Jump to content

roadtoy

Members
  • Posts

    12
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hi Maniac, I've run OTL by clicking the Cleanup button as recommended. When I went to delete the resetteatimer program I realized I didn't end up running it because the link you'd provided had been changed. I'd intended on mentioning that, but in my haste forgot. Is there anything else I should do ? If not, I'll begin using the laptop and will see how it performs. Thank you for your help.
  2. okay, thank you. Is there anything else I should do further ?
  3. Thankyou for the Response Maniac. I had a look at the link you provided and it certainly makes me nervous. According to the link you posted, it says that the BCMinner could create a backdoor to the system. Is there any way to know if a backdoor was created ? If BCMinner has been removed, does that mean that if there was a backdoor created, that it's effectively closed ?
  4. Phew !! That's great to know. Another question, your first response when I created this post was to indicate that backdoor Trojans may compromise the security of the computer. Was that the case here ? When I'd run a norton scan, it had called the virus by a different name so I'm curious as to what was actually on the computer..
  5. It had simply said.. "files infected", it then said it was restoring from restore point and than began deleting the files indicated in the log.
  6. Hi Maniac, I'm not sure. I have been staying off the laptop for fear of causing problems with having this thing removed. I simply ran combofix this time around and did notice a message come up indicating that the system was infected. Does everything look good according to the logs ? Would I be safe to reconnect to the network ?
  7. Hello, thank you for your continued assistance. I disabled Symantec Enpoint as per the instructions on the site (Right mouse button, and selecting the disable protection option) however combofix indicated it was running. Combofix still ran, so hopefully the necessary symantec components had been disabled. Below is the combofix log ComboFix 12-06-26.02 - PaArCA 06/27/2012 7:09.1.4 - x64 Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.8075.5459 [GMT -4:00] Running from: c:\users\paarca\Desktop\ComboFix.exe AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Symantec Endpoint Protection *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\PCDr\5849\AddOnDownloaded\09ce0ed7-58db-4be9-b311-80b4fd9fd9bc.dll c:\programdata\PCDr\5849\AddOnDownloaded\0b2769c8-99f3-4a8f-b749-eca9816d1c9d.dll c:\programdata\PCDr\5849\AddOnDownloaded\0e53a45b-5a41-43e5-96ab-776b00e48a6e.dll c:\programdata\PCDr\5849\AddOnDownloaded\283cdc40-c633-4749-b3ad-8eb5e8b11b5c.dll c:\programdata\PCDr\5849\AddOnDownloaded\434b795d-fe06-4495-801e-fa92d93babbc.dll c:\programdata\PCDr\5849\AddOnDownloaded\4506fabd-988f-4627-a1de-44b2f1093b08.dll c:\programdata\PCDr\5849\AddOnDownloaded\54874b0a-fb04-44ef-ad2b-c957aafea033.dll c:\programdata\PCDr\5849\AddOnDownloaded\562ad818-216b-4d77-8b40-834630104d2c.dll c:\programdata\PCDr\5849\AddOnDownloaded\60e1ddc2-8de1-4bd0-8e65-4c3d56791c8e.dll c:\programdata\PCDr\5849\AddOnDownloaded\746b3523-df66-4ed9-beaa-88464b84933f.dll c:\programdata\PCDr\5849\AddOnDownloaded\7e36c7b4-f4c8-4324-9887-9cab89169ef6.dll c:\programdata\PCDr\5849\AddOnDownloaded\83db0f34-4452-4946-92c2-31dcd99767dd.dll c:\programdata\PCDr\5849\AddOnDownloaded\90110d4d-0aa3-42f8-b48a-92aebd9d59f3.dll c:\programdata\PCDr\5849\AddOnDownloaded\96963609-8feb-4f10-b100-425cef18a0db.dll c:\programdata\PCDr\5849\AddOnDownloaded\97d3cc32-549b-4646-bc59-82ebb82b5d11.dll c:\programdata\PCDr\5849\AddOnDownloaded\9ad80016-92d9-41a4-9436-c44907366397.dll c:\programdata\PCDr\5849\AddOnDownloaded\b34a10f6-a592-424f-af97-b051783f9dd2.dll c:\programdata\PCDr\5849\AddOnDownloaded\b52e5bed-821a-41fc-9d4b-24d443ee0ad9.dll c:\programdata\PCDr\5849\AddOnDownloaded\b96355f5-a46b-48d0-a3f2-b41eed57de73.dll c:\programdata\PCDr\5849\AddOnDownloaded\bead45d2-b2dc-44e3-94f8-c7de6979be60.dll c:\programdata\PCDr\5849\AddOnDownloaded\d754c4cc-ae68-4d17-afb7-55002296e1e2.dll c:\programdata\PCDr\5849\AddOnDownloaded\ec6735a3-9204-4734-bb0f-5859e58b13b2.dll c:\programdata\PCDr\5849\AddOnDownloaded\f1d18230-9731-47f0-b9f4-b537abcbb39c.dll c:\programdata\PCDr\5849\AddOnDownloaded\f45a4f6c-32c1-48c0-9ee9-e840f397e395.dll c:\programdata\PCDr\5849\AddOnDownloaded\f64109b2-74cc-4638-ae17-228b7886774b.dll c:\programdata\PCDr\5849\AddOnDownloaded\fd85aea7-408e-4ff8-bdca-73b1320e8b27.dll c:\programdata\Roaming c:\windows\assembly\GAC_32\Desktop.ini c:\windows\assembly\GAC_64\Desktop.ini c:\windows\system32\drivers\etc\hosts.ics c:\windows\SysWow64\zip32.dll . Infected copy of c:\windows\system32\Services.exe was found and disinfected Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe . . ((((((((((((((((((((((((( Files Created from 2012-05-27 to 2012-06-27 ))))))))))))))))))))))))))))))) . . 2012-06-27 11:22 . 2012-06-27 11:22 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-06-27 11:22 . 2012-06-27 11:22 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-27 11:22 . 2012-06-27 11:22 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2012-06-26 22:09 . 2012-06-26 22:09 -------- d-----w- C:\_OTL 2012-06-26 19:52 . 2012-06-26 20:22 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-06-26 19:52 . 2012-06-26 19:56 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2012-06-26 19:02 . 2012-06-26 19:02 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes 2012-06-26 19:02 . 2012-06-26 19:02 -------- d-----w- c:\users\Administrator\AppData\Roaming\SUPERAntiSpyware.com 2012-06-26 18:54 . 2012-06-26 18:54 -------- d-----w- c:\users\paarca\AppData\Roaming\SUPERAntiSpyware.com 2012-06-26 18:54 . 2012-06-26 18:54 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-06-26 18:54 . 2012-06-26 18:54 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2012-06-26 18:26 . 2012-06-26 18:26 -------- d-----w- c:\users\paarca\AppData\Roaming\Malwarebytes 2012-06-26 18:26 . 2012-06-26 18:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-06-26 18:26 . 2012-06-26 18:26 -------- d-----w- c:\programdata\Malwarebytes 2012-06-26 18:26 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-21 13:25 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-21 13:25 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-06-21 13:25 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-21 13:21 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-06-21 13:21 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-06-21 13:21 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-06-21 13:21 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys 2012-06-21 13:20 . 2012-04-28 05:32 1112064 ----a-w- c:\windows\system32\rdpcorets.dll 2012-06-21 13:20 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-06 18:03 . 2012-06-06 18:03 -------- d-----r- c:\users\paarca\AppData\Roaming\Brother 2012-06-06 16:37 . 2011-12-27 01:10 40248 ----a-w- c:\windows\system32\drivers\psadd.sys 2012-06-06 16:21 . 2012-06-26 22:07 -------- d-----w- c:\programdata\PCDr 2012-06-06 16:21 . 2012-06-06 16:21 -------- d-----w- c:\programdata\PC-Doctor for Windows 2012-06-06 16:21 . 2012-06-06 16:21 -------- d-----w- c:\program files\PC-Doctor 2012-06-06 16:19 . 2012-06-06 16:22 -------- d-----w- c:\users\paarca\AppData\Roaming\Update 2012-06-06 16:19 . 2012-06-06 16:36 -------- d-----w- c:\users\paarca\AppData\Roaming\PCDr 2012-06-06 13:33 . 2012-06-07 13:08 -------- d-----w- c:\users\paarca\AppData\Roaming\Skype 2012-06-06 13:33 . 2012-06-06 13:33 -------- d-----w- c:\program files (x86)\Common Files\Skype 2012-06-06 13:33 . 2012-06-06 13:33 -------- d-----r- c:\program files (x86)\Skype 2012-06-06 13:33 . 2012-06-06 13:33 -------- d-----w- c:\programdata\Skype 2012-06-05 11:56 . 2012-06-05 11:57 -------- d-----w- c:\users\paarca\AppData\Roaming\ControlCenter4 2012-06-05 11:56 . 2012-06-05 11:56 -------- d-----w- c:\users\paarca\AppData\Roaming\FLEXnet 2012-06-04 18:51 . 2012-06-04 18:51 -------- d-----w- C:\Brother 2012-06-04 18:51 . 2012-06-04 18:51 -------- d-----w- c:\program files (x86)\Browny02 2012-06-04 18:51 . 2012-06-04 18:51 -------- d-----w- c:\programdata\ControlCenter4 2012-06-04 18:51 . 2012-06-04 18:51 -------- d-----w- c:\program files (x86)\ControlCenter4 2012-06-04 18:51 . 2009-12-08 20:19 290304 ------w- c:\windows\system32\BrfxDA5c.dll 2012-06-04 18:51 . 2010-09-23 08:14 58880 ------r- c:\windows\system32\BrWiaNCp.dll 2012-06-04 18:50 . 2011-04-07 23:04 3072 ------w- c:\windows\SysWow64\BrDctF2S.dll 2012-06-04 18:50 . 2011-04-05 19:57 241664 ------w- c:\windows\SysWow64\NSSearch.dll 2012-06-04 18:50 . 2010-03-15 23:45 73728 ------w- c:\windows\SysWow64\BrDctF2.dll 2012-06-04 18:50 . 2007-12-14 02:16 5120 ------w- c:\windows\SysWow64\BrDctF2L.dll 2012-06-04 18:47 . 2012-06-04 18:47 -------- d-----w- c:\program files\Nuance 2012-06-04 18:47 . 2012-06-04 18:47 -------- d-----w- c:\programdata\zeon 2012-06-04 18:46 . 2012-06-04 18:46 -------- d-----w- c:\users\paarca\AppData\Roaming\Nuance 2012-06-04 18:46 . 2012-06-04 18:46 -------- d-----w- c:\programdata\ScanSoft 2012-06-04 18:45 . 2012-06-04 22:53 -------- d-----w- c:\programdata\Nuance 2012-06-04 18:45 . 2012-06-04 18:47 -------- d-----w- c:\program files (x86)\Nuance 2012-06-04 18:45 . 2012-06-04 18:45 -------- d-----w- c:\program files (x86)\Common Files\ScanSoft Shared 2012-06-04 18:45 . 