[2013/01/09 07:11:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll

[2013/01/09 07:11:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll

[2013/01/09 07:11:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll

[2013/01/09 07:11:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll

[2013/01/09 07:11:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll

[2013/01/09 07:11:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll

[2013/01/09 07:11:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll

[2013/01/09 07:11:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll

[2013/01/09 07:11:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll

[2013/01/09 07:11:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll

[2013/01/09 07:11:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll

[2013/01/09 07:11:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll

[2013/01/09 07:11:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll

[2013/01/09 07:11:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll

[2013/01/09 07:11:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll

[2013/01/09 07:11:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll

[2013/01/09 07:11:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll

[2013/01/09 07:11:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll

[2013/01/09 07:11:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll

[2013/01/09 07:11:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll

[2013/01/09 07:11:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll

[2013/01/09 07:11:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll

[2013/01/09 07:11:42 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

[2013/01/09 07:11:42 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll

[2013/01/09 07:11:05 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-fi.rs

[2013/01/09 07:11:04 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\System32\csrr.rs

[2013/01/09 07:10:54 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\System32\grb.rs

[2013/01/09 07:10:54 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\System32\djctq.rs

[2013/01/09 07:10:53 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\System32\fpb.rs

[2013/01/09 07:10:53 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc-nz.rs

[2013/01/09 07:10:53 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\System32\pegibbfc.rs

[2013/01/09 07:10:53 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\System32\cob-au.rs

[2013/01/09 07:10:53 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\System32\usk.rs

[2013/01/09 07:10:53 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc.rs

[2013/01/09 07:10:53 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-pt.rs

[2013/01/09 07:10:53 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi.rs

[2013/01/09 07:10:49 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\System32\cero.rs

[2013/01/09 07:10:49 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\System32\esrb.rs

[2013/01/09 07:10:47 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll

[2013/01/09 07:10:47 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wpc.dll

[2013/01/09 07:10:43 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll

[2013/01/09 07:09:48 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

[2013/01/08 21:38:59 | 000,000,000 | ---D | C] -- C:\Users\1777777\AppData\Roaming\RealNetworks

[2013/01/06 13:36:47 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks

[2013/01/06 13:36:46 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks

[2013/01/06 13:36:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared

[2013/01/06 13:35:46 | 000,201,424 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll

[2013/01/06 13:35:34 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll

[2013/01/06 13:35:34 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll

[2013/01/06 10:52:16 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll

[2013/01/06 10:52:16 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll

[2012/09/04 11:07:24 | 049,792,720 | ---- | C] (Flexera Software) -- C:\Users\1777777\Maple1601WindowsUpgrade.exe

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/23 11:36:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/01/23 11:35:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1236110383-577450606-326763393-19773UA.job

[2013/01/23 11:24:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/01/23 10:48:51 | 000,167,770 | ---- | M] () -- C:\Users\1777777\Desktop\Applicationsgrowth.jnt

[2013/01/23 10:48:07 | 000,121,370 | ---- | M] () -- C:\Users\1777777\Desktop\Topics12.jnt

[2013/01/23 10:35:44 | 000,012,432 | ---- | M] () -- C:\Users\1777777\Desktop\Topics.jnt

[2013/01/23 10:04:06 | 000,036,056 | ---- | M] () -- C:\Users\1777777\Desktop\jan18notes.jnt

[2013/01/23 10:03:37 | 000,093,514 | ---- | M] () -- C:\Users\1777777\Desktop\10.jnt

[2013/01/23 09:03:05 | 000,081,896 | ---- | M] () -- C:\Users\1777777\Desktop\jan(1).jnt

[2013/01/23 09:01:18 | 000,081,896 | ---- | M] () -- C:\Users\1777777\Desktop\jan.jnt

[2013/01/23 07:54:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\1777777\Desktop\OTL.exe

[2013/01/23 07:25:25 | 000,726,490 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2013/01/23 07:25:25 | 000,146,476 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2013/01/22 18:09:39 | 000,019,328 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/01/22 18:09:39 | 000,019,328 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/01/22 18:05:31 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/01/22 18:01:53 | 2548,961,280 | -HS- | M] () -- C:\hiberfil.sys

[2013/01/22 17:35:07 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1236110383-577450606-326763393-19773Core.job

[2013/01/19 17:28:20 | 000,206,401 | ---- | M] () -- C:\Users\1777777\Desktop\Page 1.htm

[2013/01/19 17:28:13 | 000,069,242 | ---- | M] () -- C:\Users\1777777\Desktop\Page 2.htm

[2013/01/19 17:00:30 | 003,585,209 | ---- | M] () -- C:\Users\1777777\Desktop\h1.psd

[2013/01/18 16:58:31 | 000,892,104 | ---- | M] (BillP Studios) -- C:\Users\1777777\Desktop\wpsetup.exe

[2013/01/18 15:52:30 | 000,574,677 | ---- | M] () -- C:\Users\1777777\Desktop\adwcleaner.exe

[2013/01/17 11:36:55 | 001,869,096 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2013/01/17 10:26:03 | 000,001,254 | ---- | M] () -- C:\Users\1777777\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk

[2013/01/17 10:26:03 | 000,001,230 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk

[2013/01/17 10:25:24 | 000,001,222 | ---- | M] () -- C:\Users\1777777\Desktop\Revo Uninstaller.lnk

[2013/01/17 09:35:42 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/01/16 17:51:40 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif

[2013/01/11 12:55:53 | 000,026,574 | RHS- | M] () -- C:\Users\1777777\ntuser.pol

[2013/01/06 13:52:48 | 000,001,013 | ---- | M] () -- C:\Users\1777777\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2013/01/06 13:52:41 | 000,000,985 | ---- | M] () -- C:\Users\1777777\Desktop\Dropbox.lnk

[2013/01/06 13:35:46 | 000,201,424 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll

[2013/01/06 13:35:34 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll

[2013/01/06 13:35:34 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll

[2013/01/06 13:35:33 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/23 10:37:28 | 000,121,370 | ---- | C] () -- C:\Users\1777777\Desktop\Topics12.jnt

[2013/01/23 10:35:44 | 000,012,432 | ---- | C] () -- C:\Users\1777777\Desktop\Topics.jnt

[2013/01/23 09:55:23 | 000,036,056 | ---- | C] () -- C:\Users\1777777\Desktop\jan18notes.jnt

[2013/01/23 09:54:10 | 000,167,770 | ---- | C] () -- C:\Users\1777777\Desktop\Applicationsgrowth.jnt

[2013/01/23 09:03:04 | 000,081,896 | ---- | C] () -- C:\Users\1777777\Desktop\jan(1).jnt

[2013/01/23 09:00:09 | 000,081,896 | ---- | C] () -- C:\Users\1777777\Desktop\jan.jnt

[2013/01/23 07:23:00 | 000,093,514 | ---- | C] () -- C:\Users\1777777\Desktop\10.jnt

[2013/01/19 17:28:19 | 000,206,401 | ---- | C] () -- C:\Users\1777777\Desktop\Page 1.htm

