Jump to content


Photo
- - - - -

Trojan.dropper.BCMinner


  • This topic is locked This topic is locked
23 replies to this topic

#1 roadtoy

roadtoy

    New Member

  • Members
  • Pip
  • 12 posts

Posted 26 June 2012 - 03:05 PM

Hello, hopefully someone can provide me with assistance in removing this virus.

Thank you

log files are attached.

Attached Files



#2 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,405 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 26 June 2012 - 03:34 PM

Hello roadtoy and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:
  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

BACKDOOR WARNING


One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?
Help: I Got Hacked. Now What Do I Do? Part II
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


Step 1

I see you are running Teatimer.
I suggest you to disable it because it can interfere with the changes you'll make on your system.
When everything is done and your log is clean again, you can enable it again.
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
How to disable TeaTimer <== click me for instructions.

After you disabled Teatimer, download ResetTeaTimer.exe to your desktop.
Then run ResetTeaTimer.exe.
This will only take a few seconds.


Step 2

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#3 roadtoy

roadtoy

    New Member

  • Members
  • Pip
  • 12 posts

Posted 26 June 2012 - 04:02 PM

attached are the contents of the files.

One hiccup... i ran this a few times, however only only had the extras.txt file created on the first execution.

OTL logfile created on: 6/26/2012 4:48:45 PM - Run 3
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\paarca\Desktop
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.89 Gb Total Physical Memory | 3.55 Gb Available Physical Memory | 45.02% Memory free
15.77 Gb Paging File | 11.59 Gb Available in Paging File | 73.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 461.48 Gb Total Space | 216.81 Gb Free Space | 46.98% Space Free | Partition Type: NTFS
Drive E: | 29.84 Gb Total Space | 22.02 Gb Free Space | 73.79% Space Free | Partition Type: FAT32
Drive F: | 36.24 Gb Total Space | 30.55 Gb Free Space | 84.29% Space Free | Partition Type: NTFS
Drive H: | 250.00 Mb Total Space | 172.16 Mb Free Space | 68.86% Space Free | Partition Type: NTFS
Drive Z: | 36.24 Gb Total Space | 30.55 Gb Free Space | 84.29% Space Free | Partition Type: NTFS

Computer Name: PAARCA2 | User Name: PAARCA | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/26 16:07:33 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\paarca\Desktop\OTL.exe
PRC - [2012/05/16 16:02:34 | 012,098,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Lync\communicator.exe
PRC - [2012/05/11 17:02:38 | 000,034,104 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe
PRC - [2012/04/12 14:08:49 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Users\paarca\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/24 19:42:16 | 000,647,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Lync\UcMapi.exe
PRC - [2012/03/22 15:04:34 | 000,431,608 | ---- | M] (Virgin HealthMiles Inc.) -- C:\Program Files (x86)\GoZone\GoZone_iSync.exe
PRC - [2012/02/15 10:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2012/01/23 03:06:00 | 000,064,576 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
PRC - [2012/01/16 11:47:42 | 000,062,016 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2012/01/16 11:47:40 | 000,044,096 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
PRC - [2012/01/16 11:47:22 | 000,043,584 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/28 06:51:54 | 000,108,456 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2011/11/28 06:51:52 | 000,115,624 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
PRC - [2011/11/28 06:51:49 | 000,644,512 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SymCorpUI.exe
PRC - [2011/11/28 06:51:45 | 000,181,664 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SavUI.exe
PRC - [2011/11/28 06:51:44 | 001,851,224 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2011/11/28 06:51:38 | 000,050,592 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
PRC - [2011/11/13 23:42:54 | 000,354,416 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2011/11/13 23:42:52 | 000,433,264 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2011/11/13 21:49:40 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2011/11/04 15:37:16 | 000,330,304 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011/10/20 12:11:24 | 000,412,736 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
PRC - [2011/10/20 12:09:32 | 000,363,584 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
PRC - [2011/10/20 12:09:18 | 000,269,376 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
PRC - [2011/10/20 12:09:16 | 000,134,208 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
PRC - [2011/09/27 13:17:40 | 000,386,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
PRC - [2011/08/12 23:18:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/08/12 05:20:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/07/12 17:17:04 | 000,138,680 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2011/07/12 16:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
PRC - [2011/07/12 16:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2011/05/19 09:51:52 | 002,629,632 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
PRC - [2011/04/20 17:58:02 | 001,204,224 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
PRC - [2011/04/20 17:53:10 | 000,335,872 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
PRC - [2011/03/23 23:28:14 | 001,359,704 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Altiris\Altiris Agent\AeXNSAgent.exe
PRC - [2011/03/23 23:28:07 | 000,214,872 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Altiris\Altiris Agent\AeXAgentUIHost.exe
PRC - [2011/02/07 16:15:38 | 000,210,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2011/01/17 10:42:04 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/01/17 10:42:02 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/11/18 16:47:52 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\SysWOW64\SASrv.exe
PRC - [2010/03/23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010/03/09 00:42:02 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
PRC - [2010/03/09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2010/03/05 20:11:30 | 000,636,192 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
PRC - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe
PRC - [2009/09/13 00:09:10 | 000,103,768 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2009/09/13 00:09:04 | 000,550,232 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2009/09/13 00:08:00 | 000,071,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
PRC - [2009/05/05 16:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/09/26 14:22:42 | 002,085,888 | ---- | M] () -- C:\Program Files\Lenovo\AutoLock\cv210.dll
MOD - [2011/09/26 14:22:40 | 002,201,088 | ---- | M] () -- C:\Program Files\Lenovo\AutoLock\cxcore210.dll
MOD - [2011/06/01 00:37:24 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/12/21 01:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
MOD - [2010/11/19 22:19:58 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2010/11/19 22:19:58 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/01/16 11:47:42 | 000,062,016 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV:64bit: - [2012/01/16 11:47:22 | 000,043,584 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV:64bit: - [2011/11/01 13:37:56 | 001,518,352 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV:64bit: - [2011/11/01 13:22:28 | 000,844,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV:64bit: - [2011/10/17 15:48:24 | 000,970,016 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2011/08/11 19:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2011/07/12 16:53:58 | 000,133,992 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV:64bit: - [2011/07/12 16:53:40 | 000,145,256 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV:64bit: - [2011/07/12 16:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV:64bit: - [2011/07/12 16:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV:64bit: - [2011/03/29 19:15:36 | 000,047,728 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2010/12/17 08:18:08 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)
SRV:64bit: - [2010/11/11 11:48:50 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2010/03/22 10:09:24 | 001,960,784 | ---- | M] (Altiris, Inc.) [On_Demand | Stopped] -- C:\Program Files\Altiris\Dagent\dagent.exe -- (Altiris Deployment Agent)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/06/23 18:37:21 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/11 17:02:38 | 000,034,104 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2012/05/03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/23 03:06:00 | 000,478,056 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc)
SRV - [2012/01/23 03:06:00 | 000,175,168 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe -- (PwmEWSvc)
SRV - [2012/01/23 03:06:00 | 000,089,152 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/28 06:51:54 | 000,108,456 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2011/11/28 06:51:54 | 000,108,456 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2011/11/28 06:51:48 | 000,428,976 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC)
SRV - [2011/11/28 06:51:47 | 003,262,240 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2011/11/28 06:51:44 | 001,851,224 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2011/11/13 23:42:54 | 000,354,416 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2011/11/13 23:42:52 | 000,433,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2011/11/13 21:49:40 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2011/10/20 12:09:18 | 000,269,376 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2011/10/20 12:09:16 | 000,134,208 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2011/10/14 16:21:38 | 000,701,392 | ---- | M] (DameWare Development LLC) [Auto | Running] -- C:\Windows\dwrcs\DWRCS.EXE -- (dwmrcs)
SRV - [2011/08/29 22:11:04 | 000,846,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2011/08/12 23:18:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/08/12 05:20:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/05/26 18:14:20 | 003,093,944 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2011/03/23 23:42:56 | 000,620,376 | ---- | M] (Altiris, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Altiris\Altiris Agent\Agents\WMIProviderAgent\AltirisAgentProvider.exe -- (AltirisAgentProvider)
SRV - [2011/03/23 23:28:14 | 001,359,704 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Altiris\Altiris Agent\AeXNSAgent.exe -- (AeXNSClient)
SRV - [2011/02/07 16:15:38 | 000,210,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service) Intel®
SRV - [2011/01/17 10:42:04 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2011/01/17 10:42:02 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/11/18 16:47:52 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\SASrv.exe -- (SAService)
SRV - [2010/03/23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/05/29 10:05:03 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/01/23 03:06:00 | 000,031,344 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DZHDD64.SYS -- (DzHDD64)
DRV:64bit: - [2012/01/23 03:06:00 | 000,014,960 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2012/01/11 12:30:58 | 000,360,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel®
DRV:64bit: - [2011/12/26 21:10:44 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2011/11/28 06:51:59 | 000,054,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\WPSDRVnt.sys -- (WPS)
DRV:64bit: - [2011/11/28 06:51:56 | 000,482,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL)
DRV:64bit: - [2011/11/28 06:51:56 | 000,032,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2011/11/28 06:51:55 | 000,453,240 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/11/28 06:51:50 | 000,053,880 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Teefer3.sys -- (Teefer3)
DRV:64bit: - [2011/11/17 19:40:58 | 000,404,016 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/11/13 23:43:36 | 000,063,088 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2011/11/13 23:42:40 | 000,032,880 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2011/11/13 23:42:12 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2011/11/13 21:33:56 | 000,045,680 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2011/11/13 21:33:56 | 000,020,080 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2011/10/31 15:57:50 | 008,615,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®
DRV:64bit: - [2011/10/17 16:24:50 | 000,437,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2011/10/17 16:24:44 | 000,164,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011/10/17 16:24:44 | 000,146,984 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011/10/17 16:24:44 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011/10/17 16:24:44 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011/10/03 15:46:40 | 001,577,088 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/09/26 02:40:28 | 012,309,440 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/08/29 22:11:04 | 000,039,024 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2011/08/29 22:01:10 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2011/08/12 23:18:00 | 000,027,240 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011/08/08 14:59:12 | 000,116,336 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/07/04 15:36:12 | 000,225,328 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wpshelper.sys -- (WpsHelper)
DRV:64bit: - [2011/05/30 18:21:40 | 000,013,128 | ---- | M] (Authentec Inc.) [Kernel | Auto | Running] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp) SMI Helper Driver (smihlp)
DRV:64bit: - [2011/05/25 17:23:00 | 000,101,888 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdxc64.sys -- (risdxc)
DRV:64bit: - [2011/05/10 15:11:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/03/29 19:13:40 | 000,139,888 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2011/03/29 19:11:48 | 000,023,664 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/04 18:18:42 | 000,166,016 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
DRV:64bit: - [2010/11/19 23:33:58 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/19 23:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/19 21:07:12 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/19 21:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/19 21:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/19 21:03:44 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/19 21:03:44 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/19 19:57:44 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/11 11:48:30 | 000,039,024 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2010/10/18 18:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/09/07 14:09:34 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2010/03/23 14:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010/02/08 09:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009/09/08 19:13:16 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 19:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/11/16 19:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2008/03/14 05:00:00 | 000,005,632 | ---- | M] (DameWare Development, LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DamewareMini.sys -- (DwMirror)
DRV:64bit: - [2008/03/13 03:00:00 | 000,030,720 | ---- | M] (DameWare) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dwvkbd64.sys -- (dwvkbd)
DRV - [2012/05/31 17:22:03 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/05/31 17:22:03 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/05/16 09:27:28 | 002,068,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120626.002\ex64.sys -- (NAVEX15)
DRV - [2012/05/16 09:27:28 | 000,120,440 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120626.002\eng64.sys -- (NAVENG)
DRV - [2011/11/28 06:51:56 | 000,482,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
DRV - [2011/11/28 06:51:56 | 000,032,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)
DRV - [2011/11/28 06:51:55 | 000,453,240 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-307452153-794781224-267960510-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/?rd=1
IE - HKU\S-1-5-21-307452153-794781224-267960510-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-307452153-794781224-267960510-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AC 13 61 D5 71 ED CB 01 [binary data]
IE - HKU\S-1-5-21-307452153-794781224-267960510-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-307452153-794781224-267960510-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-307452153-794781224-267960510-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-307452153-794781224-267960510-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-790525478-1383384898-842925246-41061\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wis.ifsworld.com/
IE - HKU\S-1-5-21-790525478-1383384898-842925246-41061\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-790525478-1383384898-842925246-41061\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-790525478-1383384898-842925246-41061\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 66 94 67 D3 78 00 CD 01 [binary data]
IE - HKU\S-1-5-21-790525478-1383384898-842925246-41061\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-790525478-1383384898-842925246-41061\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-790525478-1383384898-842925246-41061\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-790525478-1383384898-842925246-41061\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\paarca\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\paarca\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)