2012-06-04 18:45 -------- d-----w- c:\programdata\FLEXnet 2012-06-04 18:44 . 2012-06-04 18:44 -------- d-----w- c:\program files (x86)\MSXML 4.0 2012-06-04 18:44 . 2012-06-04 18:52 -------- d-----w- c:\programdata\Brother 2012-06-04 18:40 . 2012-06-04 18:40 -------- d-----w- c:\users\paarca\AppData\Local\LogMeIn 2012-06-04 18:40 . 2012-06-04 18:40 -------- d-----w- c:\programdata\LogMeIn 2012-05-31 17:33 . 2012-05-31 17:33 -------- d-----w- c:\users\paarca\Logitech 2012-05-31 17:33 . 2012-05-31 17:33 -------- d-----w- c:\program files (x86)\Common Files\Remote Control Software Common 2012-05-31 17:33 . 2012-05-31 17:33 -------- d-----w- c:\program files (x86)\Logitech 2012-05-31 17:33 . 2012-05-31 17:33 -------- d-----w- c:\program files (x86)\Common Files\Remote Control USB Driver 2012-05-31 17:33 . 2006-02-07 19:45 757760 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll 2012-05-31 17:33 . 2006-02-07 19:44 65024 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe 2012-05-31 17:33 . 2006-02-07 19:40 204800 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll 2012-05-31 17:33 . 2006-02-07 19:40 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll 2012-05-31 17:33 . 2006-02-07 19:40 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll 2012-05-31 17:33 . 2006-02-07 19:39 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll 2012-05-31 17:33 . 2005-11-14 03:19 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe 2012-05-31 17:32 . 2012-05-31 17:32 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll 2012-05-31 17:32 . 2012-05-31 17:32 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll 2012-05-31 17:32 . 2012-05-31 17:32 -------- d-----w- c:\users\paarca\AppData\Roaming\InstallShield . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-23 22:37 . 2012-04-11 12:46 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-06-23 22:37 . 2012-03-10 04:01 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-29 14:05 . 2012-03-09 18:17 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2012-04-11 20:59 . 2012-04-11 20:59 8592 ----a-w- c:\windows\SysWow64\ractrlkeyhook.dll 2012-03-30 11:35 . 2012-05-14 20:56 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-11 4786048] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2011-11-28 115624] "AeXAgentLogon"="c:\program files (x86)\Altiris\Altiris Agent\AeXAgentActivate.exe" [2011-03-24 228696] "ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2009-09-13 103768] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "Communicator"="c:\program files (x86)\Microsoft Lync\communicator.exe" [2012-05-16 12098648] "RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808] "PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2012-01-23 1631808] "IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2011-01-17 112152] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736] "IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2010-03-09 46368] "PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2010-03-09 29984] "PPort12reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992] "PDFHook"="c:\program files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-06 636192] "PDF5 Registry Controller"="c:\program files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 62752] "ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2011-04-20 139264] "BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2011-05-19 2629632] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . c:\users\paarca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ GoZone iSync.lnk - c:\program files (x86)\GoZone\GoZone_iSync.exe [2012-3-22 431608] OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableInstallerDetection"= 0 (0x0) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "HideFastUserSwitching"= 0 (0x0) "DisableCAD"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify] 2010-01-04 23:40 17272 ----a-w- c:\windows\System32\PCANotify.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056] R3 Altiris Deployment Agent;Altiris Deployment Agent;c:\program files\Altiris\Dagent\dagent.exe [2010-03-22 1960784] R3 AltirisAgentProvider;AltirisAgentProvider;c:\program files (x86)\Altiris\Altiris Agent\Agents\WMIProviderAgent\AltirisAgentProvider.exe [2011-03-24 620376] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-19 71168] R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2012-01-23 478056] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-05-10 174184] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2012-01-23 89152] R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2012-01-23 175168] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992] R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-20 88960] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 34816] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232] R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 117248] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-29 1255736] S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [2012-01-23 31344] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-08-13 27240] S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2011-03-29 23664] S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 116336] S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 87600] S1 dwvkbd;DameWare Virtual Keyboard 64 bit Driver;c:\windows\system32\DRIVERS\dwvkbd64.sys [2008-03-13 30720] S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S1 Teefer3;Symantec Endpoint Protection Firewall;c:\windows\system32\DRIVERS\Teefer3.sys [2011-11-28 53880] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [2010-12-17 198784] S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-07 210896] S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2012-01-16 43584] S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736] S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2012-01-16 62016] S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-13 2214504] S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-03-09 144672] S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [2011-05-25 101888] S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe [x] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2011-05-30 13128] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-12 379496] S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256] S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-01-17 2656280] S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-30 846448] S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2011-03-04 166016] S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760] S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-10-17 437288] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-10-17 39976] S3 DwMirror;DwMirror;c:\windows\system32\DRIVERS\DamewareMini.sys [2008-03-14 5632] S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2012-01-11 360624] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-31 138912] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-18 56344] S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-10-31 8615936] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MPSDRV . Contents of the 'Scheduled Tasks' folder . 2012-06-27 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 22:37] . 2012-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1383384898-842925246-41061Core.job - c:\users\paarca\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-12 18:08] . 2012-06-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1383384898-842925246-41061UA.job - c:\users\paarca\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-12 18:08] . 2012-06-13 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06] . 2012-06-26 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DagentUI"="c:\program files\Altiris\Dagent\dagentui.exe" [2010-03-22 847184] "PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2011-07-14 85832] "ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-14 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-14 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-14 416024] "ALCKRESI.EXE"="c:\program files\Lenovo\AutoLock\ALCKRESI.EXE" [2011-09-27 386408] "TpShocks"="TpShocks.exe" [2011-03-29 380776] "LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2012-01-16 44096] "AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2011-10-20 33344] "DameWare MRC Agent"="c:\windows\dwrcs\DWRCST.exe" [2011-10-14 298960] "combofix"="c:\combofix\CF11837.3XE" [2010-11-20 345088] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://wis.ifsworld.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm LSP: %SystemRoot%\system32\vsocklib.dll TCP: DhcpNameServer = 192.168.1.1 DPF: {25988E0B-4429-4A73-A2B5-7153A68155C7} - hxxp://lcs.corpnet.ifsworld.com/login/secured/docmaw/IFSCliMgrOCX.CAB DPF: {C2F79C99-53F3-42ED-9DD5-5357214ADDD1} - hxxp://lcs.corpnet.ifsworld.com/login/secured/docmaw/IFSDropArea.CAB . - - - - ORPHANS REMOVED - - - - . Notify-igfxcui - (no file) Notify-psfus - (no file) SafeBoot-Symantec Antvirus HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\Altiris Agent] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\Communications] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\eXpress\NS Client] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe c:\program files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe c:\program files (x86)\Altiris\Altiris Agent\AeXNSAgent.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe c:\windows\SysWOW64\SAsrv.exe c:\program files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe c:\windows\SysWOW64\vmnat.exe c:\windows\SysWOW64\vmnetdhcp.exe c:\program files (x86)\Lenovo\Access Connections\AcSvc.exe c:\program files (x86)\VMware\VMware Player\vmware-authd.exe c:\program files (x86)\Citrix\ICA Client\ssonsvr.exe c:\progra~1\Lenovo\Zoom\TPSCREX.EXE c:\progra~1\Lenovo\HOTKEY\TPONSCR.EXE c:\program files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe c:\program files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe c:\windows\SysWOW64\rundll32.exe c:\program files (x86)\ControlCenter4\BrCtrlCntr.exe c:\progra~2\ThinkPad\UTILIT~1\SCHTASK.exe c:\program files (x86)\ControlCenter4\BrCcUxSys.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\program files (x86)\Lenovo\System Update\SUService.exe c:\program files (x86)\Microsoft Lync\UcMapi.exe . ************************************************************************** . Completion time: 2012-06-27 07:52:11 - machine was rebooted ComboFix-quarantined-files.txt 2012-06-27 11:52 . Pre-Run: 233,240,293,376 bytes free Post-Run: 232,926,842,880 bytes free . - - End Of File - - 3D054C4B79128301D47A052947C1C6F4
