Jump to content

citrinefan

Members
  • Posts

    3
  • Joined

  • Last visited

Everything posted by citrinefan

  1. I am experiencing a number of issues over the last few days. It started with a Blue Screen of Death on Sunday. I have been running Malwarebytes somewhat frequently - now about 3-4 times a day. This morning it found 2 incidents that are repetitive: Trojan.fake.alert file and Trojan.fake.alert memory. File is C:\ProgramFiles\InternetExplorer\14DB.exe. After cleaning the two issues, I rebooted. I also run Trend Office Scan and it is blocking an event in my Registry, write operation HKCU\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon\Shell. This is occuring every 30 seconds to 1 minute, and Trend is blocking the activity. Today I was totally unable to access the internet with wireless or wired connection. I was forced to go back to a previous date, to get access. DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.7600.16385 Run by lwiniarski at 15:41:37 on 2012-01-27 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3070.1563 [GMT -5:00] . AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902} SP: Trend Micro OfficeScan Anti-spyware *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Trend Micro Personal Firewall *Enabled* {50C2E989-60CF-0845-AFD3-290B7D301E79} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\SYSTEM32\WISPTIS.EXE C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Juniper Networks\Common Files\dsNcService.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k regsvc C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Trend Micro\BM\TMBMSRV.exe C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe C:\Windows\system32\conhost.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe C:\Program Files\Real\RealPlayer\Update\realsched.exe C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank uSearch Bar = Preserve mStart Page = about:blank uInternet Settings,ProxyServer = 192.168.1.87:80 uInternet Settings,ProxyOverride = 192.168.*;*.promys.com;<local> BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0401.0\npwinext.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0401.0\npwinext.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe" mRun: [blackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0401.0\mswinext.exe" mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\officescan client\pccntmon.exe" -HideWindow mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\deskto~1.lnk - c:\program files\research in motion\blackberry\DesktopMgr.exe uPolicies-system: HideLegacyLogonScripts = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL Trusted Zone: juniper.net Trusted Zone: mypromys.com\www Trusted Zone: promys.com Trusted Zone: promys.com\beta Trusted Zone: promys.com\www DPF: {00134F72-5284-44F7-95A8-52A619F70751} - hxxps://antigen:4343/officescan/console/html/ClientInstall/WinNTChk.cab DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} - hxxps://antigen:4343/officescan/console/html/ClientInstall/setup.cab DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} - hxxps://www.promys.com/viewer9/activeXViewer/activexviewer.cab DPF: {3AC3D009-2E89-4F1E-9F51-04D4FBD50122} - hxxp://postavocale/shorewaredirector/clientinstall/ShoretelClientInstall.ocx DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://netcordia.webex.com/client/T27LB/nbr/ieatgpc1.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://neo.atrioncomm.com/dana-cached/sc/JuniperSetupClient.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{53584C28-635F-4AB7-902E-9D6E14688C0D} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{53584C28-635F-4AB7-902E-9D6E14688C0D}\E6564776561627 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{EACA20F4-AFDB-4B70-ACC0-D4338E6BF3CC} : DhcpNameServer = 192.168.1.1 . ================= FIREFOX =================== . FF - ProfilePath - c:\users\lwiniarski\appdata\roaming\mozilla\firefox\profiles\u403bwti.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.xfinity.com/customer/start/?attr=mm&cid=insDate09222011 FF - prefs.js: network.proxy.ftp - 192.168.1.87 FF - prefs.js: network.proxy.ftp_port - 80 FF - prefs.js: network.proxy.gopher - 192.168.1.87 FF - prefs.js: network.proxy.gopher_port - 80 FF - prefs.js: network.proxy.http - 192.168.1.87 FF - prefs.js: network.proxy.http_port - 80 FF - prefs.js: network.proxy.socks - 192.168.1.87 FF - prefs.js: network.proxy.socks_port - 80 FF - prefs.js: network.proxy.ssl - 192.168.1.87 FF - prefs.js: network.proxy.ssl_port - 80 FF - prefs.js: network.proxy.type - 0 FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext . ============= SERVICES / DRIVERS =============== . R1 NEOFLTR_700_16007;Juniper Networks TDI Filter Driver (NEOFLTR_700_16007);c:\windows\system32\drivers\NEOFLTR_700_16007.SYS [2010-6-24 84336] R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\drivers\tmlwf.sys [2010-4-24 146960] R2 JuniperAccessService;Juniper Unified Network Service;c:\program files\common files\juniper networks\juns\dsAccessService.exe [2011-4-25 198000] R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-6-15 57424] R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\officescan client\tmxpflt.sys [2010-10-20 262416] R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\officescan client\tmpreflt.sys [2010-10-20 36624] R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\drivers\tmwfp.sys [2010-4-24 283152] R3 MSTabBtn;Quanta Computer Tablet PC Buttons HID Driver;c:\windows\system32\drivers\mstabbtn.sys [2007-3-9 10496] R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-16 136176] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 EDSLSWCU;EDSLSWCU;c:\users\dwear\appdata\local\temp\edslswcu.exe --> c:\users\dwear\appdata\local\temp\EDSLSWCU.exe [?] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-16 136176] S3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\37D4.tmp [2011-10-6 6144] . =============== Created Last 30 ================ . 