[2013/01/19 17:28:11 | 000,069,242 | ---- | C] () -- C:\Users\1777777\Desktop\Page 2.htm

[2013/01/19 17:00:28 | 003,585,209 | ---- | C] () -- C:\Users\1777777\Desktop\h1.psd

[2013/01/18 15:52:17 | 000,574,677 | ---- | C] () -- C:\Users\1777777\Desktop\adwcleaner.exe

[2013/01/17 11:35:39 | 001,869,096 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2013/01/17 10:26:03 | 000,001,254 | ---- | C] () -- C:\Users\1777777\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk

[2013/01/17 10:26:03 | 000,001,230 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk

[2013/01/17 10:25:24 | 000,001,222 | ---- | C] () -- C:\Users\1777777\Desktop\Revo Uninstaller.lnk

[2013/01/17 09:35:41 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/01/16 17:51:40 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif

[2013/01/16 17:51:27 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

[2013/01/12 12:31:27 | 000,000,888 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/01/12 12:31:25 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/10/15 09:58:47 | 000,005,378 | ---- | C] () -- C:\Windows\PSPICEEV.INI

[2012/10/15 09:58:46 | 000,176,128 | ---- | C] () -- C:\Windows\System32\lffax60n.dll

[2012/10/15 09:58:46 | 000,141,824 | ---- | C] () -- C:\Windows\System32\lfcmp60n.dll

[2012/10/15 09:58:46 | 000,110,080 | ---- | C] () -- C:\Windows\System32\lfpng60n.dll

[2012/10/15 09:58:46 | 000,046,080 | ---- | C] () -- C:\Windows\System32\lftif60n.dll

[2012/10/15 09:58:46 | 000,043,008 | ---- | C] () -- C:\Windows\System32\ltfil60n.dll

[2012/10/15 09:58:46 | 000,023,552 | ---- | C] () -- C:\Windows\System32\lfpcx60n.dll

[2012/10/15 09:58:46 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfpct60n.dll

[2012/10/15 09:58:46 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfeps60n.dll

[2012/10/15 09:58:46 | 000,022,016 | ---- | C] () -- C:\Windows\System32\lfbmp60n.dll

[2012/10/15 09:58:46 | 000,020,480 | ---- | C] () -- C:\Windows\System32\lfpsd60n.dll

[2012/10/15 09:58:46 | 000,019,968 | ---- | C] () -- C:\Windows\System32\lftga60n.dll

[2012/10/15 09:58:46 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwpg60n.dll

[2012/10/15 09:58:46 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwmf60n.dll

[2012/10/15 09:58:46 | 000,018,432 | ---- | C] () -- C:\Windows\System32\lfmsp60n.dll

[2012/10/15 09:58:46 | 000,017,920 | ---- | C] () -- C:\Windows\System32\lfmac60n.dll

[2012/10/15 09:58:46 | 000,017,920 | ---- | C] () -- C:\Windows\System32\implode.dll

[2012/09/24 16:41:47 | 000,000,046 | ---- | C] () -- C:\Users\1777777\jagex_cl_runescape_LIVE.dat

[2012/09/24 16:41:47 | 000,000,001 | ---- | C] () -- C:\Users\1777777\random.dat

[2012/09/04 11:33:48 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI

[2012/09/04 11:09:00 | 000,000,129 | ---- | C] () -- C:\Users\1777777\update.bat

[2011/11/20 17:58:59 | 000,004,474 | ---- | C] () -- C:\Users\1777777\AppData\Roaming\FjMenu1.XML

[2011/10/21 17:40:57 | 000,072,302 | ---- | C] () -- C:\Users\1777777\doxyfile

[2011/09/12 15:00:15 | 000,026,574 | RHS- | C] () -- C:\Users\1777777\ntuser.pol

[2011/07/28 14:58:33 | 000,212,992 | ---- | C] () -- C:\Windows\System32\WMIMPLEX.dll

[2011/07/28 14:58:33 | 000,032,256 | ---- | C] () -- C:\Windows\System32\maplec.dll

[2011/07/28 14:58:33 | 000,020,480 | ---- | C] () -- C:\Windows\System32\maplecompat.dll

[2011/07/28 10:27:57 | 001,760,768 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys

[2011/07/28 10:27:57 | 000,245,760 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll

[2011/07/28 10:27:57 | 000,028,544 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys

[2011/07/28 10:27:57 | 000,024,576 | ---- | C] () -- C:\Windows\snuvcdsm.exe

[2011/07/28 10:27:57 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini

[2011/07/28 10:27:04 | 000,000,206 | ---- | C] () -- C:\Windows\hbcikrnl.ini

[2011/07/28 09:01:33 | 000,008,192 | ---- | C] () -- C:\Windows\System32\drivers\IntelMEFWVer.dll

[2011/07/28 07:35:20 | 000,049,791 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2011/07/22 15:00:40 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat

[2011/07/22 14:41:47 | 000,145,804 | ---- | C] () -- C:\Windows\System32\igcompkrng600.bin

[2011/07/22 14:41:47 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll

[2011/07/22 14:41:47 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config

[2011/04/15 14:37:40 | 000,346,112 | ---- | C] () -- C:\Windows\System32\MSAFDLsp.dll

[2011/04/15 02:59:56 | 000,218,304 | ---- | C] () -- C:\Windows\System32\igfcg600m.bin

[2011/04/15 02:59:54 | 000,963,116 | ---- | C] () -- C:\Windows\System32\igkrng600.bin

[2011/04/15 02:59:48 | 000,056,832 | ---- | C] () -- C:\Windows\System32\igdde32.dll

[2011/04/15 02:33:40 | 013,359,616 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll

[2011/04/15 02:22:32 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

========== ZeroAccess Check ==========

[2009/07/13 21:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/08/21 06:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2012/08/21 06:34:24 | 000,351,744 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2013/01/18 16:42:06 | 000,012,058 | ---- | M] () -- C:\AdwCleaner[R7].txt

[2013/01/22 17:59:27 | 000,012,369 | ---- | M] () -- C:\AdwCleaner[s2].txt

[2009/06/10 14:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat

[2009/06/10 14:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys

[2013/01/22 18:01:53 | 2548,961,280 | -HS- | M] () -- C:\hiberfil.sys

[2012/10/13 18:14:48 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2012/10/13 18:14:48 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2013/01/22 18:02:00 | 3398,615,040 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

"NoAutoUpdate" = 0

"AUOptions" = 4

"ScheduledInstallDay" = 0

"ScheduledInstallTime" = 6

"RescheduleWaitTimeEnabled" = 1

"RescheduleWaitTime" = 3

"NoAutoRebootWithLoggedOnUsers" = 1

"DetectionFrequencyEnabled" = 1

"DetectionFrequency" = 22

"AutoInstallMinorUpdates" = 1

"RebootRelaunchTimeoutEnabled" = 1

"RebootRelaunchTimeout" = 30

"NoAUShutdownOption" = 0

"NoAUAsDefaultShutdownOption" = 1

"RebootWarningTimeoutEnabled" = 1

"RebootWarningTimeout" = 5

"IncludeRecommendedUpdates" = 1

"UseWUServer" = 1

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2013-01-23 18:45:29

< End of report >

Link to post
Share on other sites

Guest rokhuff

OTL Extras logfile created on: 1/23/2013 11:42:41 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\1777777\Desktop

Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.17 Gb Total Physical Memory | 1.82 Gb Available Physical Memory | 57.54% Memory free

6.33 Gb Paging File | 3.98 Gb Available in Paging File | 62.82% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 148.95 Gb Total Space | 61.45 Gb Free Space | 41.25% Space Free | Partition Type: NTFS

Computer Name: T-M1011 | User Name: 1777777 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

"DisableNotifications" = 0

"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications]

"AllowUserPrefMerge" = 1

"Enabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List]

"%SYSTEMROOT%\system32\NTVDM.EXE:151.159.0.0/16:enabled:NTVDM" = %SYSTEMROOT%\system32\NTVDM.EXE:151.159.0.0/16:enabled:NTVDM -- (Microsoft Corporation)

"\\ee\mtshare\netapps\fluent.inc\fluent6.2.16\ntx86\2d_node\fl_nmpi6216.exe:151.159.0.0/16:enabled:flnmpi62162d" = \\ee\mtshare\netapps\fluent.inc\fluent6.2.16\ntx86\2d_node\fl_nmpi6216.exe:151.159.0.0/16:enabled:flnmpi62162d

"\\ee\mtshare\NetApps\FLUENT.INC\fluent6.2.16\ntx86\2ddp_node\fl_nmpi6216.exe:151.159.0.0/16:enabled:flnmpi62162dd" = \\ee\mtshare\NetApps\FLUENT.INC\fluent6.2.16\ntx86\2ddp_node\fl_nmpi6216.exe:151.159.0.0/16:enabled:flnmpi62162dd

"\\ee\mtshare\netapps\fluent.inc\fluent6.2.16\ntx86\3d_node\fl_nmpi6216.exe:151.159.0.0/16:enabled:flnmpi6216" = \\ee\mtshare\netapps\fluent.inc\fluent6.2.16\ntx86\3d_node\fl_nmpi6216.exe:151.159.0.0/16:enabled:flnmpi6216

"\\ee\mtshare\netapps\fluent.inc\fluent6.2.16\ntx86\3ddp_node\fl_nmpi6216.exe:151.159.0.0/16:enabled:flnmpi6216" = \\ee\mtshare\netapps\fluent.inc\fluent6.2.16\ntx86\3ddp_node\fl_nmpi6216.exe:151.159.0.0/16:enabled:flnmpi6216

"\\ee\mtshare\netapps\fluent.inc\fluent6.3.13\ntx86\2d_node\fl_nmpi6313.exe:151.159.0.0/16:enabled:fluent" = \\ee\mtshare\netapps\fluent.inc\fluent6.3.13\ntx86\2d_node\fl_nmpi6313.exe:151.159.0.0/16:enabled:fluent

"\\ee\mtshare\netapps\fluent.inc\fluent6.3.13\ntx86\2ddp_node\fl_nmpi6313.exe:151.159.0.0/16:enabled:fluent" = \\ee\mtshare\netapps\fluent.inc\fluent6.3.13\ntx86\2ddp_node\fl_nmpi6313.exe:151.159.0.0/16:enabled:fluent

"\\ee\mtshare\netapps\fluent.inc\fluent6.3.13\ntx86\3d_node\fl_nmpi6313.exe:151.159.0.0/16:enabled:fluent" = \\ee\mtshare\netapps\fluent.inc\fluent6.3.13\ntx86\3d_node\fl_nmpi6313.exe:151.159.0.0/16:enabled:fluent

"\\ee\mtshare\netapps\fluent.inc\fluent6.3.13\ntx86\3ddp_node\fl_nmpi6313.exe:151.159.0.0/16:enabled:fluent" = \\ee\mtshare\netapps\fluent.inc\fluent6.3.13\ntx86\3ddp_node\fl_nmpi6313.exe:151.159.0.0/16:enabled:fluent

"C:\Program Files (x86)\MPICH\mpd\bin\mpd.exe:151.159.0.0/16:enabled:mpd" = C:\Program Files (x86)\MPICH\mpd\bin\mpd.exe:151.159.0.0/16:enabled:mpd

"C:\Program Files (x86)\MPICH\mpd\bin\MPIRun.exe:151.159.0.0/16:enabled:mpirun" = C:\Program Files (x86)\MPICH\mpd\bin\MPIRun.exe:151.159.0.0/16:enabled:mpirun

"c:\program files\Altium2004 SP2\DXP.exe:151.159.0.0/16:enabled:DXP" = c:\program files\Altium2004 SP2\DXP.exe:151.159.0.0/16:enabled:DXP

"C:\Program Files\MPICH\mpd\bin\MPIRun.exe:151.159.0.0/16:enabled:mpirun" = C:\Program Files\MPICH\mpd\bin\MPIRun.exe:151.159.0.0/16:enabled:mpirun

"f:\netapps\wbalance\wbalance.exe:151.159.0.0/16:enabled:wbalance" = f:\netapps\wbalance\wbalance.exe:151.159.0.0/16:enabled:wbalance

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]

"AllowUserPrefMerge" = 1

"Enabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]

"21:TCP:151.159.0.0/16:enabled:FTP Polycom" = 21:TCP:151.159.0.0/16:enabled:FTP Polycom

"2967:TCP:151.159.0.0/16:enabled:symantecAV" = 2967:TCP:151.159.0.0/16:enabled:symantecAV

"2967:UDP:151.159.0.0/16:enabled:SymantecAV" = 2967:UDP:151.159.0.0/16:enabled:SymantecAV

"38037:TCP:151.159.0.0/16:enabled:SymantecAMS" = 38037:TCP:151.159.0.0/16:enabled:SymantecAMS

"38037:UDP:151.159.0.0/16:enabled:SymantecAMS" = 38037:UDP:151.159.0.0/16:enabled:SymantecAMS

"38292:TCP:151.159.0.0/16:enabled:SymantecAMS" = 38292:TCP:151.159.0.0/16:enabled:SymantecAMS

"38292:UDP:151.159.0.0/16:enabled:SymantecAMS" = 38292:UDP:151.159.0.0/16:enabled:SymantecAMS

"38293:UDP:151.159.0.0/16:enabled:symantecAV" = 38293:UDP:151.159.0.0/16:enabled:symantecAV

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings]

"AllowOutboundDestinationUnreachable" = 1

"AllowOutboundSourceQuench" = 1

"AllowRedirect" = 1

"AllowInboundEchoRequest" = 1

"AllowInboundRouterRequest" = 0

"AllowOutboundTimeExceeded" = 1

"AllowOutboundParameterProblem" = 0

"AllowInboundTimestampRequest" = 0

"AllowInboundMaskRequest" = 0

"AllowOutboundPacketTooBig" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings]