  8. Sure, below is the Malwarebytes Log. Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.26.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 PaArCA :: PAARCA2 [administrator] Protection: Enabled 6/26/2012 7:43:45 PM mbam-log-2012-06-26 (19-43-45).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 253207 Time elapsed: 39 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  9. Thank you very much for the response. Below is the log from OTL. Malwarebytes came back reporting that no malicious items were detected. Previously it had come back indicating the presence of the Trojan.dropper.BCminer. All processes killed ========== OTL ========== C:\Windows\Installer\{dd2eb0e5-4bab-b8a6-702f-3224eae0f635}\U\00000008.@ moved successfully. File C:\Windows\Installer\{dd2eb0e5-4bab-b8a6-702f-3224eae0f635}\U\80000032.@ not found. C:\Windows\Installer\{dd2eb0e5-4bab-b8a6-702f-3224eae0f635}\L\00000004.@ moved successfully. C:\Windows\Installer\{dd2eb0e5-4bab-b8a6-702f-3224eae0f635}\U\80000064.@ moved successfully. C:\Windows\Installer\{dd2eb0e5-4bab-b8a6-702f-3224eae0f635}\U\00000004.@ moved successfully. C:\Windows\Installer\{dd2eb0e5-4bab-b8a6-702f-3224eae0f635}\U\000000cb.@ moved successfully. C:\Windows\Installer\{dd2eb0e5-4bab-b8a6-702f-3224eae0f635}\@ moved successfully. C:\Users\paarca\AppData\Local\{dd2eb0e5-4bab-b8a6-702f-3224eae0f635}\@ moved successfully. ========== FILES ========== C:\Windows\Installer\{dd2eb0e5-4bab-b8a6-702f-3224eae0f635}\U folder moved successfully. C:\Windows\Installer\{dd2eb0e5-4bab-b8a6-702f-3224eae0f635}\L folder moved successfully. Folder move failed. C:\Windows\Installer\{dd2eb0e5-4bab-b8a6-702f-3224eae0f635} scheduled to be moved on reboot. C:\Users\paarca\AppData\Local\{dd2eb0e5-4bab-b8a6-702f-3224eae0f635}\U folder moved successfully. C:\Users\paarca\AppData\Local\{dd2eb0e5-4bab-b8a6-702f-3224eae0f635}\L folder moved successfully. C:\Users\paarca\AppData\Local\{dd2eb0e5-4bab-b8a6-702f-3224eae0f635} folder moved successfully. < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\paarca\Desktop\cmd.bat deleted successfully. C:\Users\paarca\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 2533 bytes ->Temporary Internet Files folder emptied: 170903 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 147657 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: paarca ->Temp folder emptied: 38202186 bytes ->Temporary Internet Files folder emptied: 146463497 bytes ->Java cache emptied: 165700 bytes ->Google Chrome cache emptied: 293015846 bytes ->Flash cache emptied: 13067 bytes User: Public User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 147657 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 3051936 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 11618 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 83503 bytes RecycleBin emptied: 138137410 bytes Total Files Cleaned = 591.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.53.0 log created on 06262012_180957 Files\Folders moved on Reboot... C:\Windows\Installer\{dd2eb0e5-4bab-b8a6-702f-3224eae0f635}\U folder moved successfully. C:\Windows\Installer\{dd2eb0e5-4bab-b8a6-702f-3224eae0f635} folder moved successfully. C:\Users\paarca\AppData\Local\Temp\ExchangePerflog_8484fa31e1d6f18fcfcccd43.dat moved successfully. C:\Users\paarca\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\paarca\AppData\Local\Temp\VGX97DB.tmp moved successfully. File\Folder C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{3D1E52FC-A4EB-4975-A731-E9D87A04486F}.tmp not found! C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{70ED3C57-BE43-43E0-82F1-907E7222A4A1}.tmp moved successfully. C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{C0660F1C-FC3B-40B5-940B-CCD2592564C2}.tmp moved successfully. C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{D425AE81-6372-4235-A449-E6093CB1C20F}.tmp moved successfully. File\Folder C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\31B0A15B.png not found! File\Folder C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\6F231A42.png not found! File\Folder C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\785A1F14.png not found! File\Folder C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\DE98C05.gif not found! C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UOSEV2TH\apple[1].xml moved successfully. C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T50FFY5D\fastbutton[1].htm moved successfully. C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T50FFY5D\index[1].htm moved successfully. C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZIA07EY\EFpQQyG9GqCrobXxL-KRMWzklk6MJbhg7BmBP42CjCQ[1].eot moved successfully. C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZIA07EY\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully. C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ONS8KQLU\index[2].htm moved successfully. C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E69JR0FV\fastbutton[1].htm moved successfully. C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3TFVEUV3\EFpQQyG9GqCrobXxL-KRMWzklk6MJbhg7BmBP42CjCQ[1].eot moved successfully. C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3TFVEUV3\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully. C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2QA8G40E\index[1].htm moved successfully. File move failed. C:\Windows\temp\vmware-SYSTEM\vmauthd.log scheduled to be moved on reboot. C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2964.log moved successfully. File\Folder C:\Windows\temp\etilqs_8Uu6sVPRXVmk9CXl8o9A not found! File\Folder C:\Windows\temp\etilqs_8Uu6sVPRXVmk9CXl8o9A-journal not found! PendingFileRenameOperations files... File C:\Windows\Installer\{dd2eb0e5-4bab-b8a6-702f-3224eae0f635} not found! File C:\Users\paarca\AppData\Local\Temp\ExchangePerflog_8484fa31e1d6f18fcfcccd43.dat not found! File C:\Users\paarca\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found! File C:\Users\paarca\AppData\Local\Temp\VGX97DB.tmp not found! File C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{3D1E52FC-A4EB-4975-A731-E9D87A04486F}.tmp not found! File C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{70ED3C57-BE43-43E0-82F1-907E7222A4A1}.tmp not found! File C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{C0660F1C-FC3B-40B5-940B-CCD2592564C2}.tmp not found! File C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{D425AE81-6372-4235-A449-E6093CB1C20F}.tmp not found! File C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\31B0A15B.png not found! File C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\6F231A42.png not found! File C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\785A1F14.png not found! File C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\DE98C05.gif not found! File C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UOSEV2TH\apple[1].xml not found! File C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T50FFY5D\fastbutton[1].htm not found! File C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T50FFY5D\index[1].htm not found! File C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZIA07EY\EFpQQyG9GqCrobXxL-KRMWzklk6MJbhg7BmBP42CjCQ[1].eot not found! File C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZIA07EY\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot not found! File C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ONS8KQLU\index[2].htm not found! File C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E69JR0FV\fastbutton[1].htm not found! File C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3TFVEUV3\EFpQQyG9GqCrobXxL-KRMWzklk6MJbhg7BmBP42CjCQ[1].eot not found! File C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3TFVEUV3\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot not found! File C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2QA8G40E\index[1].htm not found! [2012/06/26 18:14:53 | 000,003,600 | ---- | M] () C:\Windows\temp\vmware-SYSTEM\vmauthd.log : Unable to obtain MD5 File C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2964.log not found! File C:\Windows\temp\etilqs_8Uu6sVPRXVmk9CXl8o9A not found! File C:\Windows\temp\etilqs_8Uu6sVPRXVmk9CXl8o9A-journal not found! Registry entries deleted on Reboot...