2012-01-27 20:30:59 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{3856f704-25c9-4109-8159-d45a71fd0e13}\offreg.dll 2012-01-27 19:34:11 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-01-27 18:57:43 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{3856f704-25c9-4109-8159-d45a71fd0e13}\mpengine.dll 2012-01-26 14:48:11 -------- d-----w- c:\users\lwiniarski\appdata\roaming\9A721 2012-01-24 19:58:14 -------- d-----w- C:\9A721 2012-01-24 19:58:12 -------- d-----w- c:\program files\LP 2012-01-24 04:49:25 -------- d-----w- c:\users\lwiniarski\appdata\local\ID Vault 2012-01-24 04:49:25 -------- d-----w- c:\programdata\IsolatedStorage 2012-01-24 04:49:06 -------- d-----w- c:\users\lwiniarski\appdata\roaming\ID Vault 2012-01-24 04:48:48 -------- d-----w- c:\program files\Constant Guard Protection Suite 2012-01-24 04:47:32 -------- d-----w- c:\programdata\White Sky, Inc 2012-01-17 21:34:19 -------- d-----w- c:\program files\Bonjour . ==================== Find3M ==================== . 2012-01-27 19:24:47 102400 ----a-w- c:\windows\RegBootClean.exe 2011-11-24 04:23:31 2340352 ----a-w- c:\windows\system32\win32k.sys 2011-11-05 04:35:50 981504 ----a-w- c:\windows\system32\wininet.dll 2011-11-05 04:34:15 44544 ----a-w- c:\windows\system32\licmgr10.dll 2011-11-05 04:30:11 2048 ----a-w- c:\windows\system32\tzres.dll 2011-11-05 03:28:41 386048 ----a-w- c:\windows\system32\html.iec 2011-11-05 02:55:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb . ============= FINISH: 15:43:04.75 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume2 Install Date: 12/21/2009 2:43:14 PM System Uptime: 1/27/2012 3:29:46 PM (0 hours ago) . Motherboard: Gateway | | Processor: Intel® Core2 Duo CPU T8300 @ 2.40GHz | uFCPGA2 | 2401/800mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 222 GiB total, 150.053 GiB free. D: is FIXED (NTFS) - 11 GiB total, 5.213 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: SASDIFSV Device ID: ROOT\LEGACY_SASDIFSV\0000 Manufacturer: Name: SASDIFSV PNP Device ID: ROOT\LEGACY_SASDIFSV\0000 Service: SASDIFSV . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: SASKUTIL Device ID: ROOT\LEGACY_SASKUTIL\0000 Manufacturer: Name: SASKUTIL PNP Device ID: ROOT\LEGACY_SASKUTIL\0000 Service: SASKUTIL . ==== System Restore Points =================== . RP337: 1/11/2012 3:00:13 AM - Windows Update RP338: 1/13/2012 4:18:24 AM - Windows Update RP339: 1/17/2012 4:40:28 AM - Windows Update RP340: 1/20/2012 10:50:44 AM - Windows Update RP341: 1/21/2012 6:59:43 PM - Windows Update RP342: 1/24/2012 12:36:30 AM - Windows Update RP343: 1/24/2012 3:00:12 AM - Windows Update RP344: 1/24/2012 5:59:39 AM - Windows Defender Checkpoint RP345: 1/27/2012 12:51:16 PM - Restore Operation . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 32 Bit HP BiDi Channel Components Installer Acrobat.com Adobe AIR Adobe Flash Player 10 Plugin Adobe Flash Player 11 ActiveX Adobe Reader 9.2 Adobe Reader 9.4.4 Apple Application Support Apple Mobile Device Support Apple Software Update AVS Image Converter 1.3.2.141 AVS Update Manager 1.0 AVS4YOU Software Navigator 1.4 Bejeweled Blitz BlackBerry Desktop Software 5.0.1 BlackBerry Device Software Updater Comcast Desktop Software (v1.2.0.9) demoMailOutlookAddin2007 FastStone Image Viewer 3.0 FUJIFILM MyFinePix Studio 3.0 Google Earth Plug-in Google Update Helper GoToMeeting 4.8.0.723 iTunes Java Auto Updater Java 6 Update 22 Juniper Networks Cache Cleaner 6.5.0 Juniper Networks Host Checker Juniper Networks Network Connect 7.0.0 Juniper Networks Secure Application Manager Juniper Networks Secure Meeting 6.0.0 Juniper Networks Secure Meeting 6.5.0 Juniper Networks Secure Meeting 7.0.0 Juniper Networks Secure Meeting 7.1.0 Juniper Networks, Inc. Setup Client Malwarebytes Anti-Malware version 1.60.0.1800 Microsoft .NET Framework 4 Client Profile Microsoft Default Manager Microsoft Office 2007 Primary Interop Assemblies Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Excel MUI (English) 2007 Microsoft Office Live Meeting 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Small Business 2007 Microsoft Office Word MUI (English) 2007 Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs Microsoft Search Enhancement Pack Microsoft UI Engine Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual Studio 2005 Tools for Office Runtime Mozilla Firefox (3.6.15) MSN Toolbar MSN Toolbar Platform Music Rescue PrintMaster Gold 4.00 QuickTime RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer RealUpgrade 1.1 Scrabble v2.0 Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2288931) Security Update for 2007 Microsoft Office System (KB2345043) Security Update for 2007 Microsoft Office System (KB2553089) Security Update for 2007 Microsoft Office System (KB2553090) Security Update for 2007 Microsoft Office System (KB2584063) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2344993) ShoreTel Call Manager Simple Image Editor for Web Developers Texas Instruments PCIxx21/x515/xx12 drivers. TIPCI Trend Micro OfficeScan Client Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition Update for Microsoft Office 2007 System (KB2539530) Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Outlook 2007 (KB2583910) Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Update for Outlook 2007 Junk Email Filter (KB2596560) Ven2008 Visual Studio 2005 Tools for Office Second Edition Runtime WebEx Windows Live ID Sign-in Assistant WinPcap 4.1.2 Wireshark 1.4.3 Yahoo! Messenger Yahoo! Search Protection Yahoo! Software Update . ==== Event Viewer Messages From Past Week ======== . 1/27/2012 3:35:24 PM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. 1/27/2012 3:30:44 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL 1/27/2012 3:30:38 PM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain ATRIONCOMM due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain. 1/27/2012 3:30:33 PM, Error: Service Control Manager [7000] - The Ati External Event Utility service failed to start due to the following error: The system cannot find the file specified. 1/27/2012 3:29:01 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TmProxy service. 