"Enabled" = 1

"RemoteAddresses" = 151.159.X.X/XX,151.159.X.X/XX

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]

"Enabled" = 1

"RemoteAddresses" = 151.159.X.X/XX,151.159.XX.X/XX

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop]

"Enabled" = 1

"RemoteAddresses" = *

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{137C9132-66E7-46CD-9FC4-43F375280D26}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{403CB3B8-9716-44EC-A221-DFCA50E6F152}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{66EC5AB8-B323-416F-A177-B838C7CEF204}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |

"{822F547B-9DBB-4B68-9969-C05002A37D1E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{B4605D47-7AF3-4070-B006-3D659A3919D9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{B5C30E3F-9A5D-4CBF-9998-292509386431}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{BE981EFC-FE63-458B-816A-CB8EF23D30C7}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{C94B8BD8-ECFE-499E-8268-1FAC4C44FE69}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{D8C179E8-EA03-4E84-9498-F78725978D77}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |

"{F3344FC8-FBB2-4E1B-8867-1E2307C2A83F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0712AACB-26C9-4FD5-910E-6120F2D35640}" = protocol=17 | dir=in | app=c:\program files\solidworks corp\solidworks\photoview\photoview360_cl.exe |

"{0F95FE86-F555-493D-9588-2F4545DA6A65}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |

"{155FD0D0-38BA-4CB7-96FE-62CDB495B6D7}" = dir=in | app=c:\program files\itunes\itunes.exe |

"{1FA418ED-6581-4385-BBA9-E8F1EE81E7C2}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\moon base alpha\binaries\win32\moonbasealphagame.exe |

"{21F3D41F-3A81-4E13-B8D9-A211612B43AA}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\12.1.1000.157.105\bin\smc.exe |

"{260B962D-5736-49BA-BA82-A386731576CE}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dustforce\dustforce.exe |

"{27AA5DCA-3C14-4C72-A8E4-82FF688A51A0}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\gotham city impostors f2p\impostors.exe |

"{27C46651-69E3-43BB-87E9-4A394EB903CB}" = dir=in | app=c:\program files\cyberlink\makedisc\makedisc.exe |

"{2D546166-41CD-4339-87B8-F12BCE737088}" = protocol=17 | dir=in | app=c:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe |

"{2EBD36AE-3960-4B56-B60A-40462A4CBD99}" = protocol=6 | dir=in | app=c:\users\1777777\appdata\roaming\dropbox\bin\dropbox.exe |

"{2FE3BB9E-9257-448D-8BE2-39D20D45D072}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\psychonauts\psychonauts.exe |

"{301FF4CB-B42E-469B-9DB5-A660520EC911}" = protocol=17 | dir=in | app=c:\program files\solidworks corp\solidworks\photoview\photoview360.exe |

"{30ABFEC3-7F15-4D6E-B57A-A04DED2071C6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dustforce\dustforce.exe |

"{397AD4BA-7200-4055-BCCF-2D083C239C64}" = protocol=17 | dir=in | app=c:\program files\solidworks corp\solidworks\swscheduler\dtscoordinatorservice.exe |

"{3AE11D02-8523-4847-B6B4-786AE29C6572}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\edna and harvey harvey's new eyes demo\harvey.exe |

"{46C88024-B9AF-46E7-AF15-00199F401EEA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\super meat boy\supermeatboy.exe |

"{46E6052B-BFE4-4B0F-9A04-D0E7B9AFD717}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\psychonauts\psychonauts.exe |

"{47795358-2734-4611-A56D-FA9CB532F4B2}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\tony hawk's pro skater hd\binaries\win32\thhdgame.exe |

"{4C4624A3-B0DA-4A4D-889B-EF990BBB21D3}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\morrowind\morrowind launcher.exe |

"{4E29393B-7F95-414B-BA95-A434591A7797}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\super meat boy\supermeatboy.exe |

"{553AD7E8-9CCC-444F-B942-03D28B687C86}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |

"{5B301244-C09C-47A2-9CBF-4DBCB9967CA5}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |

"{5BC52F8E-6255-448F-B30B-842C48510CF6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{5C445F44-E8A1-4C7F-A5BB-DC123855B3E2}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\12.1.1000.157.105\bin\snac.exe |

"{65A1B9A1-D40C-4787-804E-7BCF8FF851C1}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\bastion\bastion.exe |

"{67330469-1705-4D65-971E-B01004BA6973}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{6753242A-4EF3-43C8-91B8-97F3BFD89789}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\gotham city impostors f2p\engine.exe |

"{6C29B73E-8B4D-4A69-BF8D-2B54E7B64E65}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\torchlight\torchlight.exe |

"{75B90DB2-B627-4C0F-966C-800094A4F20E}" = protocol=6 | dir=in | app=c:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe |

"{75C1817C-0C13-4FB0-8861-6E019B8E8E18}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{76D7DC68-1F9A-464B-A249-120885981EF9}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\moon base alpha\binaries\win32\moonbasealphagame.exe |

"{7D80D092-0898-4A5D-B5A2-6AA8FFA4CC2C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\tony hawk's pro skater hd\binaries\win32\thhdgame.exe |

"{7F89304E-7D5D-44F5-A8E2-0107E745B15E}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe |

"{8245C0F3-F47A-47B4-BDB9-F7CFF85AFC91}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\edna and harvey harvey's new eyes demo\visionaireconfigurationtool.exe |

"{846420ED-CD02-4069-8427-DB6DBFE44ABB}" = protocol=6 | dir=in | app=c:\program files\solidworks corp\solidworks\photoview\photoview360_cl.exe |

"{8485B1FE-1047-46D8-9A17-91AB6102066F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |

"{91027D14-5A23-4636-ACA5-7224444BEA94}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\bastion\bastion.exe |

"{91A42119-4936-4C98-9BC7-9F3E1389D968}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |

"{997AFBE5-3F52-4CC5-B294-C4986DA86936}" = protocol=6 | dir=in | app=c:\program files\hp\hp photosmart plus b210 series\bin\devicesetup.exe |

"{9DC1B33F-1679-4F18-B521-5620678204E4}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\fallout 2\fallout2.exe |

"{9E803EFD-ACE6-443A-AFFB-9038F3A3E960}" = protocol=6 | dir=in | app=c:\program files\solidworks corp\solidworks\swscheduler\dtscoordinatorservice.exe |

"{9EDF73B6-7557-4587-B684-0205F908260A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |

"{A15F4631-D056-44D5-8FAB-C4FA786C7545}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\gotham city impostors f2p\impostors.exe |

"{A93751FD-4558-45BC-B74F-FB7345F43FD6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\edna and harvey harvey's new eyes demo\visionaireconfigurationtool.exe |

"{AA6472B1-7537-4A37-B79B-99D12A76E3E3}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\12.1.1000.157.105\bin\smc.exe |

"{AB5CF1A2-1874-49B8-BE0B-B15B0CB4D15C}" = protocol=17 | dir=in | app=c:\program files\hp\hp photosmart plus b210 series\bin\devicesetup.exe |

"{B0AB46D3-A914-42B0-B2BC-1DBF2013BC81}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\fallout 2\fallout2.exe |