  10. Extras.txt file OTL Extras logfile created on: 6/26/2012 4:08:04 PM - Run 1 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\paarca\Desktop 64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.89 Gb Total Physical Memory | 4.33 Gb Available Physical Memory | 54.93% Memory free 15.77 Gb Paging File | 11.55 Gb Available in Paging File | 73.25% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 461.48 Gb Total Space | 216.88 Gb Free Space | 47.00% Space Free | Partition Type: NTFS Drive E: | 29.84 Gb Total Space | 22.02 Gb Free Space | 73.79% Space Free | Partition Type: FAT32 Drive F: | 36.24 Gb Total Space | 30.55 Gb Free Space | 84.29% Space Free | Partition Type: NTFS Drive H: | 250.00 Mb Total Space | 172.16 Mb Free Space | 68.86% Space Free | Partition Type: NTFS Drive Z: | 36.24 Gb Total Space | 30.55 Gb Free Space | 84.29% Space Free | Partition Type: NTFS Computer Name: PAARCA2 | User Name: PAARCA | NOT logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-790525478-1383384898-842925246-41061\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1C83CB66-D345-4D6C-95A2-63A03269ADA0}" = Lenovo Patch Utility 64 bit "{26A24AE4-039D-4CA4-87B4-2F86416030FF}" = Java 6 Update 30 (64-bit) "{39A04221-294E-4D90-A0F2-CCB1EF15CB56}" = Lenovo Patch Utility 64 bit "{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290 "{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes "{5C8BE867-CC84-452B-940C-1C18200277E5}" = Symantec Endpoint Protection "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6C8D5E56-CA12-42B2-9075-044B4C7067A9}" = Altiris Deployment Agent "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}" = PaperPort Image Printer 64-bit "{81BE0B17-563B-45D4-B198-5721E6C665CD}" = Microsoft Lync 2010 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8DF73A13-F54C-4CB3-B4AD-4375A2E8F4F8}" = VmciSockets "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 275.93 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.93 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.93 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.3.12 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.23.3 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support "{C2938C94-239C-4156-B245-C5406A4F3E93}" = ThinkVantage Fingerprint Software "{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}" = ThinkPad Bluetooth with Enhanced Data Rate Software "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{D61E4101-9E15-4D0E-ABD1-1ABD36B43330}" = Intel® PROSet/Wireless WiFi Software "{D7C307E7-96A7-4BEE-ACF8-D795007E7C16}" = 64 Bit HP CIO Components Installer "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1" = ThinkVantage AutoLock "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "CCleaner" = CCleaner "CNXT_AUDIO_HDA" = Conexant 20672 SmartAudio HD "LENOVO.SMIIF" = Lenovo System Interface Driver "LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "OnScreenDisplay" = On Screen Display "PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox "Power Management Driver" = ThinkPad Power Management Driver "ProInst" = Intel PROSet Wireless "PROSet" = Intel® Network Connections Drivers "SynTPDeinstKey" = ThinkPad UltraNav Driver "ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional "{09A0A854-9965-44BE-944B-302C0658948D}" = 2c8 Modeling Tool 3.4.3 "{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix online plug-in (Web) "{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1A3F6AD7-7A95-439B-BF54-F418C7CC6380}" = WebEx Recorder and Player "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{24E92E7A-6848-4747-A3EA-3AAC0576BE52}" = Lenovo Patch Utility "{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update "{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java 6 Update 30 "{28656860-4728-433C-8AD4-D1A930437BC8}" = Nuance PDF Viewer Plus "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials "{510AC73B-6F0C-4FE7-9E51-D3E8E8DB6D76}" = HyperSnapDX 4.40.01 "{52F2FB99-3D3E-49dd-9C75-79ACFC719D80}" = Altiris Inventory Agent "{54C6FCC1-8C36-4E08-B598-700CAE3489FE}" = Network Recording Player "{55392E52-1AAD-44C4-BE49-258FFE72434F}" = Citrix online plug-in (USB) "{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7 "{6299A847-7034-4349-87BA-2BA6B859C44E}" = Software Management Solution Agent "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}" = Nuance PaperPort 12 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7C84DDDF-DEC9-4E02-8222-D86E73531CEB}" = Citrix online plug-in (SSON) "{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7 "{812424AC-A8B5-44E6-8D48-07E939D1AD9A}" = Citrix online plug-in (HDX) "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver "{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{10E9AEF7-936C-4FDF-B571-D5E598C34865}" = "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJSTD_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJSTD_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PRJSTD_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PRJSTD_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0409-1000-0000000FF1CE}_Office14.PRJSTD_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PRJSTD_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003A-0000-0000-0000000FF1CE}" = Microsoft Office Project Standard 2010 "{90140000-003A-0000-0000-0000000FF1CE}_Office14.PRJSTD_{6CD66326-6B89-4EBD-B0E1-1406294768D1}" = "{90140000-003A-0000-0000-0000000FF1CE}_Office14.PRJSTD_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1) "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PRJSTD_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2010 "{90140000-00B4-0409-0000-0000000FF1CE}_Office14.PRJSTD_{18A0C151-8F8A-4B68-A960-60C464B94329}" = Microsoft Project 2010 Service Pack 1 (SP1) "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PRJSTD_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0116-0409-1000-0000000FF1CE}_Office14.PRJSTD_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}" = Integrated Camera TWAIN "{A1B36B88-AF90-43A3-8906-6DBEE89B4FBD}" = Brother MFL-Pro Suite MFC-J435W "{A7BB9BBD-DFE4-4276-820A-7CD141FC09E6}" = Lenovo Patch Utility "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3) "{B2CA6F37-1602-4823-81B5-0384B6888AA6}" = Integrated Camera Driver Installer Package Ver.1.1.0.1147 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger "{B8A2256E-6225-4D9E-B1C9-C26CA1E22FEB}" = Citrix online plug-in (PNA) "{BD52ED7E-9843-45E6-99E8-7C5F79A1AAF9}" = Symantec_pcAnywhere_plugin_installer "{C6D4B05A-EA7E-1027-80EF-C925E740E99C}" = Intel® Identity Protection Technology 1.0.74.0 "{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1 "{CF53CF7C-D996-43EB-9904-DBED57C25625}" = Citrix online plug-in (DV) "{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager "{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMware Player "{E4911AE6-7BE8-4FDE-AB49-331A651DDA05}" = ShoreTel Communicator "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center "{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH_Media_Driver_v2.14.18.01 "{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows "ActiveTouchMeetingClient" = Cisco WebEx Meetings "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "CitrixOnlinePluginFull" = Citrix online plug-in "GoZone iSync" = GoZone iSync "LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Office14.PRJSTD" = Microsoft Project Standard 2010 "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "Palringo" = Palringo "ProInst" = Intel PROSet Wireless "TreeSize Free_is1" = TreeSize Free V2.2.1 "VLC media player" = VLC media player 2.0.0 "VMware_Player" = VMware Player "WinLiveSuite_Wave3" = Windows Live Essentials ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-307452153-794781224-267960510-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-790525478-1383384898-842925246-41061\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 6/14/2012 9:15:10 AM | Computer Name = PAARCA2.corpnet.ifsworld.com | Source = Microsoft-Windows-EapHost | ID = 2002 Description = Skipping: Eap method DLL path validation failed. Error: typeId=23, authorId=8086, vendorId=0, vendorType=0 Error - 6/14/2012 9:15:10 AM | Computer Name = PAARCA2.corpnet.ifsworld.com | Source = Microsoft-Windows-EapHost | ID = 2002 Description = Skipping: Eap method DLL path validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0 Error - 6/14/2012 9:15:10 AM | Computer Name = PAARCA2.corpnet.ifsworld.com | Source = Microsoft-Windows-EapHost | ID = 2002 Description = Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0 Error - 6/14/2012 9:15:10 AM | Computer Name = PAARCA2.corpnet.ifsworld.com | Source = Microsoft-Windows-EapHost | ID = 2002 Description = Skipping: Eap method DLL path validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0 Error - 6/14/2012 9:15:10 AM | Computer Name = PAARCA2.corpnet.ifsworld.com | Source = Microsoft-Windows-EapHost | ID = 2002 Description = Skipping: Eap method DLL path validation failed. Error: typeId=13, authorId=0, vendorId=0, vendorType=0 Error - 6/14/2012 9:15:10 AM | Computer Name = PAARCA2.corpnet.ifsworld.com | Source = Microsoft-Windows-EapHost | ID = 2002 Description = Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=0, vendorId=0, vendorType=0 Error - 6/14/2012 9:15:10 AM | Computer Name = PAARCA2.corpnet.ifsworld.com | Source = Microsoft-Windows-EapHost | ID = 2002 Description = Skipping: Eap method DLL path validation failed. Error: typeId=88, authorId=0, vendorId=0, vendorType=0 Error - 6/14/2012 12:36:21 PM | Computer Name = PAARCA2.corpnet.ifsworld.com | Source = PC-Doctor | ID = 1 Description = (5096) Asapi: (12:36:21:2610)(5096) S3LogPusherPlugin.Helper - Error -- 340 Unable to storage the test log to medium Error - 6/15/2012 9:56:49 AM | Computer Name = PAARCA2.corpnet.ifsworld.com | Source = dwmrcs | ID = 110 Description = Error: DameWare Mini Remote Control Error setsockopt (IP_ADD_MEMBERSHIP) System Error: 10065 System Message: A socket operation was attempted to an unreachable host. (srv 64 bit) Error - 6/15/2012 9:57:33 AM | Computer Name = PAARCA2.corpnet.ifsworld.com | Source = dwmrcs | ID = 110 Description = Error: DameWare Mini Remote Control Error setsockopt (IP_DROP_MEMBERSHIP) System Error: 10049 System Message: The requested address is not valid