[2012/05/16 16:01:36 | 000,031,848 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\paarca\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\paarca\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\paarca\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\paarca\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\paarca\AppData\Local\Google\Chrome\Application\plugins\npatgpc.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\paarca\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\paarca\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\paarca\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Page Monitor = C:\Users\paarca\AppData\Local\Google\Chrome\User Data\Default\Extensions\pemhgklkefakciniebenbfclihhmmfcd\3.2.7_0\
CHR - Extension: Gmail = C:\Users\paarca\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
O4:64bit: - HKLM..\Run: [ALCKRESI.EXE] C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [DagentUI] C:\Program Files\Altiris\Dagent\dagentui.exe (Altiris, Inc.)
O4:64bit: - HKLM..\Run: [DameWare MRC Agent] C:\Windows\dwrcs\DWRCST.EXE (DameWare Development)
O4:64bit: - HKLM..\Run: [ForteConfig] C:\Program Files\CONEXANT\ForteConfig\fmapp.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PSQLLauncher] C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe (Authentec Inc.)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [AeXAgentLogon] C:\Program Files (x86)\Altiris\Altiris Agent\AeXAgentActivate.exe (Symantec Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Communicator] C:\Program Files (x86)\Microsoft Lync\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort12reminder] C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-307452153-794781224-267960510-1002..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-790525478-1383384898-842925246-41061..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-790525478-1383384898-842925246-41061..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\paarca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GoZone iSync.lnk = C:\Program Files (x86)\GoZone\GoZone_iSync.exe (Virgin HealthMiles Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\S-1-5-21-307452153-794781224-267960510-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-790525478-1383384898-842925246-41061\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: ifsworld.com ([]* in Local intranet)
O15 - HKU\S-1-5-21-307452153-794781224-267960510-1002\..Trusted Domains: ifsworld.com ([]* in Local intranet)
O15 - HKU\S-1-5-21-790525478-1383384898-842925246-41061\..Trusted Domains: ifsworld.com ([]* in Local intranet)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {25988E0B-4429-4A73-A2B5-7153A68155C7} http://lcs.corpnet.i...FSCliMgrOCX.CAB (IFSCliMgrOCX.ClientManager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {C2F79C99-53F3-42ED-9DD5-5357214ADDD1} http://lcs.corpnet.i...IFSDropArea.CAB (IFSDropArea.DropArea)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...ivex/RACtrl.cab (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 151.106.12.103 10.1.25.200
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corpnet.ifsworld.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6C6281B-D6A2-4E75-912B-3CE3F2FA0C82}: DhcpNameServer = 151.106.12.103 10.1.25.200
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\PCANotify: DllName - (PCANotify.dll) - C:\Windows\SysWow64\PCANotify.dll (Symantec Corporation)
O20 - Winlogon\Notify\psfus: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/26 16:14:46 | 004,569,121 | ---- | C] (Swearware) -- C:\Users\paarca\Desktop\ComboFix.exe
[2012/06/26 16:07:32 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\paarca\Desktop\OTL.exe
[2012/06/26 15:52:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/06/26 15:52:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/06/26 15:52:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/06/26 15:47:01 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\paarca\Desktop\dds.scr
[2012/06/26 15:44:25 | 000,000,000 | ---D | C] -- C:\Users\paarca\Desktop\TEMP
[2012/06/26 15:43:44 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\paarca\Desktop\SB-S&D_01-11-11_v1.6.2.exe
[2012/06/26 14:54:10 | 000,000,000 | ---D | C] -- C:\Users\paarca\AppData\Roaming\SUPERAntiSpyware.com
[2012/06/26 14:54:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/06/26 14:54:02 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/06/26 14:54:02 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/06/26 14:26:18 | 000,000,000 | ---D | C] -- C:\Users\paarca\AppData\Roaming\Malwarebytes
[2012/06/26 14:26:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/26 14:26:12 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/26 14:26:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/26 14:26:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/26 14:17:12 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/06/26 10:03:43 | 000,000,000 | ---D | C] -- C:\Users\paarca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix Apps
[2012/06/21 09:20:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/06/11 11:26:39 | 000,000,000 | ---D | C] -- C:\Users\paarca\Desktop\DEERE EDI SOW
[2012/06/08 11:55:46 | 000,000,000 | ---D | C] -- C:\Users\paarca\Desktop\New folder
[2012/06/06 14:03:41 | 000,000,000 | R--D | C] -- C:\Users\paarca\AppData\Roaming\Brother
[2012/06/06 12:37:41 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/06/06 12:21:32 | 000,000,000 | ---D | C] -- C:\ProgramData\PCDr
[2012/06/06 12:21:32 | 000,000,000 | ---D | C] -- C:\ProgramData\PC-Doctor for Windows
[2012/06/06 12:21:29 | 000,000,000 | ---D | C] -- C:\Program Files\PC-Doctor
[2012/06/06 12:19:34 | 000,000,000 | ---D | C] -- C:\Users\paarca\AppData\Roaming\Update
[2012/06/06 12:19:18 | 000,000,000 | ---D | C] -- C:\Users\paarca\AppData\Roaming\PCDr
[2012/06/06 09:33:22 | 000,000,000 | ---D | C] -- C:\Users\paarca\AppData\Roaming\Skype
[2012/06/06 09:33:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/06/06 09:33:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/06/06 09:33:15 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/06/06 09:33:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012/06/05 07:56:58 | 000,000,000 | ---D | C] -- C:\Users\paarca\AppData\Roaming\ControlCenter4
[2012/06/05 07:56:42 | 000,000,000 | ---D | C] -- C:\Users\paarca\AppData\Roaming\FLEXnet
[2012/06/04 14:53:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
[2012/06/04 14:51:21 | 000,000,000 | ---D | C] -- C:\Brother
[2012/06/04 14:51:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Browny02
[2012/06/04 14:51:14 | 000,000,000 | ---D | C] -- C:\ProgramData\ControlCenter4
[2012/06/04 14:51:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ControlCenter4
[2012/06/04 14:51:07 | 000,290,304 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrfxDA5c.dll
[2012/06/04 14:51:06 | 000,255,488 | R--- | C] (brother) -- C:\Windows\SysNative\NSSRH64.dll
[2012/06/04 14:51:06 | 000,083,968 | R--- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrNetSti.dll
[2012/06/04 14:51:06 | 000,058,880 | R--- | C] (Brother Industries,Ltd.) -- C:\Windows\SysNative\BrWiaNCp.dll
[2012/06/04 14:51:06 | 000,051,712 | R--- | C] (Brother Industries,Ltd) -- C:\Windows\SysNative\Brnsplg.dll
[2012/06/04 14:50:48 | 001,441,280 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrWi211a.dll
[2012/06/04 14:50:48 | 000,278,528 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrJDec.dll
[2012/06/04 14:50:21 | 000,103,792 | ---- | C] (Brother Industries Ltd) -- C:\Windows\SysWow64\BRRBI110.EXE
[2012/06/04 14:50:21 | 000,050,176 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BRPRTINK.DLL
[2012/06/04 14:50:16 | 000,180,224 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysWow64\BROSNMP.DLL
[2012/06/04 14:50:16 | 000,077,824 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysWow64\BRLMW03A.DLL
[2012/06/04 14:50:16 | 000,025,299 | ---- | C] (Brother Industries, Ltd) -- C:\Windows\SysWow64\BRLM03A.DLL
[2012/06/04 14:50:10 | 000,241,664 | ---- | C] (brother) -- C:\Windows\SysWow64\NSSearch.dll
[2012/06/04 14:50:10 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2.dll
[2012/06/04 14:50:10 | 000,005,120 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2L.dll
[2012/06/04 14:50:10 | 000,003,072 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2S.dll
[2012/06/04 14:50:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Brother
[2012/06/04 14:47:49 | 000,000,000 | ---D | C] -- C:\Program Files\Nuance