1/27/2012 3:25:17 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service. 1/27/2012 3:25:17 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 1/27/2012 2:49:03 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running. 1/27/2012 2:49:02 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error: An instance of the service is already running. 1/27/2012 2:49:02 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running. 1/27/2012 2:48:02 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running. 1/27/2012 2:47:03 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 1/27/2012 2:47:03 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 1/27/2012 2:47:03 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 1/27/2012 2:47:03 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 1/27/2012 2:47:03 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 1/27/2012 2:47:03 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 1/27/2012 2:47:03 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 1/27/2012 2:47:03 PM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 1/27/2012 2:47:03 PM, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 1/27/2012 2:47:02 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 1/27/2012 2:47:02 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 1/27/2012 2:47:02 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 1/27/2012 2:47:02 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 1/27/2012 2:47:02 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 1/27/2012 2:47:02 PM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 1/27/2012 2:47:02 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 1/27/2012 2:47:02 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 1/27/2012 10:26:49 AM, Error: Microsoft-Windows-GroupPolicy [1055] - The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller). 1/27/2012 1:13:24 PM, Error: Service Control Manager [7001] - The OfficeScan NT Firewall service depends on the Trend Micro WFP Callout Driver service which failed to start because of the following error: The system cannot find the file specified. 1/27/2012 1:13:24 PM, Error: Service Control Manager [7000] - The Trend Micro WFP Callout Driver service failed to start due to the following error: The system cannot find the file specified. 1/27/2012 1:13:09 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. 1/27/2012 1:13:09 PM, Error: Service Control Manager [7003] - The Internet Connection Sharing (ICS) service depends the following service: BFE. This service might not be installed. 1/27/2012 1:13:09 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. 1/27/2012 1:13:09 PM, Error: Service Control Manager [7000] - The Trend Micro WFP Callout Driver service failed to start due to the following error: There are no more endpoints available from the endpoint mapper. 1/27/2012 1:13:08 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 1/26/2012 12:16:31 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly. 1/24/2012 8:56:04 AM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107. 1/24/2012 8:56:04 AM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed. 1/24/2012 5:53:01 AM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: Not enough storage is available to process this command. 1/24/2012 5:22:08 PM, Error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s). 1/24/2012 4:47:36 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Background Intelligent Transfer Service service, but this action failed with the following error: An instance of the service is already running. 1/24/2012 4:45:37 AM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 2 time(s). 1/24/2012 4:45:37 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 1/24/2012 4:45:37 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 1/24/2012 4:45:37 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 1/24/2012 4:45:37 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 1/24/2012 4:45:37 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 1/24/2012 4:45:37 AM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 1/24/2012 4:45:37 AM, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 1/24/2012 4:45:36 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 1/24/2012 4:45:36 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 1/24/2012 4:45:36 AM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 1/24/2012 4:45:36 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 1/24/2012 4:45:36 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 1/24/2012 4:45:36 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 1/24/2012 12:28:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 1/24/2012 12:28:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 1/24/2012 12:28:29 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 1/24/2012 12:28:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 1/24/2012 12:28:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 1/24/2012 12:28:00 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache SASDIFSV SASKUTIL spldr tmtdi Wanarpv6 1/24/2012 12:27:57 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007a (0xc041ae30, 0xc0000185, 0xaf3f8860, 0x835c69c4). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012412-36379-01. 1/24/2012 12:09:33 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache SASDIFSV SASKUTIL slcu spldr tmtdi Wanarpv6 1/24/2012 12:09:27 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x820d341d, 0x8b627b4c, 0x8b627730). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012412-26644-01. 1/24/2012 12:05:17 PM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: A thread could not be created for the service. 1/24/2012 11:41:01 AM, Error: Service Control Manager [7023] - The Multimedia Class Scheduler service terminated with the following error: Not enough storage is available to process this command. 1/24/2012 10:34:32 AM, Error: Microsoft-Windows-GroupPolicy [1053] - The processing of Group Policy failed. Windows could not resolve the user name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller). 