in its context. (srv 64 bit) [ System Events ] Error - 6/10/2012 3:33:57 AM | Computer Name = PAARCA2.corpnet.ifsworld.com | Source = NETLOGON | ID = 5719 Description = This computer was not able to set up a secure session with a domain controller in domain CORPNET due to the following: %%1311 This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain. Error - 6/10/2012 7:35:48 AM | Computer Name = PAARCA2.corpnet.ifsworld.com | Source = NETLOGON | ID = 5719 Description = This computer was not able to set up a secure session with a domain controller in domain CORPNET due to the following: %%1311 This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain. Error - 6/10/2012 11:37:39 AM | Computer Name = PAARCA2.corpnet.ifsworld.com | Source = NETLOGON | ID = 5719 Description = This computer was not able to set up a secure session with a domain controller in domain CORPNET due to the following: %%1311 This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain. Error - 6/10/2012 3:39:29 PM | Computer Name = PAARCA2.corpnet.ifsworld.com | Source = NETLOGON | ID = 5719 Description = This computer was not able to set up a secure session with a domain controller in domain CORPNET due to the following: %%1311 This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain. Error - 6/10/2012 7:41:20 PM | Computer Name = PAARCA2.corpnet.ifsworld.com | Source = NETLOGON | ID = 5719 Description = This computer was not able to set up a secure session with a domain controller in domain CORPNET due to the following: %%1311 This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain. Error - 6/10/2012 11:01:22 PM | Computer Name = PAARCA2.corpnet.ifsworld.com | Source = Microsoft-Windows-GroupPolicy | ID = 1129 Description = The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. Error - 6/10/2012 11:43:04 PM | Computer Name = PAARCA2.corpnet.ifsworld.com | Source = NETLOGON | ID = 5719 Description = This computer was not able to set up a secure session with a domain controller in domain CORPNET due to the following: %%1311 This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain. Error - 6/11/2012 12:31:38 AM | Computer Name = PAARCA2.corpnet.ifsworld.com | Source = Microsoft-Windows-GroupPolicy | ID = 1129 Description = The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. Error - 6/11/2012 3:44:55 AM | Computer Name = PAARCA2.corpnet.ifsworld.com | Source = NETLOGON | ID = 5719 Description = This computer was not able to set up a secure session with a domain controller in domain CORPNET due to the following: %%1311 This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain. Error - 6/11/2012 7:46:41 AM | Computer Name = PAARCA2.corpnet.ifsworld.com | Source = NETLOGON | ID = 5719 Description = This computer was not able to set up a secure session with a domain controller in domain CORPNET due to the following: %%1311 This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain. < End of report >
  11. attached are the contents of the files. One hiccup... i ran this a few times, however only only had the extras.txt file created on the first execution. OTL logfile created on: 6/26/2012 4:48:45 PM - Run 3 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\paarca\Desktop 64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.89 Gb Total Physical Memory | 3.55 Gb Available Physical Memory | 45.02% Memory free 15.77 Gb Paging File | 11.59 Gb Available in Paging File | 73.46% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 461.48 Gb Total Space | 216.81 Gb Free Space | 46.98% Space Free | Partition Type: NTFS Drive E: | 29.84 Gb Total Space | 22.02 Gb Free Space | 73.79% Space Free | Partition Type: FAT32 Drive F: | 36.24 Gb Total Space | 30.55 Gb Free Space | 84.29% Space Free | Partition Type: NTFS Drive H: | 250.00 Mb Total Space | 172.16 Mb Free Space | 68.86% Space Free | Partition Type: NTFS Drive Z: | 36.24 Gb Total Space | 30.55 Gb Free Space | 84.29% Space Free | Partition Type: NTFS Computer Name: PAARCA2 | User Name: PAARCA | NOT logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/06/26 16:07:33 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\paarca\Desktop\OTL.exe PRC - [2012/05/16 16:02:34 | 012,098,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Lync\communicator.exe PRC - [2012/05/11 17:02:38 | 000,034,104 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe PRC - [2012/04/12 14:08:49 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Users\paarca\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/04/04 15:56:38 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/03/24 19:42:16 | 000,647,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Lync\UcMapi.exe PRC - [2012/03/22 15:04:34 | 000,431,608 | ---- | M] (Virgin HealthMiles Inc.) -- C:\Program Files (x86)\GoZone\GoZone_iSync.exe PRC - [2012/02/15 10:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe PRC - [2012/01/23 03:06:00 | 000,064,576 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE PRC - [2012/01/16 11:47:42 | 000,062,016 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe PRC - [2012/01/16 11:47:40 | 000,044,096 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe PRC - [2012/01/16 11:47:22 | 000,043,584 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/11/28 06:51:54 | 000,108,456 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe PRC - [2011/11/28 06:51:52 | 000,115,624 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe PRC - [2011/11/28 06:51:49 | 000,644,512 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SymCorpUI.exe PRC - [2011/11/28 06:51:45 | 000,181,664 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SavUI.exe PRC - [2011/11/28 06:51:44 | 001,851,224 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe PRC - [2011/11/28 06:51:38 | 000,050,592 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe PRC - [2011/11/13 23:42:54 | 000,354,416 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe PRC - [2011/11/13 23:42:52 | 000,433,264 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe PRC - [2011/11/13 21:49:40 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe PRC - [2011/11/04 15:37:16 | 000,330,304 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe PRC - [2011/10/20 12:11:24 | 000,412,736 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe PRC - [2011/10/20 12:09:32 | 000,363,584 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe PRC - [2011/10/20 12:09:18 | 000,269,376 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe PRC - [2011/10/20 12:09:16 | 000,134,208 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe PRC - [2011/09/27 13:17:40 | 000,386,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe PRC - [2011/08/12 23:18:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011/08/12 05:20:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011/07/12 17:17:04 | 000,138,680 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe PRC - [2011/07/12 16:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe PRC - [2011/07/12 16:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe PRC - [2011/05/19 09:51:52 | 002,629,632 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe PRC - [2011/04/20 17:58:02 | 001,204,224 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe PRC - [2011/04/20 17:53:10 | 000,335,872 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe PRC - [2011/03/23 23:28:14 | 001,359,704 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Altiris\Altiris Agent\AeXNSAgent.exe PRC - [2011/03/23 23:28:07 | 000,214,872 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Altiris\Altiris Agent\AeXAgentUIHost.exe PRC - [2011/02/07 16:15:38 | 000,210,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe PRC - [2011/01/17 10:42:04 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe PRC - [2011/01/17 10:42:02 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe PRC - [2010/11/18 16:47:52 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\SysWOW64\SASrv.exe PRC - [2010/03/23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe PRC - [2010/03/09 00:42:02 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe PRC - [2010/03/09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe PRC - [2010/03/05 20:11:30 | 000,636,192 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe PRC - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe PRC - [2009/09/13 00:09:10 | 000,103,768 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe PRC - [2009/09/13 00:09:04 | 000,550,232 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe PRC - [2009/09/13 00:08:00 | 000,071,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe PRC - [2009/05/05 16:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe ========== Modules (No Company Name) ========== MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/09/26 14:22:42 | 002,085,888 | ---- | M] () -- C:\Program Files\Lenovo\AutoLock\cv210.dll MOD - [2011/09/26 14:22:40 | 002,201,088 | ---- | M] () -- C:\Program Files\Lenovo\AutoLock\cxcore210.dll MOD - [2011/06/01 00:37:24 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2010/12/21 01:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll MOD - [2010/11/19 22:19:58 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL MOD - [2010/11/19 22:19:58 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012/01/16 11:47:42 | 000,062,016 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC) SRV:64bit: - [2012/01/16 11:47:22 | 000,043,584 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE) SRV:64bit: - [2011/11/01 13:37:56 | 001,518,352 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel® SRV:64bit: - [2011/11/01 13:22:28 | 000,844,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel® SRV:64bit: - [2011/10/17 15:48:24 | 000,970,016 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins) SRV:64bit: - [2011/08/11 19:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE) SRV:64bit: - [2011/07/12 16:53:58 | 000,133,992 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC) SRV:64bit: - [2011/07/12 16:53:40 | 000,145,256 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD) SRV:64bit: - [2011/07/12 16:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE) SRV:64bit: - [2011/07/12 16:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC) SRV:64bit: - [2011/03/29 19:15:36 | 000,047,728 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC) SRV:64bit: - [2010/12/17 08:18:08 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg) SRV:64bit: - [2010/11/11 11:48:50 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC) SRV:64bit: - [2010/03/22 10:09:24 | 001,960,784 | ---- | M] (Altiris, Inc.) [On_Demand | Stopped] -- C:\Program Files\Altiris\Dagent\dagent.exe -- (Altiris Deployment Agent) SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012/06/23 18:37:21 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/05/11 17:02:38 | 000,034,104 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService) SRV - [2012/05/03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/01/23 03:06:00 | 000,478,056 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc) SRV - [2012/01/23 03:06:00 | 000,175,168 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe -- (PwmEWSvc) SRV - [2012/01/23 03:06:00 | 000,089,152 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service) SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/11/28 06:51:54 | 000,108,456 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr) SRV - [2011/11/28 06:51:54 | 000,108,456 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr) SRV - [2011/11/28 06:51:48 | 000,428,976 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC) SRV - [2011/11/28 06:51:47 | 003,262,240 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService) SRV - [2011/11/28 06:51:44 | 001,851,224 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus) SRV - [2011/11/13 23:42:54 | 000,354,416 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2011/11/13 23:42:52 | 000,433,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service) SRV - [2011/11/13 21:49:40 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService) SRV - [2011/10/20 12:09:18 | 000,269,376 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc) SRV - [2011/10/20 12:09:16 | 000,134,208 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc) SRV - [2011/10/14 16:21:38 | 000,701,392 | ---- | M] (DameWare Development LLC) [Auto | Running] -- C:\Windows\dwrcs\DWRCS.EXE -- (dwmrcs) SRV - [2011/08/29 22:11:04 | 000,846,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService) SRV - [2011/08/12 23:18:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011/08/12 05:20:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011/05/26 18:14:20 | 003,093,944 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate) SRV - [2011/03/23 23:42:56 | 000,620,376 | ---- | M] (Altiris, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Altiris\Altiris Agent\Agents\WMIProviderAgent\AltirisAgentProvider.exe -- (AltirisAgentProvider) SRV - [2011/03/23 23:28:14 | 001,359,704 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Altiris\Altiris Agent\AeXNSAgent.exe -- (AeXNSClient) SRV - [2011/02/07 16:15:38 | 000,210,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service) Intel® SRV - [2011/01/17 10:42:04 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel® SRV - [2011/01/17 10:42:02 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel® SRV - [2010/11/18 16:47:52 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\SASrv.exe -- (SAService) SRV - [2010/03/23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/03/09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP) SRV - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc) SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/05/29 10:05:03 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012/01/23 03:06:00 | 000,031,344 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DZHDD64.SYS -- (DzHDD64) DRV:64bit: - [2012/01/23 03:06:00 | 000,014,960 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF) DRV:64bit: - [2012/01/11 12:30:58 | 000,360,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel® DRV:64bit: - [2011/12/26 21:10:44 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd) DRV:64bit: - [2011/11/28 06:51:59 | 000,054,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\WPSDRVnt.sys -- (WPS) DRV:64bit: - [2011/11/28 06:51:56 | 000,482,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL) DRV:64bit: - [2011/11/28 06:51:56 | 000,032,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2011/11/28 06:51:55 | 000,453,240 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP) DRV:64bit: - [2011/11/28 06:51:50 | 000,053,880 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Teefer3.sys -- (Teefer3) DRV:64bit: - [2011/11/17 19:40:58 | 000,404,016 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011/11/13 23:43:36 | 000,063,088 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86) DRV:64bit: - [2011/11/13 23:42:40 | 000,032,880 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd) DRV:64bit: - [2011/11/13 23:42:12 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif) DRV:64bit: - [2011/11/13 21:33:56 | 000,045,680 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge) DRV:64bit: - [2011/11/13 21:33:56 | 000,020,080 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter) DRV:64bit: - [2011/10/31 15:57:50 | 008,615,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel® DRV:64bit: - [2011/10/17 16:24:50 | 000,437,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL) DRV:64bit: - [2011/10/17 16:24:44 | 000,164,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2011/10/17 16:24:44 | 000,146,984 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2011/10/17 16:24:44 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2011/10/17 16:24:44 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2011/10/03 15:46:40 | 001,577,088 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2011/09/26 02:40:28 | 012,309,440 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011/08/29 22:11:04 | 000,039,024 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon) DRV:64bit: - [2011/08/29 22:01:10 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb) DRV:64bit: - [2011/08/12 23:18:00 | 000,027,240 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2011/08/08 14:59:12 | 000,116,336 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci) DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV) DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL) DRV:64bit: - [2011/07/04 15:36:12 | 000,225,328 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wpshelper.sys -- (WpsHelper) DRV:64bit: - [2011/05/30 18:21:40 | 000,013,128 | ---- | M] (Authentec Inc.) [Kernel | Auto | Running] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp) SMI Helper Driver (smihlp) DRV:64bit: - [2011/05/25 17:23:00 | 000,101,888 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdxc64.sys -- (risdxc) DRV:64bit: - [2011/05/10 15:11:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011/03/29 19:13:40 | 000,139,888 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf) DRV:64bit: - [2011/03/29 19:11:48 | 000,023,664 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN) DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/03/04 18:18:42 | 000,166,016 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877) DRV:64bit: - [2010/11/19 23:33:58 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV:64bit: - [2010/11/19 23:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/19 21:07:12 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub) DRV:64bit: - [2010/11/19 21:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/19 21:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/11/19 21:03:44 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2010/11/19 21:03:44 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010/11/19 19:57:44 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010/11/11 11:48:30 | 000,039,024 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV) DRV:64bit: - [2010/10/18 18:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel® DRV:64bit: - [2010/09/07 14:09:34 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi) DRV:64bit: - [2010/03/23 14:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV:64bit: - [2010/02/08 09:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA) DRV:64bit: - [2009/09/08 19:13:16 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm) DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009/07/13 19:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008/11/16 19:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE) DRV:64bit: - [2008/03/14 05:00:00 | 000,005,632 | ---- | M] (DameWare Development, LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DamewareMini.sys -- (DwMirror) DRV:64bit: - [2008/03/13 03:00:00 | 000,030,720 | ---- | M] (DameWare) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dwvkbd64.sys -- (dwvkbd) DRV - [2012/05/31 17:22:03 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2012/05/31 17:22:03 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012/05/16 09:27:28 | 002,068,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120626.002\ex64.sys -- (NAVEX15) DRV - [2012/05/16 09:27:28 | 000,120,440 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120626.002\eng64.sys -- (NAVENG) DRV - [2011/11/28 06:51:56 | 000,482,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL) DRV - [2011/11/28 06:51:56 | 000,032,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX) DRV - [2011/11/28 06:51:55 | 000,453,240 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP) DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-307452153-794781224-267960510-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/?rd=1 IE - HKU\S-1-5-21-307452153-794781224-267960510-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKU\S-1-5-21-307452153-794781224-267960510-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AC 13 61 D5 71 ED CB 01 [binary data] IE - HKU\S-1-5-21-307452153-794781224-267960510-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-307452153-794781224-267960510-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-307452153-794781224-267960510-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-307452153-794781224-267960510-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-790525478-1383384898-842925246-41061\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wis.ifsworld.com/ IE - HKU\S-1-5-21-790525478-1383384898-842925246-41061\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp IE - HKU\S-1-5-21-790525478-1383384898-842925246-41061\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US IE - HKU\S-1-5-21-790525478-1383384898-842925246-41061\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 66 94 67 D3 78 00 CD 01 [binary data] IE - HKU\S-1-5-21-790525478-1383384898-842925246-41061\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-790525478-1383384898-842925246-41061\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-790525478-1383384898-842925246-41061\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-790525478-1383384898-842925246-41061\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\paarca\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\paarca\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) [2012/05/16 16:01:36 | 000,031,848 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\paarca\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\paarca\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\paarca\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\paarca\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\paarca\AppData\Local\Google\Chrome\Application\plugins\npatgpc.