[2012/06/04 14:47:23 | 000,000,000 | ---D | C] -- C:\ProgramData\zeon
[2012/06/04 14:46:42 | 000,000,000 | ---D | C] -- C:\Users\paarca\AppData\Roaming\Nuance
[2012/06/04 14:46:31 | 000,000,000 | ---D | C] -- C:\ProgramData\ScanSoft
[2012/06/04 14:46:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance PaperPort 12
[2012/06/04 14:45:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ScanSoft Shared
[2012/06/04 14:45:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Nuance
[2012/06/04 14:45:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nuance
[2012/06/04 14:45:25 | 000,000,000 | ---D | C] -- C:\Users\paarca\Documents\MyWebPages
[2012/06/04 14:45:25 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2012/06/04 14:44:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012/06/04 14:44:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Brother
[2012/06/04 14:40:24 | 000,000,000 | ---D | C] -- C:\Users\paarca\AppData\Local\LogMeIn
[2012/06/04 14:40:24 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn
[2012/05/31 13:33:54 | 000,000,000 | ---D | C] -- C:\Users\paarca\AppData\Roaming\Mozilla
[2012/05/31 13:33:26 | 000,000,000 | ---D | C] -- C:\Users\paarca\Logitech
[2012/05/31 13:33:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Remote Control Software Common
[2012/05/31 13:33:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2012/05/31 13:33:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech
[2012/05/31 13:33:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Remote Control USB Driver
[2012/05/31 13:32:51 | 000,000,000 | ---D | C] -- C:\Users\paarca\AppData\Roaming\InstallShield
[2011/02/07 16:15:50 | 000,020,944 | ---- | C] (Intel Corporation) -- C:\Users\paarca\AppData\Roaming\JomCap.dll
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/26 16:37:06 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/26 16:15:09 | 004,569,121 | ---- | M] (Swearware) -- C:\Users\paarca\Desktop\ComboFix.exe
[2012/06/26 16:13:05 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1383384898-842925246-41061UA.job
[2012/06/26 16:07:33 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\paarca\Desktop\OTL.exe
[2012/06/26 15:52:55 | 000,001,282 | ---- | M] () -- C:\Users\paarca\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/06/26 15:52:55 | 000,001,258 | ---- | M] () -- C:\Users\paarca\Desktop\Spybot - Search & Destroy.lnk
[2012/06/26 15:47:03 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\paarca\Desktop\dds.scr
[2012/06/26 15:44:09 | 000,012,288 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/26 15:44:09 | 000,012,288 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/26 15:39:02 | 000,787,218 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/26 15:39:02 | 000,665,982 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/26 15:39:02 | 000,123,344 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/26 15:33:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/26 14:54:06 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/06/26 14:13:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1383384898-842925246-41061Core.job
[2012/06/26 13:59:09 | 000,002,886 | RHS- | M] () -- C:\Users\paarca\ntuser.pol
[2012/06/26 13:58:31 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/06/25 15:20:25 | 000,001,292 | ---- | M] () -- C:\Users\paarca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012/06/25 08:20:36 | 000,002,012 | -H-- | M] () -- C:\Users\paarca\Documents\Default.rdp
[2012/06/21 12:09:51 | 000,416,024 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/13 12:01:21 | 000,048,131 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/06/13 12:00:57 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/06/12 09:37:33 | 000,023,924 | ---- | M] () -- C:\Users\paarca\Desktop\G1151886_Counter_Signed.pdf
[2012/06/12 09:36:08 | 000,056,672 | ---- | M] () -- C:\Users\paarca\Desktop\G1151885_Counter_Signed.pdf
[2012/06/12 09:26:46 | 000,199,978 | ---- | M] () -- C:\Users\paarca\Desktop\SOW_G1137506_SID14546_Counter_Signed.pdf
[2012/06/12 09:22:27 | 000,228,170 | ---- | M] () -- C:\Users\paarca\Desktop\SOW_JDEU_Mod_Updates_Group1_Signed_Counter_Signed.pdf.pdf
[2012/06/04 14:53:26 | 000,000,245 | ---- | M] () -- C:\Windows\Brpfx04a.ini
[2012/06/04 14:53:26 | 000,000,093 | ---- | M] () -- C:\Windows\brpcfx.ini
[2012/06/04 14:53:15 | 000,003,302 | ---- | M] () -- C:\Windows\BRPARAM.INI
[2012/05/31 13:33:21 | 000,002,357 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Harmony Remote Software 7.lnk
[2012/05/29 16:26:21 | 000,636,044 | ---- | M] () -- C:\Users\paarca\Desktop\TJSID10007-2.pdf
[2012/05/29 10:05:03 | 000,174,200 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/05/29 10:05:03 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/05/29 10:05:03 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/26 15:52:55 | 000,001,282 | ---- | C] () -- C:\Users\paarca\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/06/26 15:52:55 | 000,001,258 | ---- | C] () -- C:\Users\paarca\Desktop\Spybot - Search & Destroy.lnk
[2012/06/26 15:39:37 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{dd2eb0e5-4bab-b8a6-702f-3224eae0f635}\U\00000008.@
[2012/06/26 14:54:06 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/06/26 11:58:40 | 000,088,064 | ---- | C] () -- C:\Windows\Installer\{dd2eb0e5-4bab-b8a6-702f-3224eae0f635}\U\80000032.@
[2012/06/26 11:58:40 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{dd2eb0e5-4bab-b8a6-702f-3224eae0f635}\L\00000004.@
[2012/06/26 11:58:39 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{dd2eb0e5-4bab-b8a6-702f-3224eae0f635}\U\80000064.@
[2012/06/26 11:58:37 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{dd2eb0e5-4bab-b8a6-702f-3224eae0f635}\U\00000004.@
[2012/06/26 11:58:37 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{dd2eb0e5-4bab-b8a6-702f-3224eae0f635}\U\000000cb.@
[2012/06/12 09:37:33 | 000,023,924 | ---- | C] () -- C:\Users\paarca\Desktop\G1151886_Counter_Signed.pdf
[2012/06/12 09:36:08 | 000,056,672 | ---- | C] () -- C:\Users\paarca\Desktop\G1151885_Counter_Signed.pdf
[2012/06/12 09:26:46 | 000,199,978 | ---- | C] () -- C:\Users\paarca\Desktop\SOW_G1137506_SID14546_Counter_Signed.pdf
[2012/06/12 09:22:27 | 000,228,170 | ---- | C] () -- C:\Users\paarca\Desktop\SOW_JDEU_Mod_Updates_Group1_Signed_Counter_Signed.pdf.pdf
[2012/06/06 12:21:54 | 000,000,528 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/06/06 12:21:54 | 000,000,466 | ---- | C] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/06/04 14:53:26 | 000,000,245 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012/06/04 14:53:26 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012/06/04 14:52:42 | 000,003,302 | ---- | C] () -- C:\Windows\BRPARAM.INI
[2012/06/04 14:51:07 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012/06/04 14:51:06 | 000,143,360 | R--- | C] () -- C:\Windows\SysNative\BrSNMP64.dll
[2012/06/04 14:50:28 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2012/06/04 14:50:16 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2012/05/31 13:33:21 | 000,002,357 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Harmony Remote Software 7.lnk
[2012/05/29 16:26:21 | 000,636,044 | ---- | C] () -- C:\Users\paarca\Desktop\TJSID10007-2.pdf
[2012/04/11 16:59:30 | 000,008,592 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll
[2012/04/03 11:43:21 | 000,000,352 | ---- | C] () -- C:\Users\paarca\AppData\Roaming\Network Meter_Settings.ini
[2012/04/03 11:42:37 | 000,000,412 | ---- | C] () -- C:\Users\paarca\AppData\Roaming\All CPU Meter_Settings.ini
[2012/03/12 09:37:51 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/03/12 09:37:50 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/03/12 09:37:49 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/03/12 09:37:48 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/03/12 09:37:47 | 013,903,360 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/03/12 08:42:49 | 000,002,886 | RHS- | C] () -- C:\Users\paarca\ntuser.pol
[2012/03/10 00:54:07 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{dd2eb0e5-4bab-b8a6-702f-3224eae0f635}\@
[2012/03/10 00:54:07 | 000,002,048 | -HS- | C] () -- C:\Users\paarca\AppData\Local\{dd2eb0e5-4bab-b8a6-702f-3224eae0f635}\@
[2012/03/10 00:14:56 | 000,800,508 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/09 14:26:23 | 000,000,000 | ---- | C] () -- C:\Windows\WINAWSVR.INI
[2012/03/09 14:16:11 | 000,048,131 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/08/12 05:20:56 | 000,305,256 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