"{B90CC188-AF35-4CA3-BDDD-0C324E403D53}" = protocol=6 | dir=in | app=c:\program files\solidworks corp\solidworks\photoview\photoview360.exe |

"{C91850D0-00CD-4C25-B2AE-11E2BB772280}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\psychonauts\psychonauts.exe |

"{C91D47FE-921F-4F7A-8E56-AAAFC7A49FCC}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\edna and harvey harvey's new eyes demo\harvey.exe |

"{DEBF0F2C-0A13-458D-AA9D-0A6C97103724}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |

"{F32755C1-AFE6-479A-9BAF-41F154B162E0}" = protocol=17 | dir=in | app=c:\users\1777777\appdata\roaming\dropbox\bin\dropbox.exe |

"{F338C8EE-201D-4A7C-99AB-D7ECF17ECDCA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{F6F5C680-187F-423E-9487-4325F6F64746}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\psychonauts\psychonauts.exe |

"{F7FFDF9F-7CAF-4A6C-AC57-009387A35C09}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\gotham city impostors f2p\engine.exe |

"{F9EFD428-63B1-4353-8386-7FA502303AF4}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\torchlight\torchlight.exe |

"{FCA3C61A-3FB0-43BC-8F22-D7887AAE3494}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |

"{FCAB8A89-958E-4530-B7DD-6222D561A5EC}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\12.1.1000.157.105\bin\snac.exe |

"{FEC10692-B2A9-4C6C-8932-21D517349780}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\morrowind\morrowind launcher.exe |

"TCP Query User{0917C357-C620-4C63-9266-00FAF87CB7BB}C:\users\1777777\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\1777777\appdata\roaming\dropbox\bin\dropbox.exe |

"TCP Query User{13E14AF4-B2AA-4271-935D-A59EE88D867F}C:\program files\maple 15\jre\bin\maple.exe" = protocol=6 | dir=in | app=c:\program files\maple 15\jre\bin\maple.exe |

"TCP Query User{3B4D4EF1-D97A-44C7-8D4B-33B7C8FEF19B}C:\users\1777777\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\1777777\appdata\roaming\spotify\spotify.exe |

"TCP Query User{4A3BEF2A-7F70-41A6-A514-03371C338D6C}C:\program files\maple 15\jre\bin\maple.exe" = protocol=6 | dir=in | app=c:\program files\maple 15\jre\bin\maple.exe |

"TCP Query User{5FEAE34A-710D-45B2-90C4-750D95907069}C:\program files\maple 16\jre\bin\maple.exe" = protocol=6 | dir=in | app=c:\program files\maple 16\jre\bin\maple.exe |

"TCP Query User{6533996E-99C5-4457-8B1D-36FB309E1627}C:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe |

"TCP Query User{6F5DEBD5-590C-4B95-8D68-377AE34B75E7}C:\users\1777777\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\1777777\appdata\roaming\dropbox\bin\dropbox.exe |

"TCP Query User{70099F89-3D9C-49C5-A11D-C171A6B1A632}C:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe |

"TCP Query User{F6A8ABA9-E0F6-43DA-806F-B93BE25F900D}C:\users\1777777\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\1777777\appdata\roaming\spotify\spotify.exe |

"UDP Query User{21F9A66D-BADC-4EB7-828E-A1649847B117}C:\program files\maple 15\jre\bin\maple.exe" = protocol=17 | dir=in | app=c:\program files\maple 15\jre\bin\maple.exe |

"UDP Query User{2D1378C0-488A-4AEB-84A0-3E0FFBAECEE6}C:\users\1777777\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\1777777\appdata\roaming\spotify\spotify.exe |

"UDP Query User{5C64A159-C053-4814-9BFB-59FD5EDCC022}C:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe |

"UDP Query User{6B3E4993-6793-4D51-9722-D67D87C0791D}C:\users\1777777\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\1777777\appdata\roaming\spotify\spotify.exe |

"UDP Query User{6CB16EC8-6E26-4641-94F6-CE5A917A2FFC}C:\program files\maple 15\jre\bin\maple.exe" = protocol=17 | dir=in | app=c:\program files\maple 15\jre\bin\maple.exe |

"UDP Query User{7C7BB77B-DE13-471F-89C0-A8F72D866C5A}C:\users\1777777\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\1777777\appdata\roaming\dropbox\bin\dropbox.exe |

"UDP Query User{838FD61D-51BB-4307-9F02-FD9DC7561B30}C:\users\1777777\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\1777777\appdata\roaming\dropbox\bin\dropbox.exe |

"UDP Query User{9F9BE659-9603-497A-9C53-40D5EC8A9AC4}C:\program files\maple 16\jre\bin\maple.exe" = protocol=17 | dir=in | app=c:\program files\maple 16\jre\bin\maple.exe |

"UDP Query User{F60377D1-FF9A-4E18-9D6B-5EBAB930132A}C:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{039E0487-E1D2-4760-91B9-0F8D8C376E05}" = Anytime USB Charge Utility

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3

"{05855322-BE43-41FE-B583-D3AE0C326D58}" = Microsoft Silverlight 4 SDK

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data

"{09C52940-A4D1-4409-A7CC-1AAE630CF578}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{0BE273CD-AAB9-361B-8C32-D955EAC929E3}" = Microsoft Visual Studio 2010 SharePoint Developer Tools

"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime

"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool

"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes

"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1

"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU

"{14491F29-B753-4F9B-B410-75F5B1827D28}" = Jamestown: Legend of the Lost Colony

"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR

"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools

"{16155BB8-8BC5-4E0B-AA41-B3A08545494D}" = O2Micro Flash Memory Card Windows Driver

"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{191C41F6-4BA8-4D3D-BBC5-AAC8F3077E3F}" = Fujitsu MobilityCenter Extension Utility

"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser

"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files

"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1

"{1AA5BD63-6614-44B2-88A7-605191EDB835}" = Dotfuscator Software Services - Community Edition

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools

"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK

"{207E8B60-07D2-4B7F-97FE-0DA448606861}" = Fujitsu Button Utilities

"{2222706F-666A-4037-7777-202328764D10}" = JavaFX 2.0.2 SDK

"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java 6 Update 29

"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9

"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3

"{2AD738DC-FC24-4342-A2DA-BB6DCCF6B048}" = Jing

"{2BDE2BF2-AD90-4191-B3C8-D0046CE54916}" = Fujitsu Display Manager

"{2CB72D13-3C04-46F2-A3B1-B63317F92B32}" = Battery Utility

"{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86

"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver

"{32A3A4F4-B792-11D6-A78A-00B0D0170020}" = Java SE Development Kit 7 Update 2

"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = FJ Camera

"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools

"{41A01180-D9FD-3428-9FD6-749F4C637CBF}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)