1/23/2012 5:33:32 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007a (0xc0419d70, 0xc0000185, 0x409cd860, 0x833ae9c4). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012312-31028-01. 1/23/2012 5:09:53 PM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance. 1/23/2012 5:08:39 PM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance. 1/23/2012 11:49:13 PM, Error: Service Control Manager [7030] - The CGPS Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 1/23/2012 11:48:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} 1/21/2012 6:42:25 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file. 1/21/2012 2:49:08 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0x821d5000, 0x00000000, 0x890c47f0, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012112-43664-01. . ==== End Of File ===========================
  2. I have also checked regedit & searched all programs that were listed: rpnqrdnm.exe runsrv32.exe tcpservice2.exe susp.exe users32.exe zserv.dll wstart.dll winflash.dll udpmod.dll runsrv32.dll questmod.dll pynix.dll jao.dll bridge.dll None of these or the Bittorrent apps were on my PC. Running Windows 7, IE8 version 8.0.7600.16385
  3. I am experiencing a number of issues over the last few days. It started with a Blue Screen of Death on Sunday. I have been running Malwarebytes somewhat frequently - now about 3-4 times a day. This morning it found 2 incidents that are repetitive: Trojan.fake.alert file and Trojan.fake.alert memory. File is C:\ProgramFiles\InternetExplorer\14DB.exe. After cleaning the two issues, I rebooted. I also run Trend Office Scan and it is blocking an event in my Registry, write operation HKCU\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon\Shell. This is occuring every 30 seconds to 1 minute, and Trend is blocking the activity. I reviewed other posts regarding the FakeAV and have run OTL. The logs are listed below. Any help is greatly appreciated. OTL logfile created on: 1/26/2012 10:35:17 AM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\lwiniarski\Downloads Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 59.56% Memory free 6.00 Gb Paging File | 4.82 Gb Available in Paging File | 80.36% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 221.84 Gb Total Space | 149.50 Gb Free Space | 67.39% Space Free | Partition Type: NTFS Drive D: | 11.05 Gb Total Space | 5.21 Gb Free Space | 47.20% Space Free | Partition Type: NTFS Computer Name: LAURIE-PC | User Name: lwiniarski | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\lwiniarski\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\LP\0819\1B53.exe () PRC - C:\Program Files\21E77\lvvm.exe () PRC - C:\Program Files\Internet Explorer\0B8.exe () PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe (Juniper Networks, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe (Trend Micro Inc.) PRC - C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe (Trend Micro Inc.) PRC - C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe (Trend Micro Inc.) PRC - C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.) PRC - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks) PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe (Trend Micro Inc.) PRC - C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe (Trend Micro Inc.) PRC - C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc) PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files\LP\0819\1B53.exe () MOD - C:\Program Files\21E77\lvvm.exe () MOD - C:\Program Files\Internet Explorer\0B8.exe () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll () ========== Win32 Services (SafeList) ========== SRV - (X) -- File not found SRV - (WFXGRX) -- File not found SRV - (TKST) -- File not found SRV - (EDSLSWCU) -- File not found SRV - (Ati External Event Utility) -- File not found SRV - (JuniperAccessService) -- C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe (Juniper Networks, Inc.) SRV - (tmlisten) -- C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe (Trend Micro Inc.) SRV - (ntrtscan) -- C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe (Trend Micro Inc.) SRV - (TmPfw) -- C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe (Trend Micro Inc.) SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.) SRV - (TMBMServer) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.) SRV - (dsNcService) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks) SRV - (TmProxy) -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe (Trend Micro Inc.) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) ========== Driver Services (SafeList) ========== DRV - (TmFilter) -- C:\Program Files\Trend Micro\OfficeScan Client\tmxpflt.sys (Trend Micro Inc.) DRV - (TmPreFilter) -- C:\Program Files\Trend Micro\OfficeScan Client\tmpreflt.sys (Trend Micro Inc.) DRV - (VSApiNt) -- C:\Program Files\Trend Micro\OfficeScan Client\vsapint.sys (Trend Micro Inc.) DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.) DRV - (tmactmon) -- C:\Windows\System32\drivers\tmactmon.sys (Trend Micro Inc.) DRV - (tmevtmgr) -- C:\Windows\System32\drivers\tmevtmgr.sys (Trend Micro Inc.) DRV - (tmcomm) -- C:\Windows\System32\drivers\tmcomm.sys (Trend Micro Inc.) DRV - (NEOFLTR_700_16007) Juniper Networks TDI Filter Driver (NEOFLTR_700_16007) -- C:\Windows\System32\drivers\NEOFLTR_700_16007.SYS (Juniper Networks) DRV - (dsNcAdpt) -- C:\Windows\System32\drivers\dsNcAdpt.sys (Juniper Networks) DRV - (MEMSWEEP2) -- C:\Windows\System32\37D4.tmp (Sophos Plc) DRV - (tmwfp) -- C:\Windows\System32\drivers\tmwfp.sys (Trend Micro Inc.) DRV - (tmlwf) -- C:\Windows\System32\drivers\tmlwf.sys (Trend Micro Inc.) DRV - (tmtdi) -- C:\Windows\System32\drivers\tmtdi.sys (Trend Micro Inc.) DRV - (dc3d) MS Hardware Device Detection Driver (HID) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (netw5v32) Intel® -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments) DRV - (MSTabBtn) -- C:\Windows\System32\drivers\mstabbtn.sys (Quanta Computer Inc.) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*;*.promys.com;<local>;*.local IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:58707 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.xfinity.com/customer/start/?attr=mm&cid=insDate09222011" FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2 FF - prefs.js..extensions.enabledItems: idvaultaddin@whitesky:1.0 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.25 FF - prefs.js..network.proxy.ftp: "192.168.1.87" FF - prefs.js..network.proxy.ftp_port: 80 FF - prefs.js..network.proxy.gopher: "192.168.1.87" FF - prefs.js..network.proxy.gopher_port: 80 FF - prefs.js..network.proxy.no_proxies_on: "192.168.*,*.promys.com,localho,t,127.0.0.1,*.local" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "192.168.1.87" FF - prefs.js..network.proxy.socks_port: 80 FF - prefs.js..network.proxy.ssl: "192.168.1.87" FF - prefs.js..network.proxy.ssl_port: 80 FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 58707 FF - prefs.js..network.proxy.type: 1 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/02/11 13:47:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/06/11 02:06:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/25 10:19:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/25 10:19:40 | 000,000,000 | ---D | M] [2011/02/01 09:43:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lwiniarski\AppData\Roaming\mozilla\Extensions [2011/02/01 09:43:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lwiniarski\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2011/02/01 09:43:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lwiniarski\AppData\Roaming\mozilla\Firefox\Profiles\u403bwti.default\extensions [2012/01/24 17:20:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/01/25 10:19:40 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2011/02/11 13:47:23 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT [2012/01/23 23:49:11 | 000,000,000 | ---D | M] (XFINITY Constant Guard Protection Suite) -- C:\PROGRAMDATA\WHITE SKY, INC\ID VAULT\XPCOM3 [2012/01/25 10:19:38 | 000,025,560 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2012/01/25 10:19:38 | 000,140,760 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2012/01/25 10:19:39 | 000,067,032 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2011/04/14 02:39:02 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2011/02/11 13:47:19 | 000,150,712 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2011/02/11 13:47:37 | 000,011,776 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll [2011/02/11 13:47:14 | 000,100,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2012/01/12 09:17:25 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml [2012/01/12 09:17:25 | 000,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml [2012/01/12 09:17:25 | 000,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2012/01/12 09:17:25 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml [2012/01/12 09:17:26 | 000,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2012/01/12 09:17:26 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml [2012/01/12 09:17:26 | 000,001,096 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml O1 HOSTS File: ([2012/01/24 01:50:47 | 000,000,856 | RH-- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 94.63.240.122 www.bing.com O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll (Microsoft Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4 - HKLM..\Run: [0B8.exe] C:\Program Files\LP\0819\0B8.exe () O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [blackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation) O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe (Microsoft Corp.) O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 1 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O15 - HKCU\..Trusted Domains: juniper.net ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: mypromys.com ([www] http in Trusted sites) O15 - HKCU\..Trusted Domains: promys.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: promys.com ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: promys.com ([]https in Trusted sites) O15 - HKCU\..Trusted Domains: promys.com ([beta] http in Trusted sites) O15 - HKCU\..Trusted Domains: promys.com ([www] http in Trusted sites) O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} https://antigen:4343/officescan/console/html/ClientInstall/WinNTChk.cab (ObjWinNTCheck Class) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} https://antigen:4343/officescan/console/html/ClientInstall/setup.cab (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) O16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} https://www.promys.com/viewer9/activeXViewer/activexviewer.cab (Crystal Report Viewer Control 9) O16 - DPF: {3AC3D009-2E89-4F1E-9F51-04D4FBD50122} http://postavocale/shorewaredirector/clientinstall/ShoretelClientInstall.ocx (Shoretel SClientInstall) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab (WorldWinner ActiveX Launcher Control) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab (PopCapLoader Object) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://netcordia.webex.com/client/T27LB/nbr/ieatgpc1.cab (GpcContainer Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://neo.atrioncomm.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = atrioncomm.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53584C28-635F-4AB7-902E-9D6E14688C0D}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EACA20F4-AFDB-4B70-ACC0-D4338E6BF3CC}: DhcpNameServer = 10.128.16.10 10.128.12.48 10.128.12.58 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) -C:\Windows\System32\credssp.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) -C:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) -C:\Windows\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) -C:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) -C:\Windows\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) -C:\Windows\System32\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) -C:\Windows\System32\tspkg.