========== LOP Check ==========

[2012/03/09 14:34:16 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\ICAClient
[2012/03/09 14:34:16 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\ICAClient
[2012/03/12 08:43:25 | 000,000,000 | ---D | M] -- C:\Users\paarca\AppData\Roaming\Citrix
[2012/06/05 07:57:21 | 000,000,000 | ---D | M] -- C:\Users\paarca\AppData\Roaming\ControlCenter4
[2012/03/21 12:35:06 | 000,000,000 | ---D | M] -- C:\Users\paarca\AppData\Roaming\ICAClient
[2012/03/19 09:33:54 | 000,000,000 | ---D | M] -- C:\Users\paarca\AppData\Roaming\JAM Software
[2012/06/04 14:46:42 | 000,000,000 | ---D | M] -- C:\Users\paarca\AppData\Roaming\Nuance
[2012/06/06 12:36:37 | 000,000,000 | ---D | M] -- C:\Users\paarca\AppData\Roaming\PCDr
[2012/03/12 13:16:19 | 000,000,000 | ---D | M] -- C:\Users\paarca\AppData\Roaming\PwrMgr
[2012/06/25 11:33:19 | 000,000,000 | ---D | M] -- C:\Users\paarca\AppData\Roaming\ShoreWare Client
[2012/06/06 12:22:00 | 000,000,000 | ---D | M] -- C:\Users\paarca\AppData\Roaming\Update
[2012/06/22 12:48:00 | 000,000,000 | ---D | M] -- C:\Users\paarca\AppData\Roaming\webex
[2012/03/09 14:34:16 | 000,000,000 | ---D | M] -- C:\Users\UpdatusUser\AppData\Roaming\ICAClient
[2012/06/13 12:00:57 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2009/07/14 01:08:49 | 000,022,390 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/06/26 13:58:31 | 000,000,466 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========


< End of report >

#4 roadtoy

roadtoy

    New Member

  • Members
  • Pip
  • 12 posts

Posted 26 June 2012 - 04:04 PM

Extras.txt file


OTL Extras logfile created on: 6/26/2012 4:08:04 PM - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\paarca\Desktop
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.89 Gb Total Physical Memory | 4.33 Gb Available Physical Memory | 54.93% Memory free
15.77 Gb Paging File | 11.55 Gb Available in Paging File | 73.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 461.48 Gb Total Space | 216.88 Gb Free Space | 47.00% Space Free | Partition Type: NTFS
Drive E: | 29.84 Gb Total Space | 22.02 Gb Free Space | 73.79% Space Free | Partition Type: FAT32
Drive F: | 36.24 Gb Total Space | 30.55 Gb Free Space | 84.29% Space Free | Partition Type: NTFS
Drive H: | 250.00 Mb Total Space | 172.16 Mb Free Space | 68.86% Space Free | Partition Type: NTFS
Drive Z: | 36.24 Gb Total Space | 30.55 Gb Free Space | 84.29% Space Free | Partition Type: NTFS

Computer Name: PAARCA2 | User Name: PAARCA | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-790525478-1383384898-842925246-41061\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1C83CB66-D345-4D6C-95A2-63A03269ADA0}" = Lenovo Patch Utility 64 bit
"{26A24AE4-039D-4CA4-87B4-2F86416030FF}" = Java™ 6 Update 30 (64-bit)
"{39A04221-294E-4D90-A0F2-CCB1EF15CB56}" = Lenovo Patch Utility 64 bit
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes
"{5C8BE867-CC84-452B-940C-1C18200277E5}" = Symantec Endpoint Protection
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6C8D5E56-CA12-42B2-9075-044B4C7067A9}" = Altiris Deployment Agent
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}" = PaperPort Image Printer 64-bit
"{81BE0B17-563B-45D4-B198-5721E6C665CD}" = Microsoft Lync 2010
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DF73A13-F54C-4CB3-B4AD-4375A2E8F4F8}" = VmciSockets
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 275.93
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.93
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.93
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.3.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C2938C94-239C-4156-B245-C5406A4F3E93}" = ThinkVantage Fingerprint Software
"{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D61E4101-9E15-4D0E-ABD1-1ABD36B43330}" = Intel® PROSet/Wireless WiFi Software
"{D7C307E7-96A7-4BEE-ACF8-D795007E7C16}" = 64 Bit HP CIO Components Installer
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1" = ThinkVantage AutoLock
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant 20672 SmartAudio HD
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"OnScreenDisplay" = On Screen Display
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel® Network Connections Drivers
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{09A0A854-9965-44BE-944B-302C0658948D}" = 2c8 Modeling Tool 3.4.3
"{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix online plug-in (Web)
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1A3F6AD7-7A95-439B-BF54-F418C7CC6380}" = WebEx Recorder and Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{24E92E7A-6848-4747-A3EA-3AAC0576BE52}" = Lenovo Patch Utility
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java™ 6 Update 30
"{28656860-4728-433C-8AD4-D1A930437BC8}" = Nuance PDF Viewer Plus
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{510AC73B-6F0C-4FE7-9E51-D3E8E8DB6D76}" = HyperSnapDX 4.40.01
"{52F2FB99-3D3E-49dd-9C75-79ACFC719D80}" = Altiris Inventory Agent
"{54C6FCC1-8C36-4E08-B598-700CAE3489FE}" = Network Recording Player
"{55392E52-1AAD-44C4-BE49-258FFE72434F}" = Citrix online plug-in (USB)
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{6299A847-7034-4349-87BA-2BA6B859C44E}" = Software Management Solution Agent
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}" = Nuance PaperPort 12
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7C84DDDF-DEC9-4E02-8222-D86E73531CEB}" = Citrix online plug-in (SSON)
"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
"{812424AC-A8B5-44E6-8D48-07E939D1AD9A}" = Citrix online plug-in (HDX)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{10E9AEF7-936C-4FDF-B571-D5E598C34865}" =
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJSTD_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJSTD_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PRJSTD_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PRJSTD_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PRJSTD_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PRJSTD_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003A-0000-0000-0000000FF1CE}" = Microsoft Office Project Standard 2010
"{90140000-003A-0000-0000-0000000FF1CE}_Office14.PRJSTD_{6CD66326-6B89-4EBD-B0E1-1406294768D1}" =
"{90140000-003A-0000-0000-0000000FF1CE}_Office14.PRJSTD_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PRJSTD_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2010
"{90140000-00B4-0409-0000-0000000FF1CE}_Office14.PRJSTD_{18A0C151-8F8A-4B68-A960-60C464B94329}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PRJSTD_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PRJSTD_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}" = Integrated Camera TWAIN
"{A1B36B88-AF90-43A3-8906-6DBEE89B4FBD}" = Brother MFL-Pro Suite MFC-J435W
"{A7BB9BBD-DFE4-4276-820A-7CD141FC09E6}" = Lenovo Patch Utility
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B2CA6F37-1602-4823-81B5-0384B6888AA6}" = Integrated Camera Driver Installer Package Ver.1.1.0.1147
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B8A2256E-6225-4D9E-B1C9-C26CA1E22FEB}" = Citrix online plug-in (PNA)
"{BD52ED7E-9843-45E6-99E8-7C5F79A1AAF9}" = Symantec_pcAnywhere_plugin_installer
"{C6D4B05A-EA7E-1027-80EF-C925E740E99C}" = Intel® Identity Protection Technology 1.0.74.0
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{CF53CF7C-D996-43EB-9904-DBED57C25625}" = Citrix online plug-in (DV)
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager
"{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMware Player
"{E4911AE6-7BE8-4FDE-AB49-331A651DDA05}" = ShoreTel Communicator
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH_Media_Driver_v2.14.18.01
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CitrixOnlinePluginFull" = Citrix online plug-in
"GoZone iSync" = GoZone iSync
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PRJSTD" = Microsoft Project Standard 2010
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Palringo" = Palringo
"ProInst" = Intel PROSet Wireless
"TreeSize Free_is1" = TreeSize Free V2.2.1
"VLC media player" = VLC media player 2.0.0
"VMware_Player" = VMware Player
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-307452153-794781224-267960510-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-790525478-1383384898-842925246-41061\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/14/2012 9:15:10 AM | Computer Name = PAARCA2.corpnet.ifsworld.com | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Skipping: Eap method DLL path validation failed. Error: typeId=23,
authorId=8086, vendorId=0, vendorType=0