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\paarca\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - Extension: YouTube = C:\Users\paarca\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\paarca\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Page Monitor = C:\Users\paarca\AppData\Local\Google\Chrome\User Data\Default\Extensions\pemhgklkefakciniebenbfclihhmmfcd\3.2.7_0\ CHR - Extension: Gmail = C:\Users\paarca\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo) O4:64bit: - HKLM..\Run: [ALCKRESI.EXE] C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe (Lenovo Group Limited) O4:64bit: - HKLM..\Run: [DagentUI] C:\Program Files\Altiris\Dagent\dagentui.exe (Altiris, Inc.) O4:64bit: - HKLM..\Run: [DameWare MRC Agent] C:\Windows\dwrcs\DWRCST.EXE (DameWare Development) O4:64bit: - HKLM..\Run: [ForteConfig] C:\Program Files\CONEXANT\ForteConfig\fmapp.exe () O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [PSQLLauncher] C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe (Authentec Inc.) O4:64bit: - HKLM..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.) O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.) O4 - HKLM..\Run: [AeXAgentLogon] C:\Program Files (x86)\Altiris\Altiris Agent\AeXAgentActivate.exe (Symantec Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [brStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [Communicator] C:\Program Files (x86)\Microsoft Lync\communicator.exe (Microsoft Corporation) O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [iMSS] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation) O4 - HKLM..\Run: [indexSearch] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PPort12reminder] C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-307452153-794781224-267960510-1002..\Run: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation) O4 - HKU\S-1-5-21-790525478-1383384898-842925246-41061..\Run: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation) O4 - HKU\S-1-5-21-790525478-1383384898-842925246-41061..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\paarca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GoZone iSync.lnk = C:\Program Files (x86)\GoZone\GoZone_iSync.exe (Virgin HealthMiles Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O7 - HKU\S-1-5-21-307452153-794781224-267960510-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-790525478-1383384898-842925246-41061\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation) O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15:64bit: - ..Trusted Domains: ifsworld.com ([]* in Local intranet) O15 - HKU\S-1-5-21-307452153-794781224-267960510-1002\..Trusted Domains: ifsworld.com ([]* in Local intranet) O15 - HKU\S-1-5-21-790525478-1383384898-842925246-41061\..Trusted Domains: ifsworld.com ([]* in Local intranet) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {25988E0B-4429-4A73-A2B5-7153A68155C7} http://lcs.corpnet.ifsworld.com/login/secured/docmaw/IFSCliMgrOCX.CAB (IFSCliMgrOCX.ClientManager) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {C2F79C99-53F3-42ED-9DD5-5357214ADDD1} http://lcs.corpnet.ifsworld.com/login/secured/docmaw/IFSDropArea.CAB (IFSDropArea.DropArea) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/RACtrl.cab (Performance Viewer Activex Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 151.106.12.103 10.1.25.200 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corpnet.ifsworld.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6C6281B-D6A2-4E75-912B-3CE3F2FA0C82}: DhcpNameServer = 151.106.12.103 10.1.25.200 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.) O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found O20 - Winlogon\Notify\PCANotify: DllName - (PCANotify.dll) - C:\Windows\SysWow64\PCANotify.dll (Symantec Corporation) O20 - Winlogon\Notify\psfus: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/06/26 16:14:46 | 004,569,121 | ---- | C] (Swearware) -- C:\Users\paarca\Desktop\ComboFix.exe [2012/06/26 16:07:32 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\paarca\Desktop\OTL.exe [2012/06/26 15:52:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012/06/26 15:52:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012/06/26 15:52:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2012/06/26 15:47:01 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\paarca\Desktop\dds.scr [2012/06/26 15:44:25 | 000,000,000 | ---D | C] -- C:\Users\paarca\Desktop\TEMP [2012/06/26 15:43:44 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\paarca\Desktop\SB-S&D_01-11-11_v1.6.2.exe [2012/06/26 14:54:10 | 000,000,000 | ---D | C] -- C:\Users\paarca\AppData\Roaming\SUPERAntiSpyware.com [2012/06/26 14:54:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2012/06/26 14:54:02 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2012/06/26 14:54:02 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2012/06/26 14:26:18 | 000,000,000 | ---D | C] -- C:\Users\paarca\AppData\Roaming\Malwarebytes [2012/06/26 14:26:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/06/26 14:26:12 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/06/26 14:26:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/06/26 14:26:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/06/26 14:17:12 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012/06/26 10:03:43 | 000,000,000 | ---D | C] -- C:\Users\paarca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix Apps [2012/06/21 09:20:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012/06/11 11:26:39 | 000,000,000 | ---D | C] -- C:\Users\paarca\Desktop\DEERE EDI SOW [2012/06/08 11:55:46 | 000,000,000 | ---D | C] -- C:\Users\paarca\Desktop\New folder [2012/06/06 14:03:41 | 000,000,000 | R--D | C] -- C:\Users\paarca\AppData\Roaming\Brother [2012/06/06 12:37:41 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012/06/06 12:21:32 | 000,000,000 | ---D | C] -- C:\ProgramData\PCDr [2012/06/06 12:21:32 | 000,000,000 | ---D | C] -- C:\ProgramData\PC-Doctor for Windows [2012/06/06 12:21:29 | 000,000,000 | ---D | C] -- C:\Program Files\PC-Doctor [2012/06/06 12:19:34 | 000,000,000 | ---D | C] -- C:\Users\paarca\AppData\Roaming\Update [2012/06/06 12:19:18 | 000,000,000 | ---D | C] -- C:\Users\paarca\AppData\Roaming\PCDr [2012/06/06 09:33:22 | 000,000,000 | ---D | C] -- C:\Users\paarca\AppData\Roaming\Skype [2012/06/06 09:33:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012/06/06 09:33:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012/06/06 09:33:15 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2012/06/06 09:33:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2012/06/05 07:56:58 | 000,000,000 | ---D | C] -- C:\Users\paarca\AppData\Roaming\ControlCenter4 [2012/06/05 07:56:42 | 000,000,000 | ---D | C] -- C:\Users\paarca\AppData\Roaming\FLEXnet [2012/06/04 14:53:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother [2012/06/04 14:51:21 | 000,000,000 | ---D | C] -- C:\Brother [2012/06/04 14:51:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Browny02 [2012/06/04 14:51:14 | 000,000,000 | ---D | C] -- C:\ProgramData\ControlCenter4 [2012/06/04 14:51:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ControlCenter4 [2012/06/04 14:51:07 | 000,290,304 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrfxDA5c.dll [2012/06/04 14:51:06 | 000,255,488 | R--- | C] (brother) -- C:\Windows\SysNative\NSSRH64.dll [2012/06/04 14:51:06 | 000,083,968 | R--- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrNetSti.dll [2012/06/04 14:51:06 | 000,058,880 | R--- | C] (Brother Industries,Ltd.) -- C:\Windows\SysNative\BrWiaNCp.dll [2012/06/04 14:51:06 | 000,051,712 | R--- | C] (Brother Industries,Ltd) -- C:\Windows\SysNative\Brnsplg.dll [2012/06/04 14:50:48 | 001,441,280 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrWi211a.dll [2012/06/04 14:50:48 | 000,278,528 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrJDec.dll [2012/06/04 14:50:21 | 000,103,792 | ---- | C] (Brother Industries Ltd) -- C:\Windows\SysWow64\BRRBI110.EXE [2012/06/04 14:50:21 | 000,050,176 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BRPRTINK.DLL [2012/06/04 14:50:16 | 000,180,224 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysWow64\BROSNMP.DLL [2012/06/04 14:50:16 | 000,077,824 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysWow64\BRLMW03A.DLL [2012/06/04 14:50:16 | 000,025,299 | ---- | C] (Brother Industries, Ltd) -- C:\Windows\SysWow64\BRLM03A.DLL [2012/06/04 14:50:10 | 000,241,664 | ---- | C] (brother) -- C:\Windows\SysWow64\NSSearch.dll [2012/06/04 14:50:10 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2.dll [2012/06/04 14:50:10 | 000,005,120 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2L.dll [2012/06/04 14:50:10 | 000,003,072 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2S.dll [2012/06/04 14:50:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Brother [2012/06/04 14:47:49 | 000,000,000 | ---D | C] -- C:\Program Files\Nuance [2012/06/04 14:47:23 | 000,000,000 | ---D | C] -- C:\ProgramData\zeon [2012/06/04 14:46:42 | 000,000,000 | ---D | C] -- C:\Users\paarca\AppData\Roaming\Nuance [2012/06/04 14:46:31 | 000,000,000 | ---D | C] -- C:\ProgramData\ScanSoft [2012/06/04 14:46:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance PaperPort 12 [2012/06/04 14:45:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ScanSoft Shared [2012/06/04 14:45:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Nuance [2012/06/04 14:45:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nuance [2012/06/04 14:45:25 | 000,000,000 | ---D | C] -- C:\Users\paarca\Documents\MyWebPages [2012/06/04 14:45:25 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet [2012/06/04 14:44:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2012/06/04 14:44:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Brother [2012/06/04 14:40:24 | 000,000,000 | ---D | C] -- C:\Users\paarca\AppData\Local\LogMeIn [2012/06/04 14:40:24 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn [2012/05/31 13:33:54 | 000,000,000 | ---D | C] -- C:\Users\paarca\AppData\Roaming\Mozilla [2012/05/31 13:33:26 | 000,000,000 | ---D | C] -- C:\Users\paarca\Logitech [2012/05/31 13:33:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Remote Control Software Common [2012/05/31 13:33:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech [2012/05/31 13:33:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech [2012/05/31 13:33:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Remote Control USB Driver [2012/05/31 13:32:51 | 000,000,000 | ---D | C] -- C:\Users\paarca\AppData\Roaming\InstallShield [2011/02/07 16:15:50 | 000,020,944 | ---- | C] (Intel Corporation) -- C:\Users\paarca\AppData\Roaming\JomCap.dll [4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/06/26 16:37:06 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/06/26 16:15:09 | 004,569,121 | ---- | M] (Swearware) -- C:\Users\paarca\Desktop\ComboFix.exe [2012/06/26 16:13:05 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1383384898-842925246-41061UA.job [2012/06/26 16:07:33 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\paarca\Desktop\OTL.exe [2012/06/26 15:52:55 | 000,001,282 | ---- | M] () -- C:\Users\paarca\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk [2012/06/26 15:52:55 | 000,001,258 | ---- | M] () -- C:\Users\paarca\Desktop\Spybot - Search & Destroy.lnk [2012/06/26 15:47:03 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\paarca\Desktop\dds.scr [2012/06/26 15:44:09 | 000,012,288 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/06/26 15:44:09 | 000,012,288 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/06/26 15:39:02 | 000,787,218 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/06/26 15:39:02 | 000,665,982 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/06/26 15:39:02 | 000,123,344 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/06/26 15:33:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/06/26 14:54:06 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012/06/26 14:13:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1383384898-842925246-41061Core.job [2012/06/26 13:59:09 | 000,002,886 | RHS- | M] () -- C:\Users\paarca\ntuser.pol [2012/06/26 13:58:31 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2012/06/25 15:20:25 | 000,001,292 | ---- | M] () -- C:\Users\paarca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2012/06/25 08:20:36 | 000,002,012 | -H-- | M] () -- C:\Users\paarca\Documents\Default.rdp [2012/06/21 12:09:51 | 000,416,024 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/06/13 12:01:21 | 000,048,131 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2012/06/13 12:00:57 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job [2012/06/12 09:37:33 | 000,023,924 | ---- | M] () -- C:\Users\paarca\Desktop\G1151886_Counter_Signed.pdf [2012/06/12 09:36:08 | 000,056,672 | ---- | M] () -- C:\Users\paarca\Desktop\G1151885_Counter_Signed.pdf [2012/06/12 09:26:46 | 000,199,978 | ---- | M] () -- C:\Users\paarca\Desktop\SOW_G1137506_SID14546_Counter_Signed.pdf [2012/06/12 09:22:27 | 000,228,170 | ---- | M] () -- C:\Users\paarca\Desktop\SOW_JDEU_Mod_Updates_Group1_Signed_Counter_Signed.pdf.pdf [2012/06/04 14:53:26 | 000,000,245 | ---- | M] () -- C:\Windows\Brpfx04a.ini [2012/06/04 14:53:26 | 000,000,093 | ---- | M] () -- C:\Windows\brpcfx.ini [2012/06/04 14:53:15 | 000,003,302 | ---- | M] () -- C:\Windows\BRPARAM.INI [2012/05/31 13:33:21 | 000,002,357 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Harmony Remote Software 7.lnk [2012/05/29 16:26:21 | 000,636,044 | ---- | M] () -- C:\Users\paarca\Desktop\TJSID10007-2.pdf [2012/05/29 10:05:03 | 000,174,200 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2012/05/29 10:05:03 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2012/05/29 10:05:03 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/06/26 15:52:55 | 000,001,282 | ---- | C] () -- C:\Users\paarca\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk [2012/06/26 15:52:55 | 000,001,258 | ---- | C] () -- C:\Users\paarca\Desktop\Spybot - Search & Destroy.lnk [2012/06/26 15:39:37 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{dd2eb0e5-4bab-b8a6-702f-3224eae0f635}\U\00000008.@ [2012/06/26 14:54:06 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012/06/26 11:58:40 | 000,088,064 | ---- | C] () -- C:\Windows\Installer\{dd2eb0e5-4bab-b8a6-702f-3224eae0f635}\U\80000032.@ [2012/06/26 11:58:40 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{dd2eb0e5-4bab-b8a6-702f-3224eae0f635}\L\00000004.@ [2012/06/26 11:58:39 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{dd2eb0e5-4bab-b8a6-702f-3224eae0f635}\U\80000064.@ [2012/06/26 11:58:37 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{dd2eb0e5-4bab-b8a6-702f-3224eae0f635}\U\00000004.@ [2012/06/26 11:58:37 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{dd2eb0e5-4bab-b8a6-702f-3224eae0f635}\U\000000cb.@ [2012/06/12 09:37:33 | 000,023,924 | ---- | C] () -- C:\Users\paarca\Desktop\G1151886_Counter_Signed.pdf [2012/06/12 09:36:08 | 000,056,672 | ---- | C] () -- C:\Users\paarca\Desktop\G1151885_Counter_Signed.pdf [2012/06/12 09:26:46 | 000,199,978 | ---- | C] () -- C:\Users\paarca\Desktop\SOW_G1137506_SID14546_Counter_Signed.pdf [2012/06/12 09:22:27 | 000,228,170 | ---- | C] () -- C:\Users\paarca\Desktop\SOW_JDEU_Mod_Updates_Group1_Signed_Counter_Signed.pdf.pdf [2012/06/06 12:21:54 | 000,000,528 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job [2012/06/06 12:21:54 | 000,000,466 | ---- | C] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2012/06/04 14:53:26 | 000,000,245 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2012/06/04 14:53:26 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini [2012/06/04 14:52:42 | 000,003,302 | ---- | C] () -- C:\Windows\BRPARAM.INI [2012/06/04 14:51:07 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat [2012/06/04 14:51:06 | 000,143,360 | R--- | C] () -- C:\Windows\SysNative\BrSNMP64.dll [2012/06/04 14:50:28 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL [2012/06/04 14:50:16 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI [2012/05/31 13:33:21 | 000,002,357 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Harmony Remote Software 7.lnk [2012/05/29 16:26:21 | 000,636,044 | ---- | C] () -- C:\Users\paarca\Desktop\TJSID10007-2.pdf [2012/04/11 16:59:30 | 000,008,592 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll [2012/04/03 11:43:21 | 000,000,352 | ---- | C] () -- C:\Users\paarca\AppData\Roaming\Network Meter_Settings.ini [2012/04/03 11:42:37 | 000,000,412 | ---- | C] () -- C:\Users\paarca\AppData\Roaming\All CPU Meter_Settings.ini [2012/03/12 09:37:51 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012/03/12 09:37:50 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012/03/12 09:37:49 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012/03/12 09:37:48 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2012/03/12 09:37:47 | 013,903,360 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2012/03/12 08:42:49 | 000,002,886 | RHS- | C] () -- C:\Users\paarca\ntuser.pol [2012/03/10 00:54:07 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{dd2eb0e5-4bab-b8a6-702f-3224eae0f635}\@ [2012/03/10 00:54:07 | 000,002,048 | -HS- | C] () -- C:\Users\paarca\AppData\Local\{dd2eb0e5-4bab-b8a6-702f-3224eae0f635}\@ [2012/03/10 00:14:56 | 000,800,508 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/03/09 14:26:23 | 000,000,000 | ---- | C] () -- C:\Windows\WINAWSVR.INI [2012/03/09 14:16:11 | 000,048,131 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011/08/12 05:20:56 | 000,305,256 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe ========== LOP Check ========== [2012/03/09 14:34:16 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\ICAClient [2012/03/09 14:34:16 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\ICAClient [2012/03/12 08:43:25 | 000,000,000 | ---D | M] -- C:\Users\paarca\AppData\Roaming\Citrix [2012/06/05 07:57:21 | 000,000,000 | ---D | M] -- C:\Users\paarca\AppData\Roaming\ControlCenter4 [2012/03/21 12:35:06 | 000,000,000 | ---D | M] -- C:\Users\paarca\AppData\Roaming\ICAClient [2012/03/19 09:33:54 | 000,000,000 | ---D | M] -- C:\Users\paarca\AppData\Roaming\JAM Software [2012/06/04 14:46:42 | 000,000,000 | ---D | M] -- C:\Users\paarca\AppData\Roaming\Nuance [2012/06/06 12:36:37 | 000,000,000 | ---D | M] -- C:\Users\paarca\AppData\Roaming\PCDr [2012/03/12 13:16:19 | 000,000,000 | ---D | M] -- C:\Users\paarca\AppData\Roaming\PwrMgr [2012/06/25 11:33:19 | 000,000,000 | ---D | M] -- C:\Users\paarca\AppData\Roaming\ShoreWare Client [2012/06/06 12:22:00 | 000,000,000 | ---D | M] -- C:\Users\paarca\AppData\Roaming\Update [2012/06/22 12:48:00 | 000,000,000 | ---D | M] -- C:\Users\paarca\AppData\Roaming\webex [2012/03/09 14:34:16 | 000,000,000 | ---D | M] -- C:\Users\UpdatusUser\AppData\Roaming\ICAClient [2012/06/13 12:00:57 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job [2009/07/14 01:08:49 | 000,022,390 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012/06/26 13:58:31 | 000,000,466 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job ========== Purity Check ========== < End of report >
  12. Hello, hopefully someone can provide me with assistance in removing this virus. Thank you log files are attached. Attach.txt DDS.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.