Jump to content

tat2ddeviant

Members
 View Profile  See their activity

  • Posts

    10

  • Joined

  • Last visited

 Content Type 

Everything posted by tat2ddeviant

  1. tat2ddeviant
    Realized I created the other thread incorrectly, so doing it right this time. When trying to run windows updates getting a Windows update error 80244019 (among other odd behavior) Updated and ran Malwarebytes and ran in safe-mode, nothing found. Windows 7 Core i5 8GB Ram 256SSD DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16750 BrowserJavaVersion: 10.45.2 Run by arg at 15:07:28 on 2014-02-21 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8065.6072 [GMT -5:00] . AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files (x86)\Jetico\BCWipe\BCWipeSvc.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\Program Files (x86)\Jetico\BCWipe\BCWipeTM.exe C:\Program Files (x86)\Jetico\BCWipe\BCWipeTM.exe C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\System32\WUDFHost.exe C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\svchost.exe -k NetworkService C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\CREDANT\CREDANT Manager\Credant.Manager.Loader.exe C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Windows\system32\svchost.exe -k HsfXAudioService C:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Windows\system32\IProsetMonitor.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe C:\Windows\system32\o2flash.exe C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Windows\system32\svchost.exe -k regsvc C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\wbem\WmiApSrv.exe C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\CREDANT\CREDANT Manager\Credant.Manager.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\IDT\WDM\sttray64.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Program Files\DellTPad\Apoint.exe C:\Program Files\Greenshot\Greenshot.exe C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE C:\Program Files\UltraMon\UltraMon.exe C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files\UltraMon\UltraMonTaskbar.exe C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\DellTPad\Apntex.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files (x86)\Citrix\ICA Client\concentr.exe C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\UltraMon\UltraMonUiAcc.exe C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files\Synergy\synergyc.exe C:\Windows\SysWOW64\atashost.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Windows\system32\sppsvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\coieplg.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: DVDVideoSoft IE Extension: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\coieplg.dll TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\coieplg.dll uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" mRun: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript mRun: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey mRun: [bCWipeTM Startup] "C:\Program Files (x86)\Jetico\BCWipe\BCWipeTM.exe" startup mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60 mRun: [EaseUS EPM tray] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" StartupFolder: C:\Users\arg\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\UltraMon.lnk - C:\Windows\Installer\{537056B7-32A4-4408-9B54-0341963C7C9C}\IcoUltraMon.ico uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 uPolicies-Explorer: NoReadingPane = dword:1 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm IE: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll Trusted Zone: cbord.com Trusted Zone: live.com Trusted Zone: salesforce.com Trusted Zone: sharepoint.com Trusted Zone: webex.com DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - C:\Users\arg\AppData\Local\Temp\f5tmp\urxvpn.cab DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - C:\Users\arg\AppData\Local\Temp\f5tmp\f5tunsrv.cab DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - C:\Users\arg\AppData\Local\Temp\IXP000.TMP\InstallerControl.cab#-1,-1,-1,-1 DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - C:\Users\arg\AppData\Local\Temp\f5tmp\urxshost.cab DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - C:\Users\arg\AppData\Local\Temp\f5tmp\urxhost.