Error - 6/14/2012 9:15:10 AM | Computer Name = PAARCA2.corpnet.ifsworld.com | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Skipping: Eap method DLL path validation failed. Error: typeId=17,
authorId=9, vendorId=0, vendorType=0

Error - 6/14/2012 9:15:10 AM | Computer Name = PAARCA2.corpnet.ifsworld.com | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Skipping: Eap method DLL path validation failed. Error: typeId=25,
authorId=9, vendorId=0, vendorType=0

Error - 6/14/2012 9:15:10 AM | Computer Name = PAARCA2.corpnet.ifsworld.com | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Skipping: Eap method DLL path validation failed. Error: typeId=43,
authorId=9, vendorId=0, vendorType=0

Error - 6/14/2012 9:15:10 AM | Computer Name = PAARCA2.corpnet.ifsworld.com | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Skipping: Eap method DLL path validation failed. Error: typeId=13,
authorId=0, vendorId=0, vendorType=0

Error - 6/14/2012 9:15:10 AM | Computer Name = PAARCA2.corpnet.ifsworld.com | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Skipping: Eap method DLL path validation failed. Error: typeId=25,
authorId=0, vendorId=0, vendorType=0

Error - 6/14/2012 9:15:10 AM | Computer Name = PAARCA2.corpnet.ifsworld.com | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Skipping: Eap method DLL path validation failed. Error: typeId=88,
authorId=0, vendorId=0, vendorType=0

Error - 6/14/2012 12:36:21 PM | Computer Name = PAARCA2.corpnet.ifsworld.com | Source = PC-Doctor | ID = 1
Description = (5096) Asapi: (12:36:21:2610)(5096) S3LogPusherPlugin.Helper - Error
-- 340 Unable to storage the test log to medium

Error - 6/15/2012 9:56:49 AM | Computer Name = PAARCA2.corpnet.ifsworld.com | Source = dwmrcs | ID = 110
Description = Error: DameWare Mini Remote Control Error setsockopt (IP_ADD_MEMBERSHIP)
System
Error: 10065 System Message: A socket operation was attempted to an unreachable
host. (srv 64 bit)

Error - 6/15/2012 9:57:33 AM | Computer Name = PAARCA2.corpnet.ifsworld.com | Source = dwmrcs | ID = 110
Description = Error: DameWare Mini Remote Control Error setsockopt (IP_DROP_MEMBERSHIP)
System
Error: 10049 System Message: The requested address is not valid in its context.
(srv 64 bit)

[ System Events ]
Error - 6/10/2012 3:33:57 AM | Computer Name = PAARCA2.corpnet.ifsworld.com | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
in domain CORPNET due to the following: %%1311 This may lead to authentication problems.
Make sure that this computer is connected to the network. If the problem persists,
please
contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller
for the specified domain, it sets up the secure session to the primary domain controller
emulator in the specified domain. Otherwise, this computer sets up the secure session
to any domain controller in the specified domain.

Error - 6/10/2012 7:35:48 AM | Computer Name = PAARCA2.corpnet.ifsworld.com | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
in domain CORPNET due to the following: %%1311 This may lead to authentication problems.
Make sure that this computer is connected to the network. If the problem persists,
please
contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller
for the specified domain, it sets up the secure session to the primary domain controller
emulator in the specified domain. Otherwise, this computer sets up the secure session
to any domain controller in the specified domain.

Error - 6/10/2012 11:37:39 AM | Computer Name = PAARCA2.corpnet.ifsworld.com | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
in domain CORPNET due to the following: %%1311 This may lead to authentication problems.
Make sure that this computer is connected to the network. If the problem persists,
please
contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller
for the specified domain, it sets up the secure session to the primary domain controller
emulator in the specified domain. Otherwise, this computer sets up the secure session
to any domain controller in the specified domain.

Error - 6/10/2012 3:39:29 PM | Computer Name = PAARCA2.corpnet.ifsworld.com | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
in domain CORPNET due to the following: %%1311 This may lead to authentication problems.
Make sure that this computer is connected to the network. If the problem persists,
please
contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller
for the specified domain, it sets up the secure session to the primary domain controller
emulator in the specified domain. Otherwise, this computer sets up the secure session
to any domain controller in the specified domain.

Error - 6/10/2012 7:41:20 PM | Computer Name = PAARCA2.corpnet.ifsworld.com | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
in domain CORPNET due to the following: %%1311 This may lead to authentication problems.
Make sure that this computer is connected to the network. If the problem persists,
please
contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller
for the specified domain, it sets up the secure session to the primary domain controller
emulator in the specified domain. Otherwise, this computer sets up the secure session
to any domain controller in the specified domain.

Error - 6/10/2012 11:01:22 PM | Computer Name = PAARCA2.corpnet.ifsworld.com | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
to a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for several
hours, then contact your administrator.

Error - 6/10/2012 11:43:04 PM | Computer Name = PAARCA2.corpnet.ifsworld.com | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
in domain CORPNET due to the following: %%1311 This may lead to authentication problems.
Make sure that this computer is connected to the network. If the problem persists,
please
contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller
for the specified domain, it sets up the secure session to the primary domain controller
emulator in the specified domain. Otherwise, this computer sets up the secure session
to any domain controller in the specified domain.

Error - 6/11/2012 12:31:38 AM | Computer Name = PAARCA2.corpnet.ifsworld.com | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
to a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for several
hours, then contact your administrator.

Error - 6/11/2012 3:44:55 AM | Computer Name = PAARCA2.corpnet.ifsworld.com | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
in domain CORPNET due to the following: %%1311 This may lead to authentication problems.
Make sure that this computer is connected to the network. If the problem persists,
please
contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller
for the specified domain, it sets up the secure session to the primary domain controller
emulator in the specified domain. Otherwise, this computer sets up the secure session
to any domain controller in the specified domain.

Error - 6/11/2012 7:46:41 AM | Computer Name = PAARCA2.corpnet.ifsworld.com | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
in domain CORPNET due to the following: %%1311 This may lead to authentication problems.
Make sure that this computer is connected to the network. If the problem persists,
please
contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller
for the specified domain, it sets up the secure session to the primary domain controller
emulator in the specified domain. Otherwise, this computer sets up the secure session
to any domain controller in the specified domain.


< End of report >

#5 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,405 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 26 June 2012 - 04:41 PM

Step 1

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2012/06/26 15:39:37 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{dd2eb0e5-4bab-b8a6-702f-3224eae0f635}\U\00000008.@
    [2012/06/26 11:58:40 | 000,088,064 | ---- | C] () -- C:\Windows\Installer\{dd2eb0e5-4bab-b8a6-702f-3224eae0f635}\U\80000032.@
    [2012/06/26 11:58:40 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{dd2eb0e5-4bab-b8a6-702f-3224eae0f635}\L\00000004.@
    [2012/06/26 11:58:39 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{dd2eb0e5-4bab-b8a6-702f-3224eae0f635}\U\80000064.@
    [2012/06/26 11:58:37 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{dd2eb0e5-4bab-b8a6-702f-3224eae0f635}\U\00000004.@
    [2012/06/26 11:58:37 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{dd2eb0e5-4bab-b8a6-702f-3224eae0f635}\U\000000cb.@
    [2012/03/10 00:54:07 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{dd2eb0e5-4bab-b8a6-702f-3224eae0f635}\@
    [2012/03/10 00:54:07 | 000,002,048 | -HS- | C] () -- C:\Users\paarca\AppData\Local\{dd2eb0e5-4bab-b8a6-702f-3224eae0f635}\@
    
    :files
    C:\Windows\Installer\{dd2eb0e5-4bab-b8a6-702f-3224eae0f635}
    C:\Users\paarca\AppData\Local\{dd2eb0e5-4bab-b8a6-702f-3224eae0f635}
    ipconfig /flushdns /c
    
    :Commands
    [emptytemp]
    [clearallrestorepoints]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles


Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.