"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software

"{43C9CFE0-E1E6-46A2-A9FD-FDF348DD4EC2}" = US - Custom

"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared

"{4974E7A9-0412-4C4E-A755-C04F77A6543B}" = AuthenTec TrueSuite

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files

"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings

"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module

"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business HD

"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver

"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3

"{57BB52B7-6B7B-31F3-89F4-4EE8FE5CEF6D}" = Microsoft Help Viewer 1.1

"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services

"{5A043038-3568-4F92-8151-E1EA5C711CBC}" = SolidWorks eDrawings 2012 SP04

"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1

"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219

"{5FECE3AC-7981-4E96-BAAE-CDDAC87073E4}" = SolidWorks Flow Simulation 2012 SP04

"{60508D78-C5CA-4274-B68D-DA14A986BBCD}" = Plugfree NETWORK

"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support

"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3

"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.9

"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All

"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools

"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer

"{6ED37A91-7710-3183-BE50-AB043FF6689E}" = Microsoft Team Foundation Server 2010 Object Model - ENU

"{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}" = Google Earth

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{779D8CA1-03DD-4AD4-B21F-3E20BFE7BEDE}" = SketchUp 8

"{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects

"{77FDE44F-3564-4E90-B054-68D1A00FEB6D}" = O2Micro OZ776 SCR Driver

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7A56D81D-6406-40E7-9184-8AC1769C4D69}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project

"{7BA64D21-EE46-4a9a-8145-52B0175C3F86}" = Plugfree NETWORK

"{7F5FDEA1-D0AC-4D80-9D95-59775FCCFA40}" = HP Photosmart Plus B210 series Help

"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3

"{81955A9C-7132-C4E0-DCAC-723CE4068BB7}" = Dragon Age Legends

"{827990C7-4D30-3627-A2D1-5FFA09198BB2}" = Microsoft Visual Studio 2010 Office Developer Tools (x86)

"{83298573-A6B6-42AB-A234-FE91CA2859C0}" = Microsoft SQL Server 2008 Native Client

"{85467CBC-7A39-33C9-8940-D72D9269B84F}" = Microsoft Visual F# 2.0 Runtime

"{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3

"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support

"{8F72E2D4-1E48-4534-8DB8-1E8E012899C6}" = Microsoft SQL Server 2008 Setup Support Files

"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components

"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010

"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010

"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{90544556-F09B-4D7A-94EA-47B486AB918C}_is1" = Instagram Downloader version 1.0

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings

"{97CE8B73-AA5A-4987-A1BE-50DD1A187478}" = Microsoft Sync Framework SDK v1.0 SP1

"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client

"{99E66BC9-E4B6-485F-ABFC-31EFCE36DFDF}" = Microsoft Keyboard Layout Creator 1.4

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9C48DCA4-00C2-449C-88D8-B1EE1692B44F}" = Safari

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3

"{9D60AEC3-CCBC-4DA8-9B24-DC30667DEFA0}" = Roxio MyDVD

"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps

"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific

"{A62F9CD0-B2E0-4F2A-88F2-79254A3C8539}" = WinPatrol

"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AA94D826-6C3A-4031-B074-43411E459E5B}" = DyKnow Tablet Runtime 5.2 SP1

"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime

"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio

"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.5)

"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4

"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader

"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime

"{b145ec69-66f5-11d8-9d75-000129760d75}" = CyberLink MakeDisc

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services

"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy

"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974

"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer

"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3

"{BC537AE0-88AF-47ED-B762-33B0D62B5188}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework

"{BE962181-E347-464E-AE70-276DD63A8293}" = HP Photosmart Plus B210 series Basic Device Software

"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2

"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser

"{C6DD625F-4B61-4561-8286-87CA0275CEA1}" = Microsoft Sync Framework Runtime v1.0 SP1 (x86)

"{C8E4B31D-337C-483D-822D-16F11441669B}" = Fujitsu Hotkey Utility

"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program

"{CA1A78FC-23D4-4AB6-9A5E-A694DE13758D}" = DyKnow

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector

"{CD0DC280-2489-4464-A2FC-16104676394A}" = WD SmartWare

"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files

"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU

"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support

"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29

"{D6B15AE6-B052-363E-B6BB-C4714CBA6509}" = Microsoft Visual Studio 2010 Professional - ENU

"{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1

"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings

"{DBF0825D-EB1F-4DBF-B3BB-43B09AEC7F15}" = AuthenTec WinBio FingerPrint Software

"{DC3D6AFB-78B4-489F-81D7-30B66E0C2417}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)

"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings

"{DDC49774-40B9-47AE-9C63-5569C08C4082}" = Pointing Device Utility

"{DF38C72B-8A86-4727-99D2-FA7CC5E17A24}" = Microsoft SQL Server 2008 RsFx Driver

"{E08426B6-7ADC-439F-1739-EA9938651933}" = Bulkr

"{E2C98732-F973-4985-A9C5-DC06178E16EE}" = Microsoft Mathematics Add-in (32-bit)

"{E330A608-195F-4C39-8B95-9AAC2C97CD99}" = Power Saving Utility

"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series

"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3

"{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility

"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0

"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module

"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business HD v10

"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F33CFF0E-6684-43A8-AF99-2F1191B67152}" = Shock Sensor Utility

"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared

"{F990B526-8F7C-46E0-B1F1-6C893A8B478F}" = Microsoft Sync Framework Services v1.0 SP1 (x86)

"{FA689023-0B72-4771-98A6-A1C927E58207}" = Symantec Endpoint Protection

"{FE706200-62BF-4D25-8B34-DC31189DE902}" = SolidWorks 2012 SP04

"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup

"7-Zip" = 7-Zip 9.20

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3

"Android SDK Tools" = Android SDK Tools

"Audacity_is1" = Audacity 2.0

"Botanicula" = Botanicula

"CCleaner" = CCleaner

"Chocolate Castle" = Chocolate Castle 1.09

"com.bwsf.DragonAgeLegends" = Dragon Age Legends

"com.prakaz.project.photogettr" = Bulkr

"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows

"DeskUpdate_is1" = DeskUpdate 4.11

"doxygen_is1" = doxygen 1.7.5.1

"F02860D720F53C6FCD75A013226E3E82F54FAB68" = Windows Driver Package - Fujitsu America, Inc. (FjBtnDrv) HIDClass (08/27/2009 4.2.0827.2009)

"Half-Life Dedicated Server Update Tool" = Half-Life Dedicated Server Update Tool

"HyperCam 2" = HyperCam 2

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"InstallShield_{16155BB8-8BC5-4E0B-AA41-B3A08545494D}" = O2Micro Flash Memory Card Windows Driver

"InstallShield_{191C41F6-4BA8-4D3D-BBC5-AAC8F3077E3F}" = Fujitsu MobilityCenter Extension Utility

"InstallShield_{2BDE2BF2-AD90-4191-B3C8-D0046CE54916}" = Fujitsu Display Manager

"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver

"InstallShield_{77FDE44F-3564-4E90-B054-68D1A00FEB6D}" = O2Micro OZ776 SCR Driver