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{21EF0F4B-D0D6-4AE5-926B-46BFDFBDA3AF} : DHCPNameServer = 10.1.1.85 TCP: Interfaces\{4B4FD816-0B32-42C3-8764-1BAA07E0A3B2} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{4B4FD816-0B32-42C3-8764-1BAA07E0A3B2}\35B495E454450274C4F42414C40244546454E4355402E4544575F425B4 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{4B4FD816-0B32-42C3-8764-1BAA07E0A3B2}\35F6D6D656273456E6475627 : DHCPNameServer = 10.3.11.8 10.3.11.9 TCP: Interfaces\{4B4FD816-0B32-42C3-8764-1BAA07E0A3B2}\74F425D414E4 : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{4B4FD816-0B32-42C3-8764-1BAA07E0A3B2}\75943544F4D43574F4C44454E425F444 : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{4B4FD816-0B32-42C3-8764-1BAA07E0A3B2}\75943544F4D43574F4C44454E425F44423 : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{C2E84BB2-B7C1-445F-BD17-12AF6F2A56CD} : DHCPNameServer = 192.168.1.1 Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll Notify: PCANotify - PCANotify.dll Notify: SEP - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\WinLogoutNotifier.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\coieplg.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-BHO: DVDVideoSoft IE Extension: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll x64-TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\coieplg.dll x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [intelPROSet] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PROSet/Wireless x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe x64-Run: [Greenshot] C:\Program Files\Greenshot\Greenshot.exe x64-Run: [DFEPApplication] C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe x64-Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL Hosts: 10.1.1.12 fileserver01ny.cbord.com fileserver01ny Hosts: 10.1.1.11 fileserver02ny.cbord.com fileserver02ny Hosts: 10.1.1.12 cfs.cbord.com Hosts: 10.1.1.33 citrix.cbord.com citrix Hosts: 10.1.1.26 ssrs.cbord.com ssrs . Note: multiple HOSTS entries found. Please refer to Attach.txt . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\arg\AppData\Roaming\Mozilla\Firefox\Profiles\x2rzjsox.default\ FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\arg\AppData\Roaming\Mozilla\plugins\npatgpc.dll FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll . ---- FIREFOX POLICIES ---- Code: Select all FF - user.js: noscript.untrusted - ad.linkstorms.com adbrite.com adbureau.net addynamix.com adgardener.com ads.alphatrade.com ads.forbes.com ads.pointroll.com ads.reason.com ads.space.com ads1.msn.com adsonar.com adtech.de adtology3.com advertising.com adzones.com afy11.net blogads.com doubleclick.net getclicky.com google-analytics.com googleadservices.com googlesyndication.com hitbox.com quantserve.com serving-sys.com specificclick.net statcounter.com tacoda.net zedo.com hxxp://adbrite.com http://adbureau.net http://addynamix.com http://adgardener.com http://adsonar.com http://adtech.de http://adtology3.com http://advertising.com http://adzones.com http://afy11.net http://blogads.com http://doubleclick.net http://getclicky.com http://google-analytics.com http://googleadservices.com http://googlesyndication.com http://hitbox.com http://quantserve.com http://serving-sys.com http://specificclick.net http://statcounter.com http://tacoda.net http://zedo.com https://adbrite.com https://adbureau.net https://addynamix.com https://adgardener.com https://adsonar.com https://adtech.de https://adtology3.com https://advertising.com https://adzones.com https://afy11.net https://blogads.com https://doubleclick.net https://getclicky.com https://google-analytics.com https://googleadservices.com https://googlesyndication.com https://hitbox.com https://quantserve.com https://serving-sys.com https://specificclick.net https://statcounter.com https://tacoda.net https://zedo.com ============= SERVICES / DRIVERS =============== . R0 CredFltL;CredFltL;C:\Windows\System32\drivers\CredFltL.sys [2013-1-28 36608] R0 CredFltU;CredFltU;C:\Windows\System32\drivers\CredFltU.sys [2013-1-28 18688] R0 fsh;fsh;C:\Windows\System32\drivers\fsh.sys [2013-12-11 68800] R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-3-24 20024] R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2013-3-24 22128] R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\SEP\0C010FAD\0FAD.105\x64\SymDS64.sys [2013-10-20 493656] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\SEP\0C010FAD\0FAD.105\x64\SymEFA64.sys [2013-10-20 1147480] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\BASHDefs\20140121.011\BHDrvx64.sys [2014-2-4 1526488] R1 ccSet_NST;Norton Identity Safe Settings Manager;C:\Windows\System32\drivers\NSTx64\7DE06000.01B\ccsetx64.sys [2013-10-17 162392] R1 ccSettings_{2FF4FBED-F03A-4EE2-AC58-C985811A4FBE};Symantec Endpoint Protection 12.1.4013.4013.105 Settings Manager;C:\Windows\System32\drivers\SEP\0C010FAD\0FAD.105\x64\ccSetx64.sys [2013-10-20 169048] R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2011-4-25 87600] R1 NEOFLTR_7113_22557;Juniper Networks TDI Filter Driver (NEOFLTR_7113_22557);C:\Windows\System32\drivers\NEOFLTR_7113_22557.SYS [2013-9-23 99192] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368] R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\SEP\0C010FAD\0FAD.105\x64\Ironx64.sys [2013-10-20 224856] R1 SYMNETS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\SEP\0C010FAD\0FAD.105\x64\symnets.sys [2013-10-20 437336] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-10 144152] R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2013-4-3 120848] R2 BCWipeSvc;BCWipe service;C:\Program Files (x86)\Jetico\BCWipe\BCWipeSvc.exe [2013-12-11 87840] R2 Credential Vault Host Control Service;Credential Vault Host Control Service;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2011-12-2 1043872] R2 Credential Vault Host Storage;Credential Vault Host Storage;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2011-12-2 36768] R2 CredMgmtAgent;CREDANT Manager Agent;C:\Program Files\CREDANT\CREDANT Manager\Credant.Manager.exe [2013-1-28 1854304] R2 CredMgmtLoader;CREDANT Manager Loader;C:\Program Files\CREDANT\CREDANT Manager\Credant.Manager.Loader.exe [2013-1-28 17760] R2 DFEPService;Dell Feature Enhancement Pack Service;C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2012-8-15 2280504] R2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-13 27136] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-3-24 13632] R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-7-27 636952] R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2013-3-24 189608] R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-3-24 166432] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-9-23 418376] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-9-23 701512] R2 NCO;Norton Identity Safe;C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\nst.exe [2013-10-17 129424] R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-12-7 167424] R2 SepMasterService;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe [2013-10-20 144368] R2 UltraMonUtility;UltraMon Utility Driver;C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-3-24 365600] R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2013-6-19 557968] R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-8-23 3342640] R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2013-3-24 292864] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2013-3-24 176096] R3 cvusbdrv;Dell ControlVault;C:\Windows\System32\drivers\cvusbdrv.sys [2013-3-24 45672] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-2-7 137648] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-3-24 331264] R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-3-24 358456] R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-3-24 791608] R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2012-10-9 25528] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-9-23 25928] R3 O2SDJRDR;O2SDJRDR;C:\Windows\System32\drivers\o2sdjw7x64.sys [2013-3-24 84712] R3 ST_ACCEL;STMicroelectronics Accelerometer Service;C:\Windows\System32\drivers\ST_ACCEL.sys [2013-3-24 68208] R3 urvpndrv;F5 Networks VPN Adapter;C:\Windows\System32\drivers\covpnv64.sys [2012-4-5 45776] R3 usb3Hub;USB-IF USB 3.0 Hub;C:\Windows\System32\drivers\usb3Hub.sys [2012-10-9 47072] R3 XHCIPort;USB-IF xHCI USB Host Controller;C:\Windows\System32\drivers\xHCIPort.sys [2012-10-9 188896] S1 Uim_VIM;UIM Virtual Image Plugin;C:\Windows\System32\drivers\uim_vimx64.sys [2013-2-18 390352] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408] S3 acsock;acsock;C:\Windows\System32\drivers\acsock64.sys [2013-6-19 112080] S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168] S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2014-1-6 17480] S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2014-1-6 9800] S3 f5ipfw;F5 Networks StoneWall Filter;C:\Windows\System32\drivers\urfltv64.sys [2013-6-13 