In your next reply, post the following log files:

  • OTL Fix log
  • Malwarebytes' Anti-Malware

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#6 roadtoy

roadtoy

    New Member

  • Members
  • Pip
  • 12 posts

Posted 26 June 2012 - 05:23 PM

Thank you very much for the response.

Below is the log from OTL. Malwarebytes came back reporting that no malicious items were detected. Previously it had come back indicating the presence of the Trojan.dropper.BCminer.




All processes killed
========== OTL ==========
C:\Windows\Installer\{dd2eb0e5-4bab-b8a6-702f-3224eae0f635}\U\00000008.@ moved successfully.
File C:\Windows\Installer\{dd2eb0e5-4bab-b8a6-702f-3224eae0f635}\U\80000032.@ not found.
C:\Windows\Installer\{dd2eb0e5-4bab-b8a6-702f-3224eae0f635}\L\00000004.@ moved successfully.
C:\Windows\Installer\{dd2eb0e5-4bab-b8a6-702f-3224eae0f635}\U\80000064.@ moved successfully.
C:\Windows\Installer\{dd2eb0e5-4bab-b8a6-702f-3224eae0f635}\U\00000004.@ moved successfully.
C:\Windows\Installer\{dd2eb0e5-4bab-b8a6-702f-3224eae0f635}\U\000000cb.@ moved successfully.
C:\Windows\Installer\{dd2eb0e5-4bab-b8a6-702f-3224eae0f635}\@ moved successfully.
C:\Users\paarca\AppData\Local\{dd2eb0e5-4bab-b8a6-702f-3224eae0f635}\@ moved successfully.
========== FILES ==========
C:\Windows\Installer\{dd2eb0e5-4bab-b8a6-702f-3224eae0f635}\U folder moved successfully.
C:\Windows\Installer\{dd2eb0e5-4bab-b8a6-702f-3224eae0f635}\L folder moved successfully.
Folder move failed. C:\Windows\Installer\{dd2eb0e5-4bab-b8a6-702f-3224eae0f635} scheduled to be moved on reboot.
C:\Users\paarca\AppData\Local\{dd2eb0e5-4bab-b8a6-702f-3224eae0f635}\U folder moved successfully.
C:\Users\paarca\AppData\Local\{dd2eb0e5-4bab-b8a6-702f-3224eae0f635}\L folder moved successfully.
C:\Users\paarca\AppData\Local\{dd2eb0e5-4bab-b8a6-702f-3224eae0f635} folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\paarca\Desktop\cmd.bat deleted successfully.
C:\Users\paarca\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 2533 bytes
->Temporary Internet Files folder emptied: 170903 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 147657 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: paarca
->Temp folder emptied: 38202186 bytes
->Temporary Internet Files folder emptied: 146463497 bytes
->Java cache emptied: 165700 bytes
->Google Chrome cache emptied: 293015846 bytes
->Flash cache emptied: 13067 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 147657 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 3051936 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11618 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 83503 bytes
RecycleBin emptied: 138137410 bytes

Total Files Cleaned = 591.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.53.0 log created on 06262012_180957
Files\Folders moved on Reboot...
C:\Windows\Installer\{dd2eb0e5-4bab-b8a6-702f-3224eae0f635}\U folder moved successfully.
C:\Windows\Installer\{dd2eb0e5-4bab-b8a6-702f-3224eae0f635} folder moved successfully.
C:\Users\paarca\AppData\Local\Temp\ExchangePerflog_8484fa31e1d6f18fcfcccd43.dat moved successfully.
C:\Users\paarca\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\paarca\AppData\Local\Temp\VGX97DB.tmp moved successfully.
File\Folder C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{3D1E52FC-A4EB-4975-A731-E9D87A04486F}.tmp not found!
C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{70ED3C57-BE43-43E0-82F1-907E7222A4A1}.tmp moved successfully.
C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{C0660F1C-FC3B-40B5-940B-CCD2592564C2}.tmp moved successfully.
C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{D425AE81-6372-4235-A449-E6093CB1C20F}.tmp moved successfully.
File\Folder C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\31B0A15B.png not found!
File\Folder C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\6F231A42.png not found!
File\Folder C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\785A1F14.png not found!
File\Folder C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\DE98C05.gif not found!
C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UOSEV2TH\apple[1].xml moved successfully.
C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T50FFY5D\fastbutton[1].htm moved successfully.
C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T50FFY5D\index[1].htm moved successfully.
C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZIA07EY\EFpQQyG9GqCrobXxL-KRMWzklk6MJbhg7BmBP42CjCQ[1].eot moved successfully.
C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZIA07EY\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully.
C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ONS8KQLU\index[2].htm moved successfully.
C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E69JR0FV\fastbutton[1].htm moved successfully.
C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3TFVEUV3\EFpQQyG9GqCrobXxL-KRMWzklk6MJbhg7BmBP42CjCQ[1].eot moved successfully.
C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3TFVEUV3\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully.
C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2QA8G40E\index[1].htm moved successfully.
File move failed. C:\Windows\temp\vmware-SYSTEM\vmauthd.log scheduled to be moved on reboot.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2964.log moved successfully.
File\Folder C:\Windows\temp\etilqs_8Uu6sVPRXVmk9CXl8o9A not found!
File\Folder C:\Windows\temp\etilqs_8Uu6sVPRXVmk9CXl8o9A-journal not found!
PendingFileRenameOperations files...
File C:\Windows\Installer\{dd2eb0e5-4bab-b8a6-702f-3224eae0f635} not found!
File C:\Users\paarca\AppData\Local\Temp\ExchangePerflog_8484fa31e1d6f18fcfcccd43.dat not found!
File C:\Users\paarca\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\paarca\AppData\Local\Temp\VGX97DB.tmp not found!
File C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{3D1E52FC-A4EB-4975-A731-E9D87A04486F}.tmp not found!
File C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{70ED3C57-BE43-43E0-82F1-907E7222A4A1}.tmp not found!
File C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{C0660F1C-FC3B-40B5-940B-CCD2592564C2}.tmp not found!
File C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{D425AE81-6372-4235-A449-E6093CB1C20F}.tmp not found!
File C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\31B0A15B.png not found!
File C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\6F231A42.png not found!
File C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\785A1F14.png not found!
File C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\DE98C05.gif not found!
File C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UOSEV2TH\apple[1].xml not found!
File C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T50FFY5D\fastbutton[1].htm not found!
File C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T50FFY5D\index[1].htm not found!
File C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZIA07EY\EFpQQyG9GqCrobXxL-KRMWzklk6MJbhg7BmBP42CjCQ[1].eot not found!
File C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZIA07EY\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot not found!
File C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ONS8KQLU\index[2].htm not found!
File C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E69JR0FV\fastbutton[1].htm not found!
File C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3TFVEUV3\EFpQQyG9GqCrobXxL-KRMWzklk6MJbhg7BmBP42CjCQ[1].eot not found!
File C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3TFVEUV3\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot not found!
File C:\Users\paarca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2QA8G40E\index[1].htm not found!
[2012/06/26 18:14:53 | 000,003,600 | ---- | M] () C:\Windows\temp\vmware-SYSTEM\vmauthd.log : Unable to obtain MD5
File C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2964.log not found!
File C:\Windows\temp\etilqs_8Uu6sVPRXVmk9CXl8o9A not found!
File C:\Windows\temp\etilqs_8Uu6sVPRXVmk9CXl8o9A-journal not found!
Registry entries deleted on Reboot...

#7 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,405 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 26 June 2012 - 06:36 PM

I would like to see the log file from Malwarebytes' Anti-Malware.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#8 roadtoy

roadtoy

    New Member

  • Members
  • Pip
  • 12 posts

Posted 26 June 2012 - 06:44 PM

Sure, below is the Malwarebytes Log.

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.26.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
PaArCA :: PAARCA2 [administrator]
Protection: Enabled
6/26/2012 7:43:45 PM
mbam-log-2012-06-26 (19-43-45).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 253207
Time elapsed: 39 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

#9 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,405 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 27 June 2012 - 03:48 AM

Thanks! :)

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.


Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#10 roadtoy

roadtoy

    New Member

  • Members
  • Pip
  • 12 posts

Posted 27 June 2012 - 06:56 AM

Hello, thank you for your continued assistance. I disabled Symantec Enpoint as per the instructions on the site (Right mouse button, and selecting the disable protection option) however combofix indicated it was running. Combofix still ran, so hopefully the necessary symantec components had been disabled.