"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9

"InstallShield_{b145ec69-66f5-11d8-9d75-000129760d75}" = CyberLink MakeDisc

"InstallShield_{C8E4B31D-337C-483D-822D-16F11441669B}" = Fujitsu Hotkey Utility

"InstallShield_{CA1A78FC-23D4-4AB6-9A5E-A694DE13758D}" = DyKnow

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector

"InstallShield_{DDC49774-40B9-47AE-9C63-5569C08C4082}" = Pointing Device Utility

"InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility

"InstallShield_{F33CFF0E-6684-43A8-AF99-2F1191B67152}" = Shock Sensor Utility

"ISD Tablet Driver" = ISD Tablet

"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15

"LAME_is1" = LAME v3.99.3 (for Windows)

"LastFM_is1" = Last.fm 1.5.4.27091

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100

"Maple 15" = Maple 15

"Maple 16" = Maple 16

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1

"Microsoft Security Client" = Microsoft Security Essentials

"Microsoft SQL Server 10" = Microsoft SQL Server 2008

"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008

"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU

"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU

"Microsoft Visual Studio 2010 Professional - ENU" = Microsoft Visual Studio 2010 Professional - ENU

"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1

"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)

"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools

"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)

"Office14.PROPLUS" = Microsoft Office Professional Plus 2010

"OpenAL" = OpenAL

"pepakura_designer3en" = Pepakura Designer 3

"pepakura_viewer3en" = Pepakura Viewer 3

"PROSet" = Intel® Network Connections Drivers

"PSpice Student" = PSpice Student 9.1

"RAR File Open Knife - Free Opener" = RAR File Open Knife - Free Opener

"RealPlayer 16.0" = RealPlayer

"Revo Uninstaller" = Revo Uninstaller 1.94

"RocketDock_is1" = RocketDock 1.3.5

"Runic Games Torchlight" = Torchlight

"Sideload Wonder Machine1.2" = Sideload Wonder Machine

"Slay_is1" = Slay 5.0

"SolidWorks Installation Manager 20120-40400-1100-200" = SolidWorks 2012 SP04

"Steam App 206210" = Gotham City Impostors: Free To Play

"Steam App 221660" = Edna & Harvey: Harvey's New Eyes Demo

"Steam App 22320" = The Elder Scrolls III: Morrowind

"Steam App 38410" = Fallout 2

"Steam App 40800" = Super Meat Boy

"Steam App 40810" = Super Meat Boy Editor

"Steam App 440" = Team Fortress 2

"Steam App 4560" = Company of Heroes

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"Voxatron" = Voxatron 0.1.3

"Windows Media Encoder 9" = Windows Media Encoder 9 Series

"Zen Puzzle garden" = Zen Puzzle garden 1.3

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Cook, Serve, Delicious!" = Cook, Serve, Delicious!

"Dropbox" = Dropbox

"Flux" = F.lux

"Google Chrome" = Google Chrome

"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 10/20/2012 10:57:12 AM | Computer Name = T-M1011.MT.local | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 27955457

Error - 10/20/2012 10:57:12 AM | Computer Name = T-M1011.MT.local | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 27955457

Error - 10/20/2012 11:38:18 AM | Computer Name = T-M1011.MT.local | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Program Files\AuthenTec

TrueSuite\x64\AppLogonShell.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 10/20/2012 11:39:42 AM | Computer Name = T-M1011.MT.local | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Program Files\Fingerprint

Sensor\Drivers\DPInst64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 10/20/2012 12:28:59 PM | Computer Name = T-M1011.MT.local | Source = Symantec AntiVirus | ID = 16711731

Description = Security Risk Found!Hosts File Change in File: c:\windows\system32\svchost.exe

by: SONAR scan. Action: Leave Alone succeeded. Action Description: The file was

left unchanged.

Error - 10/20/2012 6:15:18 PM | Computer Name = T-M1011.MT.local | Source = WinMgmt | ID = 10

Description =

Error - 10/20/2012 7:25:58 PM | Computer Name = T-M1011.MT.local | Source = Symantec AntiVirus | ID = 16711731

Description = Security Risk Found!Hosts File Change in File: c:\windows\system32\svchost.exe

by: SONAR scan. Action: Leave Alone succeeded. Action Description: The file was

left unchanged.

Error - 10/20/2012 8:35:23 PM | Computer Name = T-M1011.MT.local | Source = Symantec AntiVirus | ID = 16711731

Description = Security Risk Found!Hosts File Change in File: c:\windows\system32\svchost.exe

by: SONAR scan. Action: Leave Alone succeeded. Action Description: The file was

left unchanged.

Error - 10/20/2012 8:35:27 PM | Computer Name = T-M1011.MT.local | Source = Symantec AntiVirus | ID = 16711731

Description = Security Risk Found!Hosts File Change in File: c:\windows\system32\svchost.exe

by: SONAR scan. Action: Leave Alone succeeded. Action Description: The file was

left unchanged.

Error - 10/20/2012 8:44:28 PM | Computer Name = T-M1011.MT.local | Source = WinMgmt | ID = 10

Description =

Error - 10/20/2012 8:46:52 PM | Computer Name = T-M1011.MT.local | Source = Symantec AntiVirus | ID = 16711731

Description = Security Risk Found!Hosts File Change in File: c:\program files\intel\intel®

management engine components\uns\uns.exe by: SONAR scan. Action: Leave Alone succeeded.

Action Description: The file was left unchanged.

[ System Events ]

Error - 1/22/2013 9:02:17 PM | Computer Name = T-M1011.MT.local | Source = Microsoft-Windows-GroupPolicy | ID = 1055

Description = The processing of Group Policy failed. Windows could not resolve the

computer name. This could be caused by one of more of the following: a) Name Resolution

failure on the current domain controller. b) Active Directory Replication Latency

(an account created on another domain controller has not replicated to the current

domain controller).

Error - 1/22/2013 9:02:33 PM | Computer Name = T-M1011.MT.local | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

cdrom

Error - 1/22/2013 9:05:16 PM | Computer Name = T-M1011.MT.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129

Description = The processing of Group Policy failed because of lack of network connectivity

to a domain controller. This may be a transient condition. A success message would

be generated once the machine gets connected to the domain controller and Group

Policy has succesfully processed. If you do not see a success message for several

hours, then contact your administrator.

Error - 1/22/2013 9:05:42 PM | Computer Name = T-M1011.MT.local | Source = WMPNetworkSvc | ID = 866300

Description =

Error - 1/22/2013 10:34:21 PM | Computer Name = T-M1011.MT.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129

Description = The processing of Group Policy failed because of lack of network connectivity

to a domain controller. This may be a transient condition. A success message would

be generated once the machine gets connected to the domain controller and Group

Policy has succesfully processed. If you do not see a success message for several

hours, then contact your administrator.

Error - 1/23/2013 2:24:51 PM | Computer Name = T-M1011.MT.local | Source = WMPNetworkSvc | ID = 866300

Description =

Error - 1/23/2013 2:25:45 PM | Computer Name = T-M1011.MT.local | Source = WMPNetworkSvc | ID = 866300

Description =

Error - 1/23/2013 2:31:39 PM | Computer Name = T-M1011.MT.local | Source = NETLOGON | ID = 5719

Description = This computer was not able to set up a secure session with a domain

controller

in domain MT due to the following: %%1311 This may lead to authentication problems.