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) -C:\Windows\System32\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) -C:\Windows\System32\livessp.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{cf95dd0b-3f52-11e0-ad1d-00e0b8d07081}\Shell - "" = AutoRun O33 - MountPoints2\{cf95dd0b-3f52-11e0-ad1d-00e0b8d07081}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/01/26 09:48:11 | 000,000,000 | ---D | C] -- C:\Users\lwiniarski\AppData\Roaming\9A721 [2012/01/24 14:58:24 | 000,000,000 | ---D | C] -- C:\Program Files\21E77 [2012/01/24 14:58:14 | 000,000,000 | ---D | C] -- C:\9A721 [2012/01/24 14:58:12 | 000,000,000 | ---D | C] -- C:\Program Files\LP [2012/01/23 23:49:25 | 000,000,000 | ---D | C] -- C:\ProgramData\IsolatedStorage [2012/01/23 23:49:25 | 000,000,000 | ---D | C] -- C:\Users\lwiniarski\AppData\Local\ID Vault [2012/01/23 23:49:06 | 000,000,000 | ---D | C] -- C:\Users\lwiniarski\AppData\Roaming\ID Vault [2012/01/23 23:48:48 | 000,000,000 | ---D | C] -- C:\Program Files\Constant Guard Protection Suite [2012/01/23 23:47:32 | 000,000,000 | ---D | C] -- C:\ProgramData\White Sky, Inc [2012/01/17 16:41:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012/01/17 16:40:06 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012/01/17 16:40:05 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012/01/17 16:34:19 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2012/01/17 16:33:35 | 000,000,000 | ---D | C] -- C:\Program Files\Safari [2012/01/17 16:30:17 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2012/01/10 17:45:08 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll [2012/01/10 17:45:07 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2012/01/10 17:45:07 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/01/26 10:37:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/01/26 09:47:32 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/01/26 08:01:23 | 000,102,400 | ---- | M] () -- C:\Windows\RegBootClean.exe [2012/01/26 06:22:04 | 000,013,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/01/26 06:22:04 | 000,013,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/01/26 06:21:05 | 000,671,476 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/01/26 06:21:05 | 000,121,564 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/01/26 06:14:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/01/26 06:14:21 | 2414,669,824 | -HS- | M] () -- C:\hiberfil.sys [2012/01/25 10:38:41 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012/01/24 12:27:49 | 313,222,763 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012/01/24 01:50:47 | 000,000,856 | RH-- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012/01/17 16:41:42 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/01/17 16:33:44 | 000,002,503 | ---- | M] () -- C:\Users\lwiniarski\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk [2012/01/17 16:33:44 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk [2012/01/06 17:01:05 | 000,501,457 | ---- | M] () -- C:\Users\lwiniarski\Documents\outlookcontacttest.csv [2012/01/06 17:00:55 | 000,038,495 | ---- | M] () -- C:\Users\lwiniarski\AppData\Roaming\Comma Separated Values (Windows).ADR [2012/01/03 12:15:52 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/01/17 16:41:42 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/01/17 16:33:44 | 000,002,503 | ---- | C] () -- C:\Users\lwiniarski\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk [2012/01/17 16:33:44 | 000,002,491 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk [2012/01/17 16:33:44 | 000,002,479 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk [2012/01/06 17:00:56 | 000,501,457 | ---- | C] () -- C:\Users\lwiniarski\Documents\outlookcontacttest.csv [2012/01/06 17:00:55 | 000,038,495 | ---- | C] () -- C:\Users\lwiniarski\AppData\Roaming\Comma Separated Values (Windows).ADR [2012/01/03 12:15:52 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2011/10/06 12:41:20 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2011/10/06 12:41:20 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2011/10/06 12:41:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011/10/06 12:41:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011/10/06 12:41:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011/04/29 08:51:06 | 000,007,609 | ---- | C] () -- C:\Users\lwiniarski\AppData\Local\Resmon.ResmonCfg [2011/04/09 12:20:54 | 000,000,215 | ---- | C] () -- C:\Windows\PowerReg.dat [2011/02/22 21:50:03 | 000,102,400 | ---- | C] () -- C:\Windows\RegBootClean.exe [2011/02/22 12:13:18 | 000,000,052 | ---- | C] () -- C:\Windows\pixworks.ini [2011/02/01 09:43:16 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011/01/28 08:43:36 | 000,000,321 | ---- | C] () -- C:\Windows\ulead32.ini [2010/09/29 10:24:49 | 000,000,000 | ---- | C] () -- C:\Windows\MSREGUSR.INI [2010/09/09 12:37:53 | 000,187,432 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2010/06/25 12:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll [2010/01/25 11:07:34 | 000,001,084 | ---- | C] () -- C:\Windows\cfgrs.ini [2010/01/25 11:07:34 | 000,000,134 | ---- | C] () -- C:\Windows\cfgrs_ex.ini [2010/01/12 11:16:49 | 000,008,830 | ---- | C] () -- C:\Windows\cfgall.ini [2010/01/05 14:55:08 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin [2009/12/21 17:21:52 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009/12/21 14:53:31 | 000,000,484 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009/07/13 23:33:53 | 000,451,888 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009/07/13 21:05:48 | 000,671,476 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009/07/13 21:05:48 | 000,121,564 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009/07/13 19:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2008/12/11 11:27:24 | 000,544,096 | ---- | C] () -- C:\Users\lwiniarski\AppData\Roaming\com.kennettnet.MusicRescue4.Profiles.plist [2008/12/11 10:53:20 | 008,243,720 | ---- | C] () -- C:\Users\lwiniarski\AppData\Roaming\com.kennettnet.MusicRescue4.plist [2007/04/11 00:45:54 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2007/04/11 00:22:40 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2007/03/06 20:04:54 | 000,143,676 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat ========== LOP Check ========== [2012/01/26 09:48:34 | 000,000,000 | ---D | M] -- C:\Users\lwiniarski\AppData\Roaming\9A721 [2011/04/04 13:18:51 | 000,000,000 | ---D | M] -- C:\Users\lwiniarski\AppData\Roaming\Elluminate [2012/01/23 23:49:07 | 000,000,000 | ---D | M] -- C:\Users\lwiniarski\AppData\Roaming\ID Vault [2011/08/22 13:05:39 | 000,000,000 | ---D | M] -- C:\Users\lwiniarski\AppData\Roaming\Juniper Networks [2010/01/05 14:55:00 | 000,000,000 | ---D | M] -- C:\Users\lwiniarski\AppData\Roaming\Research In Motion [2011/02/23 10:12:29 | 000,000,000 | ---D | M] -- C:\Users\lwiniarski\AppData\Roaming\ShoreWare Client [2010/09/22 08:43:54 | 000,000,000 | ---D | M] -- C:\Users\lwiniarski\AppData\Roaming\TeamViewer [2011/01/28 09:32:23 | 000,000,000 | ---D | M] -- C:\Users\lwiniarski\AppData\Roaming\Ulead Systems [2010/06/16 13:49:49 | 000,000,000 | ---D | M] -- C:\Users\lwiniarski\AppData\Roaming\Uniblue [2011/11/09 10:17:16 | 000,000,000 | ---D | M] -- C:\Users\lwiniarski\AppData\Roaming\webex [2011/02/01 10:55:44 | 000,000,000 | ---D | M] -- C:\Users\lwiniarski\AppData\Roaming\Wireshark [2012/01/24 14:12:30 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Extras logfile created on: 1/26/2012 10:35:17 AM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\lwiniarski\Downloads Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 59.56% Memory free 6.00 Gb Paging File | 4.82 Gb Available in Paging File | 80.36% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 221.84 Gb Total Space | 149.50 Gb Free Space | 67.39% Space Free | Partition Type: NTFS Drive D: | 11.05 Gb Total Space | 5.21 Gb Free Space | 47.20% Space Free | Partition Type: NTFS Computer Name: LAURIE-PC | User Name: lwiniarski | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Shoreline Communications\ShoreWare Client\PCM.exe" = C:\Program Files\Shoreline Communications\ShoreWare Client\PCM.exe:*:Enabled:ShoreTel.PCM.App -- (ShoreTel Inc.) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant "{0F9A1A4C-F215-4552-A68B-2E5E6874D01F}" = Ven2008 "{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java 6 Update 22 "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in "{3364BD16-5A28-4862-86A1-A8FF5FD23919}" = Music Rescue "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support "{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3CEAD321-98B1-4A0D-A260-9E8A64B4863D}" = ShoreTel Call Manager "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies "{607398CF-354B-4E21-B1BC-549424BFD04C}" = TIPCI "{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager "{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com "{66468F4D-BC4E-470C-9093-B3B6A1BB378C}" = MSN Toolbar Platform "{6BA13EFC-E8D0-4D37-AF04-42796CF0E8F5}" = BlackBerry Device Software Updater "{6FE79FC8-51FF-480A-97A6-EA97AD88C9EE}" = Simple Image Editor for Web Developers "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{75AE638F-750A-11DF-96D5-005056806466}" = Google Earth Plug-in "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support "{8C70B362-EA4F-45E1-889B-C83144601382}" = demoMailOutlookAddin2007 "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007 "{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC388C78-2619-452C-BFBE-FABCC3194387}" = Microsoft Office Live Meeting 2007 "{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2 "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4 "{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes "{CE86E2F5-850C-4207-94A3-A58D647B1733}" = BlackBerry Desktop Software 5.0.1 "{CEF7211D-CE3A-44C4-B321-D84A2099AE94}" = Comcast Desktop Software (v1.2.0.9) "{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime "{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari "ActiveTouchMeetingClient" = WebEx "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AVS Image Converter_is1" = AVS Image Converter 1.3.2.141 "AVS Update Manager_is1" = AVS Update Manager 1.0 "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4 "Bejeweled Blitz" = Bejeweled Blitz "BlackBerry_{CE86E2F5-850C-4207-94A3-A58D647B1733}" = BlackBerry Desktop Software 5.0.1 "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "FastStone Image Viewer" = FastStone Image Viewer 3.0 "InstallShield_{607398CF-354B-4E21-B1BC-549424BFD04C}" = Texas Instruments PCIxx21/x515/xx12 drivers. "Juniper Network Connect 7.0.0" = Juniper Networks Network Connect 7.0.0 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime "Mozilla Firefox (3.6.25)" = Mozilla Firefox (3.6.25) "MyFinePix Studio_is1" = FUJIFILM MyFinePix Studio 3.0 "Neoteris_Secure_Application_Manager" = Juniper Networks Secure Application Manager "OfficeScanNT" = Trend Micro OfficeScan Client "PrintMaster Gold 4.00" = PrintMaster Gold 4.00 "RealPlayer 12.0" = RealPlayer "Scrabble v2.0" = Scrabble v2.0 "SMALLBUSINESSR" = Microsoft Office Small Business 2007 "WinPcapInst" = WinPcap 4.1.2 "Wireshark" = Wireshark 1.4.3 "Yahoo! Messenger" = Yahoo! Messenger "Yahoo! Search Defender" = Yahoo! Search Protection "Yahoo! Software Update" = Yahoo! Software Update ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "GoToMeeting" = GoToMeeting 4.8.0.723 "Juniper Secure Meeting 6.0.0" = Juniper Networks Secure Meeting 6.0.0 "Juniper Secure Meeting 6.5.0" = Juniper Networks Secure Meeting 6.5.0 "Juniper Secure Meeting 7.0.0" = Juniper Networks Secure Meeting 7.0.0 "Juniper Secure Meeting 7.1.0" = Juniper Networks Secure Meeting 7.1.0 "Juniper_Networks_Cache_Cleaner 6.5.0" = Juniper Networks Cache Cleaner 6.5.0 "Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client "Neoteris_Host_Checker" = Juniper Networks Host Checker ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 11/22/2011 10:47:43 PM | Computer Name = LAURIE-PC.atrioncomm.com | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. Error - 11/23/2011 2:59:45 PM | Computer Name = LAURIE-PC.atrioncomm.com | Source = Application Hang | ID = 1002 Description = The program DesktopMgr.exe version 5.0.1.37 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: bc0 Start Time: 01cca9e6cdce5e2e Termination Time: 109 Application Path: C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe Report Id: Error - 11/23/2011 2:59:46 PM | Computer Name = LAURIE-PC.atrioncomm.com | Source = Application Hang | ID = 1002 Description = The program EXCEL.EXE version 12.0.6565.5003 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1928 Start Time: 01ccaa055e7107aa Termination Time: 0 Application Path: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE Report Id: Error - 11/23/2011 2:59:54 PM | Computer Name = LAURIE-PC.atrioncomm.com | Source = Application Hang | ID = 1002 Description = The program OUTLOOK.EXE version 12.0.6562.5003 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 14c4 Start Time: 01ccaa08f9d6555b Termination Time: 0 Application Path: C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE Report Id: Error - 11/23/2011 5:17:20 PM | Computer Name = LAURIE-PC.atrioncomm.com | Source = SideBySide | ID = 16842824 Description = Activation context generation failed for "C:\Program Files\PointMarketing\demoMailOutlookAddin2007\demoMailOutlookAddin2007.dll.Manifest".Error in manifest or policy file "C:\Program Files\PointMarketing\demoMailOutlookAddin2007\demoMailOutlookAddin2007.dll.Manifest" on line 4. The element asmv2:clrClassInvocation appears as a child of element urn:schemas-microsoft-com:asm.v1^entryPoint which is not supported by this version of Windows. Error - 11/23/2011 5:17:23 PM | Computer Name = LAURIE-PC.atrioncomm.com | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "C:\Program Files\Common Files\Research In Motion\AppLoader\MailServerMAPIProxy64.exe". Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 11/23/2011 5:19:36 PM | Computer Name = LAURIE-PC.atrioncomm.com | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. Error - 11/25/2011 9:38:26 AM | Computer Name = LAURIE-PC.atrioncomm.com | Source = SideBySide | ID = 16842824 Description = Activation context generation failed for "C:\Program Files\PointMarketing\demoMailOutlookAddin2007\demoMailOutlookAddin2007.dll.Manifest".Error in manifest or policy file "C:\Program Files\PointMarketing\demoMailOutlookAddin2007\demoMailOutlookAddin2007.dll.Manifest" on line 4. The element asmv2:clrClassInvocation appears as a child of element urn:schemas-microsoft-com:asm.v1^entryPoint which is not supported by this version of Windows. Error - 11/25/2011 9:38:29 AM | Computer Name = LAURIE-PC.atrioncomm.com | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "C:\Program Files\Common Files\Research In Motion\AppLoader\MailServerMAPIProxy64.exe". Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 11/25/2011 9:40:34 AM | Computer Name = LAURIE-PC.atrioncomm.com | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. [ OSession Events ] Error - 1/7/2010 6:02:17 PM | Computer Name = LAURIE-PC.atrioncomm.com | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 8520 seconds with 180 seconds of active time. This session ended with a crash. Error - 5/28/2010 1:43:32 PM | Computer Name = LAURIE-PC.atrioncomm.com | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7406 seconds with 0 seconds of active time. This session ended with a crash. Error - 10/14/2011 3:23:32 AM | Computer Name = LAURIE-PC.atrioncomm.com | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 50266 seconds with 120 seconds of active time. This session ended with a crash. [ System Events ] Error - 1/26/2012 7:14:48 AM | Computer Name = LAURIE-PC.atrioncomm.com | Source = Service Control Manager | ID = 7000 Description = The Trend Micro WFP Callout Driver service failed to start due to the following error: %%1753 Error - 1/26/2012 7:14:50 AM | Computer Name = LAURIE-PC.atrioncomm.com | Source = Microsoft-Windows-GroupPolicy | ID = 1129 Description = The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. Error - 1/26/2012 7:14:54 AM | Computer Name = LAURIE-PC.atrioncomm.com | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL Error - 1/26/2012 7:15:24 AM | Computer Name = LAURIE-PC.atrioncomm.com | Source = Service Control Manager | ID = 7000 Description = The Trend Micro WFP Callout Driver service failed to start due to the following error: %%2 Error - 1/26/2012 7:15:24 AM | Computer Name = LAURIE-PC.atrioncomm.com | Source = Service Control Manager | ID = 7000 Description = The Trend Micro WFP Callout Driver service failed to start due to the following error: %%2 Error - 1/26/2012 7:15:24 AM | Computer Name = LAURIE-PC.atrioncomm.com | Source = Service Control Manager | ID = 7001 Description = The OfficeScan NT Firewall service depends on the Trend Micro WFP Callout Driver service which failed to start because of the following error: %%2 Error - 1/26/2012 7:15:25 AM | Computer Name = LAURIE-PC.atrioncomm.com | Source = Service Control Manager | ID = 7000 Description = The Trend Micro WFP Callout Driver service failed to start due to the following error: %%2 Error - 1/26/2012 7:15:25 AM | Computer Name = LAURIE-PC.atrioncomm.com | Source = Service Control Manager | ID = 7001 Description = The OfficeScan NT Firewall service depends on the Trend Micro WFP Callout Driver service which failed to start because of the following error: %%2 Error - 1/26/2012 10:47:37 AM | Computer Name = LAURIE-PC.atrioncomm.com | Source = Microsoft-Windows-GroupPolicy | ID = 1129 Description = The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. Error - 1/26/2012 11:15:22 AM | Computer Name = LAURIE-PC.atrioncomm.com | Source = NETLOGON | ID = 5719 Description = This computer was not able to set up a secure session with a domain controller in domain ATRIONCOMM due to the following: %%1311 This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain. < End of report >
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.