Below is the combofix log

ComboFix 12-06-26.02 - PaArCA 06/27/2012 7:09.1.4 - x64
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.8075.5459 [GMT -4:00]
Running from: c:\users\paarca\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Symantec Endpoint Protection *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\5849\AddOnDownloaded\09ce0ed7-58db-4be9-b311-80b4fd9fd9bc.dll
c:\programdata\PCDr\5849\AddOnDownloaded\0b2769c8-99f3-4a8f-b749-eca9816d1c9d.dll
c:\programdata\PCDr\5849\AddOnDownloaded\0e53a45b-5a41-43e5-96ab-776b00e48a6e.dll
c:\programdata\PCDr\5849\AddOnDownloaded\283cdc40-c633-4749-b3ad-8eb5e8b11b5c.dll
c:\programdata\PCDr\5849\AddOnDownloaded\434b795d-fe06-4495-801e-fa92d93babbc.dll
c:\programdata\PCDr\5849\AddOnDownloaded\4506fabd-988f-4627-a1de-44b2f1093b08.dll
c:\programdata\PCDr\5849\AddOnDownloaded\54874b0a-fb04-44ef-ad2b-c957aafea033.dll
c:\programdata\PCDr\5849\AddOnDownloaded\562ad818-216b-4d77-8b40-834630104d2c.dll
c:\programdata\PCDr\5849\AddOnDownloaded\60e1ddc2-8de1-4bd0-8e65-4c3d56791c8e.dll
c:\programdata\PCDr\5849\AddOnDownloaded\746b3523-df66-4ed9-beaa-88464b84933f.dll
c:\programdata\PCDr\5849\AddOnDownloaded\7e36c7b4-f4c8-4324-9887-9cab89169ef6.dll
c:\programdata\PCDr\5849\AddOnDownloaded\83db0f34-4452-4946-92c2-31dcd99767dd.dll
c:\programdata\PCDr\5849\AddOnDownloaded\90110d4d-0aa3-42f8-b48a-92aebd9d59f3.dll
c:\programdata\PCDr\5849\AddOnDownloaded\96963609-8feb-4f10-b100-425cef18a0db.dll
c:\programdata\PCDr\5849\AddOnDownloaded\97d3cc32-549b-4646-bc59-82ebb82b5d11.dll
c:\programdata\PCDr\5849\AddOnDownloaded\9ad80016-92d9-41a4-9436-c44907366397.dll
c:\programdata\PCDr\5849\AddOnDownloaded\b34a10f6-a592-424f-af97-b051783f9dd2.dll
c:\programdata\PCDr\5849\AddOnDownloaded\b52e5bed-821a-41fc-9d4b-24d443ee0ad9.dll
c:\programdata\PCDr\5849\AddOnDownloaded\b96355f5-a46b-48d0-a3f2-b41eed57de73.dll
c:\programdata\PCDr\5849\AddOnDownloaded\bead45d2-b2dc-44e3-94f8-c7de6979be60.dll
c:\programdata\PCDr\5849\AddOnDownloaded\d754c4cc-ae68-4d17-afb7-55002296e1e2.dll
c:\programdata\PCDr\5849\AddOnDownloaded\ec6735a3-9204-4734-bb0f-5859e58b13b2.dll
c:\programdata\PCDr\5849\AddOnDownloaded\f1d18230-9731-47f0-b9f4-b537abcbb39c.dll
c:\programdata\PCDr\5849\AddOnDownloaded\f45a4f6c-32c1-48c0-9ee9-e840f397e395.dll
c:\programdata\PCDr\5849\AddOnDownloaded\f64109b2-74cc-4638-ae17-228b7886774b.dll
c:\programdata\PCDr\5849\AddOnDownloaded\fd85aea7-408e-4ff8-bdca-73b1320e8b27.dll
c:\programdata\Roaming
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\SysWow64\zip32.dll
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-27 to 2012-06-27 )))))))))))))))))))))))))))))))
.
.
2012-06-27 11:22 . 2012-06-27 11:22 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-06-27 11:22 . 2012-06-27 11:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-27 11:22 . 2012-06-27 11:22 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-06-26 22:09 . 2012-06-26 22:09 -------- d-----w- C:\_OTL
2012-06-26 19:52 . 2012-06-26 20:22 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-26 19:52 . 2012-06-26 19:56 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-06-26 19:02 . 2012-06-26 19:02 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2012-06-26 19:02 . 2012-06-26 19:02 -------- d-----w- c:\users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
2012-06-26 18:54 . 2012-06-26 18:54 -------- d-----w- c:\users\paarca\AppData\Roaming\SUPERAntiSpyware.com
2012-06-26 18:54 . 2012-06-26 18:54 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-26 18:54 . 2012-06-26 18:54 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-06-26 18:26 . 2012-06-26 18:26 -------- d-----w- c:\users\paarca\AppData\Roaming\Malwarebytes
2012-06-26 18:26 . 2012-06-26 18:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-26 18:26 . 2012-06-26 18:26 -------- d-----w- c:\programdata\Malwarebytes
2012-06-26 18:26 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-21 13:25 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-21 13:25 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-21 13:25 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-21 13:21 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-21 13:21 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-21 13:21 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-21 13:21 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-21 13:20 . 2012-04-28 05:32 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-06-21 13:20 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-06 18:03 . 2012-06-06 18:03 -------- d-----r- c:\users\paarca\AppData\Roaming\Brother
2012-06-06 16:37 . 2011-12-27 01:10 40248 ----a-w- c:\windows\system32\drivers\psadd.sys
2012-06-06 16:21 . 2012-06-26 22:07 -------- d-----w- c:\programdata\PCDr
2012-06-06 16:21 . 2012-06-06 16:21 -------- d-----w- c:\programdata\PC-Doctor for Windows
2012-06-06 16:21 . 2012-06-06 16:21 -------- d-----w- c:\program files\PC-Doctor
2012-06-06 16:19 . 2012-06-06 16:22 -------- d-----w- c:\users\paarca\AppData\Roaming\Update
2012-06-06 16:19 . 2012-06-06 16:36 -------- d-----w- c:\users\paarca\AppData\Roaming\PCDr
2012-06-06 13:33 . 2012-06-07 13:08 -------- d-----w- c:\users\paarca\AppData\Roaming\Skype
2012-06-06 13:33 . 2012-06-06 13:33 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-06-06 13:33 . 2012-06-06 13:33 -------- d-----r- c:\program files (x86)\Skype
2012-06-06 13:33 . 2012-06-06 13:33 -------- d-----w- c:\programdata\Skype
2012-06-05 11:56 . 2012-06-05 11:57 -------- d-----w- c:\users\paarca\AppData\Roaming\ControlCenter4
2012-06-05 11:56 . 2012-06-05 11:56 -------- d-----w- c:\users\paarca\AppData\Roaming\FLEXnet
2012-06-04 18:51 . 2012-06-04 18:51 -------- d-----w- C:\Brother
2012-06-04 18:51 . 2012-06-04 18:51 -------- d-----w- c:\program files (x86)\Browny02
2012-06-04 18:51 . 2012-06-04 18:51 -------- d-----w- c:\programdata\ControlCenter4
2012-06-04 18:51 . 2012-06-04 18:51 -------- d-----w- c:\program files (x86)\ControlCenter4
2012-06-04 18:51 . 2009-12-08 20:19 290304 ------w- c:\windows\system32\BrfxDA5c.dll
2012-06-04 18:51 . 2010-09-23 08:14 58880 ------r- c:\windows\system32\BrWiaNCp.dll
2012-06-04 18:50 . 2011-04-07 23:04 3072 ------w- c:\windows\SysWow64\BrDctF2S.dll
2012-06-04 18:50 . 2011-04-05 19:57 241664 ------w- c:\windows\SysWow64\NSSearch.dll
2012-06-04 18:50 . 2010-03-15 23:45 73728 ------w- c:\windows\SysWow64\BrDctF2.dll
2012-06-04 18:50 . 2007-12-14 02:16 5120 ------w- c:\windows\SysWow64\BrDctF2L.dll
2012-06-04 18:47 . 2012-06-04 18:47 -------- d-----w- c:\program files\Nuance
2012-06-04 18:47 . 2012-06-04 18:47 -------- d-----w- c:\programdata\zeon
2012-06-04 18:46 . 2012-06-04 18:46 -------- d-----w- c:\users\paarca\AppData\Roaming\Nuance
2012-06-04 18:46 . 2012-06-04 18:46 -------- d-----w- c:\programdata\ScanSoft
2012-06-04 18:45 . 2012-06-04 22:53 -------- d-----w- c:\programdata\Nuance
2012-06-04 18:45 . 2012-06-04 18:47 -------- d-----w- c:\program files (x86)\Nuance
2012-06-04 18:45 . 2012-06-04 18:45 -------- d-----w- c:\program files (x86)\Common Files\ScanSoft Shared
2012-06-04 18:45 . 2012-06-04 18:45 -------- d-----w- c:\programdata\FLEXnet
2012-06-04 18:44 . 2012-06-04 18:44 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-06-04 18:44 . 2012-06-04 18:52 -------- d-----w- c:\programdata\Brother
2012-06-04 18:40 . 2012-06-04 18:40 -------- d-----w- c:\users\paarca\AppData\Local\LogMeIn
2012-06-04 18:40 . 2012-06-04 18:40 -------- d-----w- c:\programdata\LogMeIn
2012-05-31 17:33 . 2012-05-31 17:33 -------- d-----w- c:\users\paarca\Logitech
2012-05-31 17:33 . 2012-05-31 17:33 -------- d-----w- c:\program files (x86)\Common Files\Remote Control Software Common
2012-05-31 17:33 . 2012-05-31 17:33 -------- d-----w- c:\program files (x86)\Logitech
2012-05-31 17:33 . 2012-05-31 17:33 -------- d-----w- c:\program files (x86)\Common Files\Remote Control USB Driver
2012-05-31 17:33 . 2006-02-07 19:45 757760 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2012-05-31 17:33 . 2006-02-07 19:44 65024 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
2012-05-31 17:33 . 2006-02-07 19:40 204800 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2012-05-31 17:33 . 2006-02-07 19:40 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2012-05-31 17:33 . 2006-02-07 19:40 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2012-05-31 17:33 . 2006-02-07 19:39 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2012-05-31 17:33 . 2005-11-14 03:19 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2012-05-31 17:32 . 2012-05-31 17:32 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2012-05-31 17:32 . 2012-05-31 17:32 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2012-05-31 17:32 . 2012-05-31 17:32 -------- d-----w- c:\users\paarca\AppData\Roaming\InstallShield
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 22:37 . 2012-04-11 12:46 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 22:37 . 2012-03-10 04:01 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-29 14:05 . 2012-03-09 18:17 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-04-11 20:59 . 2012-04-11 20:59 8592 ----a-w- c:\windows\SysWow64\ractrlkeyhook.dll
2012-03-30 11:35 . 2012-05-14 20:56 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-11 4786048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2011-11-28 115624]
"AeXAgentLogon"="c:\program files (x86)\Altiris\Altiris Agent\AeXAgentActivate.exe" [2011-03-24 228696]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Communicator"="c:\program files (x86)\Microsoft Lync\communicator.exe" [2012-05-16 12098648]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2012-01-23 1631808]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2011-01-17 112152]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2010-03-09 46368]
"PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2010-03-09 29984]
"PPort12reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]
"PDFHook"="c:\program files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-06 636192]
"PDF5 Registry Controller"="c:\program files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 62752]
"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2011-04-20 139264]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2011-05-19 2629632]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\paarca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GoZone iSync.lnk - c:\program files (x86)\GoZone\GoZone_iSync.exe [2012-3-22 431608]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableInstallerDetection"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2010-01-04 23:40 17272 ----a-w- c:\windows\System32\PCANotify.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 Altiris Deployment Agent;Altiris Deployment Agent;c:\program files\Altiris\Dagent\dagent.exe [2010-03-22 1960784]
R3 AltirisAgentProvider;AltirisAgentProvider;c:\program files (x86)\Altiris\Altiris Agent\Agents\WMIProviderAgent\AltirisAgentProvider.exe [2011-03-24 620376]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-19 71168]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2012-01-23 478056]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-05-10 174184]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2012-01-23 89152]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2012-01-23 175168]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-20 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 117248]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-29 1255736]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [2012-01-23 31344]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-08-13 27240]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2011-03-29 23664]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 116336]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 87600]
S1 dwvkbd;DameWare Virtual Keyboard 64 bit Driver;c:\windows\system32\DRIVERS\dwvkbd64.sys [2008-03-13 30720]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 Teefer3;Symantec Endpoint Protection Firewall;c:\windows\system32\DRIVERS\Teefer3.sys [2011-11-28 53880]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [2010-12-17 198784]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-07 210896]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2012-01-16 43584]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2012-01-16 62016]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-13 2214504]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-03-09 144672]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [2011-05-25 101888]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2011-05-30 13128]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-12 379496]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-01-17 2656280]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-30 846448]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2011-03-04 166016]
S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-10-17 437288]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-10-17 39976]
S3 DwMirror;DwMirror;c:\windows\system32\DRIVERS\DamewareMini.sys [2008-03-14 5632]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2012-01-11 360624]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-31 138912]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-18 56344]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-10-31 8615936]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPSDRV
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 22:37]
.
2012-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1383384898-842925246-41061Core.job
- c:\users\paarca\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-12 18:08]
.
2012-06-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1383384898-842925246-41061UA.job
- c:\users\paarca\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-12 18:08]
.
2012-06-13 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06]
.
2012-06-26 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DagentUI"="c:\program files\Altiris\Dagent\dagentui.exe" [2010-03-22 847184]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2011-07-14 85832]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-14 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-14 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-14 416024]
"ALCKRESI.EXE"="c:\program files\Lenovo\AutoLock\ALCKRESI.EXE" [2011-09-27 386408]
"TpShocks"="TpShocks.exe" [2011-03-29 380776]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2012-01-16 44096]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2011-10-20 33344]
"DameWare MRC Agent"="c:\windows\dwrcs\DWRCST.exe" [2011-10-14 298960]
"combofix"="c:\combofix\CF11837.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://wis.ifsworld.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: DhcpNameServer = 192.168.1.1
DPF: {25988E0B-4429-4A73-A2B5-7153A68155C7} - hxxp://lcs.corpnet.ifsworld.com/login/secured/docmaw/IFSCliMgrOCX.CAB
DPF: {C2F79C99-53F3-42ED-9DD5-5357214ADDD1} - hxxp://lcs.corpnet.ifsworld.com/login/secured/docmaw/IFSDropArea.CAB
.
- - - - ORPHANS REMOVED - - - -
.
Notify-igfxcui - (no file)
Notify-psfus - (no file)
SafeBoot-Symantec Antvirus
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\Altiris Agent]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\Communications]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\eXpress\NS Client]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files (x86)\Altiris\Altiris Agent\AeXNSAgent.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\SysWOW64\SAsrv.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\windows\SysWOW64\vmnat.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\Lenovo\Access Connections\AcSvc.exe
c:\program files (x86)\VMware\VMware Player\vmware-authd.exe
c:\program files (x86)\Citrix\ICA Client\ssonsvr.exe
c:\progra~1\Lenovo\Zoom\TPSCREX.EXE
c:\progra~1\Lenovo\HOTKEY\TPONSCR.EXE
c:\program files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
c:\program files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\ControlCenter4\BrCtrlCntr.exe
c:\progra~2\ThinkPad\UTILIT~1\SCHTASK.exe
c:\program files (x86)\ControlCenter4\BrCcUxSys.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Lenovo\System Update\SUService.exe
c:\program files (x86)\Microsoft Lync\UcMapi.exe
.
**************************************************************************
.
Completion time: 2012-06-27 07:52:11 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-27 11:52
.
Pre-Run: 233,240,293,376 bytes free
Post-Run: 232,926,842,880 bytes free
.
- - End Of File - - 3D054C4B79128301D47A052947C1C6F4