Make sure that this computer is connected to the network. If the problem persists,

please

contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller

for the specified domain, it sets up the secure session to the primary domain controller

emulator in the specified domain. Otherwise, this computer sets up the secure session

to any domain controller in the specified domain.

Error - 1/23/2013 2:31:39 PM | Computer Name = T-M1011.MT.local | Source = Microsoft-Windows-GroupPolicy | ID = 1055

Description = The processing of Group Policy failed. Windows could not resolve the

computer name. This could be caused by one of more of the following: a) Name Resolution

failure on the current domain controller. b) Active Directory Replication Latency

(an account created on another domain controller has not replicated to the current

domain controller).

Error - 1/23/2013 2:49:43 PM | Computer Name = T-M1011.MT.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129

Description = The processing of Group Policy failed because of lack of network connectivity

to a domain controller. This may be a transient condition. A success message would

be generated once the machine gets connected to the domain controller and Group

Policy has succesfully processed. If you do not see a success message for several

hours, then contact your administrator.

< End of report >

Link to post
Share on other sites

Good afternoon rokhuff,

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    :OTL
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.easylifeapp.com/
    IE - HKLM\..\SearchScopes\%EasyLifeSearch_IESearchEngineGuid%: "URL" = http://search.easyli...q={searchTerms}
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.easylifeapp.com/
    IE - HKCU\..\SearchScopes\%EasyLifeSearch_IESearchEngineGuid%: "URL" = http://search.easyli...q={searchTerms}
    FF - prefs.js..browser.search.defaultenginename: "EasyLife"
    FF - prefs.js..browser.search.defaultenginename,S: S", "EasyLife"
    FF - prefs.js..browser.search.defaulturl: "http://search.easylifeapp.com/?q="
    FF - prefs.js..browser.search.order.1: "EasyLife"
    FF - prefs.js..browser.search.order.1,S: S", "EasyLife"
    FF - prefs.js..browser.search.selectedEngine: "EasyLife"
    FF - prefs.js..browser.search.selectedEngine,S: S", "EasyLife"
    FF - prefs.js..browser.startup.homepage: "http://search.easylifeapp.com/"
    FF - prefs.js..extensions.enabledAddons: websitelogon@truesuite.com:5.0
    FF - prefs.js..keyword.URL: "http://search.easylifeapp.com/?q="
    [2013/01/17 11:30:06 | 000,000,000 | ---D | M] (Browse2save) -- C:\Users\1777777\AppData\Roaming\mozilla\Firefox\Profiles\qnrgc02l.default\extensions\50f74d5d8e5a0@50f74d5d8e5d9.com
    [2013/01/16 17:39:07 | 000,000,493 | ---- | M] () -- C:\Users\1777777\AppData\Roaming\mozilla\firefox\profiles\qnrgc02l.default\searchplugins\EasyLife.xml
    [2011/08/09 13:53:01 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files\Mozilla Firefox\extensions\websitelogon@truesuite.com
    CHR - homepage: http://search.easylifeapp.com/
    CHR - homepage: http://search.easylifeapp.com/
    O15 - HKLM\..Trusted Domains: google.com ([]* in Local intranet)
    O15 - HKLM\..Trusted Domains: mt.local ([]* in Local intranet)
    O15 - HKCU\..Trusted Domains: google.com ([]* in Local intranet)
    O15 - HKCU\..Trusted Domains: mt.local ([]* in Local intranet)
    :Commands
    [EmptyTemp]
  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

=====

How is your computer currently running?

Link to post
Share on other sites

Guest rokhuff

Hey Dark Knight,

Computer is running good, maybe a bit on the sluggish side. One thing that concerned me today: WinPatrol notified me that about 10 programs that run on start up had crashed or quit. I don't know if this was due to normal computer activity or other things.

All processes killed

========== OTL ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{searchTerms}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{searchTerms}\ not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{searchTerms}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{searchTerms}\ not found.

Prefs.js: "EasyLife" removed from browser.search.defaultenginename

Prefs.js: S", "EasyLife" removed from browser.search.defaultenginename,S

Prefs.js: "http://search.easylifeapp.com/?q=" removed from browser.search.defaulturl

Prefs.js: "EasyLife" removed from browser.search.order.1

Prefs.js: S", "EasyLife" removed from browser.search.order.1,S

Prefs.js: "EasyLife" removed from browser.search.selectedEngine

Prefs.js: S", "EasyLife" removed from browser.search.selectedEngine,S

Prefs.js: "http://search.easylifeapp.com/" removed from browser.startup.homepage

Prefs.js: websitelogon@truesuite.com:5.0 removed from extensions.enabledAddons

Prefs.js: "http://search.easylifeapp.com/?q=" removed from keyword.URL

Folder C:\Users\1777777\AppData\Roaming\mozilla\Firefox\Profiles\qnrgc02l.default\extensions\50f74d5d8e5a0@50f74d5d8e5d9.com\ not found.

File C:\Users\1777777\AppData\Roaming\mozilla\firefox\profiles\qnrgc02l.default\searchplugins\EasyLife.xml not found.

C:\Program Files\Mozilla Firefox\extensions\websitelogon@truesuite.com\components folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\websitelogon@truesuite.com\chrome\skin folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\websitelogon@truesuite.com\chrome\content folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\websitelogon@truesuite.com\chrome folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\websitelogon@truesuite.com folder moved successfully.

Use Chrome's Settings page to change the HomePage.

Use Chrome's Settings page to change the HomePage.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\google.com\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mt.local\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\google.com\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mt.local\ deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: 1777777

->Temp folder emptied: 17788348 bytes

->Temporary Internet Files folder emptied: 7926964 bytes

->Java cache emptied: 22883940 bytes

->FireFox cache emptied: 59312150 bytes

->Google Chrome cache emptied: 48568284 bytes

->Apple Safari cache emptied: 0 bytes

->Flash cache emptied: 58407 bytes

User: Admin

->Temp folder emptied: 49208 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56468 bytes

User: All Users

User: bobrien_adm

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 5159312 bytes

->Java cache emptied: 2027 bytes

->FireFox cache emptied: 10423286 bytes

->Flash cache emptied: 456 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56504 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 140984 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 165.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 01242013_175939

Files\Folders moved on Reboot...

C:\Windows\temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Windows\temp\FXSTIFFDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Link to post
Share on other sites

Hey rokhuff,

Hard to say what might have caused those crashes.

I would like you to try ComboFix please. If Symantec still won't stay disabled, you may have to uninstall it. I know that is an inconvenience but ComboFix is extremely good at finding a lot of the malware out there these days.

Link to post
Share on other sites

Guest rokhuff

Okay, I'll try ComboFix but I have one question: If I run ComboFix and Symantec isn't fully disabled, will it cause serious harm to my PC? Like worst case scenario what would happen? Say I disable it, ComboFix warns me that Symantec isn't disabled but I run it anyway, would it brick my computer?

Link to post
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.