#11 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,405 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 27 June 2012 - 07:01 AM

Good! :)

How are things running now?
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#12 roadtoy

roadtoy

    New Member

  • Members
  • Pip
  • 12 posts

Posted 27 June 2012 - 07:19 AM

Hi Maniac, I'm not sure. I have been staying off the laptop for fear of causing problems with having this thing removed. I simply ran combofix this time around and did notice a message come up indicating that the system was infected.

Does everything look good according to the logs ? Would I be safe to reconnect to the network ?

#13 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,405 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 27 June 2012 - 07:24 AM

What was the message?
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#14 roadtoy

roadtoy

    New Member

  • Members
  • Pip
  • 12 posts

Posted 27 June 2012 - 07:27 AM

It had simply said.. "files infected", it then said it was restoring from restore point and than began deleting the files indicated in the log.

#15 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,405 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 27 June 2012 - 07:33 AM

Oh, you probably mean these in Other Deletions section. Don't worry! Everything is fine now! :)

Give connect the PC to your network and let me know how are things.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#16 roadtoy

roadtoy

    New Member

  • Members
  • Pip
  • 12 posts

Posted 27 June 2012 - 07:39 AM

Phew !! That's great to know.

Another question, your first response when I created this post was to indicate that backdoor Trojans may compromise the security of the computer.

Was that the case here ? When I'd run a norton scan, it had called the virus by a different name so I'm curious as to what was actually on the computer..



#17 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,405 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 27 June 2012 - 07:44 AM

Your case is exactly as described.

You can find more info here about your infection:
http://www.2-viruses..._medium=twitter
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#18 roadtoy

roadtoy

    New Member

  • Members
  • Pip
  • 12 posts

Posted 27 June 2012 - 08:44 AM

Thankyou for the Response Maniac. I had a look at the link you provided and it certainly makes me nervous.

According to the link you posted, it says that the BCMinner could create a backdoor to the system. Is there any way to know if a backdoor was created ? If BCMinner has been removed, does that mean that if there was a backdoor created, that it's effectively closed ?

#19 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,405 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 27 June 2012 - 09:01 AM

In the beginning I explained that since it is a backdoor trojan, there is no certainty. We try to almost completely delete it, but there is always risk.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#20 roadtoy

roadtoy

    New Member

  • Members
  • Pip
  • 12 posts

Posted 27 June 2012 - 09:05 AM

okay, thank you.

Is there anything else I should do further ?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users