18992] S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2013-5-18 33736] S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2012-12-7 36928] S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2012-10-9 35256] S3 MftWipeFilter;Jetico file system filter;C:\Windows\System32\drivers\MftWipeFilter.sys [2013-12-11 32960] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-8-23 272688] S3 netvsc;netvsc;C:\Windows\System32\drivers\netvsc60.sys [2010-11-21 168448] S3 O2MDFRDR;O2MDFRDR;C:\Windows\System32\drivers\o2mdfw7x64.sys [2013-3-24 72808] S3 O2MDRRDR;O2MDRRDR;C:\Windows\System32\drivers\O2MDRw7x64.sys [2013-3-24 74984] S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-4-3 19456] S3 RecFltr;Reclusa Keyboard;C:\Windows\System32\drivers\RecFltr.sys [2007-1-18 45440] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136] S3 SynthVid;SynthVid;C:\Windows\System32\drivers\VMBusVideoM.sys [2010-11-21 22528] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-15 56832] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-4-3 30208] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-4-3 1255736] S3 wbfcvusbdrv;WBF Control Vault;C:\Windows\System32\drivers\wbfcvusbdrv.sys [2011-12-2 15976] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464] S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088] S4 BCSWAP;BCSWAP;C:\Windows\System32\drivers\bcswap.sys [2013-12-11 124992] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== File Associations =============== . FileExt: .txt: Applications\TextPad.exe="C:\Program Files (x86)\TextPad 7\TextPad.exe" -s "%1" [userChoice] . =============== Created Last 30 ================ . 2014-02-21 05:46:22 -------- d-----w- C:\ProgramData\GroupPolicy 2014-02-18 19:17:40 -------- d---a-w- C:\Download Sort - Firefox 2014-02-06 13:15:47 -------- d-----w- C:\Users\arg\AppData\Local\LaCie 2014-02-06 13:15:37 -------- d-----w- C:\Program Files\LaCie 2014-02-06 06:19:21 420752 ----a-w- C:\Windows\SysWow64\SymVPN.dll 2014-02-06 06:19:21 158096 ----a-w- C:\Windows\System32\FwsVpn.dll 2014-02-06 05:15:42 -------- d-----w- C:\ProgramData\regid.1992-12.com.symantec 2014-02-06 05:15:40 -------- d-----w- C:\Windows\System32\drivers\SEP\0C010FAD\0FAD.105\x64 2014-02-06 05:15:40 -------- d-----w- C:\Windows\System32\drivers\SEP\0C010FAD\0FAD.105 2014-02-06 05:15:40 -------- d-----w- C:\Windows\System32\drivers\SEP\0C010FAD 2014-02-03 13:53:49 -------- d-----w- C:\_ 3Get Funds 2014-01-27 14:20:58 -------- d-----w- C:\Program Files\Microsoft Mouse and Keyboard Center 2014-01-24 04:59:09 -------- d-----w- C:\Program Files (x86)\Jetico . ==================== Find3M ==================== . 2014-02-15 18:47:15 210960 ----a-w- C:\Windows\SysWow64\atsckernel.exe 2014-02-15 18:47:15 120848 ----a-w- C:\Windows\SysWow64\atashost.exe 2014-02-06 06:19:21 576912 ----a-w- C:\Windows\System32\SymVPN.dll 2014-02-06 06:19:21 56720 ----a-w- C:\Windows\System32\snacnp.dll 2014-02-06 06:19:21 50576 ----a-w- C:\Windows\SysWow64\snacnp.dll 2014-02-06 06:19:21 44448 ----a-w- C:\Windows\System32\drivers\WGX64.SYS 2014-02-06 06:19:21 136080 ----a-w- C:\Windows\SysWow64\FwsVpn.dll 2014-02-06 05:16:34 177752 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS 2014-02-05 04:12:07 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2014-02-05 04:12:07 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-12-11 09:09:48 32960 ----a-w- C:\Windows\System32\drivers\MftWipeFilter.sys 2013-12-11 06:55:01 363808 ----a-w- C:\Windows\BCUnInstall.exe 2013-11-27 01:42:42 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys 2013-11-27 01:42:20 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys 2013-11-27 01:42:18 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys 2013-11-27 01:42:16 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys 2013-11-27 01:42:13 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys 2013-11-27 01:42:12 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys 2013-11-27 01:42:08 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys 2013-11-26 11:40:00 376768 ----a-w- C:\Windows\System32\drivers\netio.sys 2013-11-26 10:32:56 3156480 ----a-w- C:\Windows\System32\win32k.sys . ============= FINISH: 15:07:39.78 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume2 Install Date: 4/2/2013 2:34:57 PM System Uptime: 2/21/2014 3:02:44 PM (0 hours ago) . Motherboard: Dell Inc. | | 0CPWYR Processor: Intel® Core i5-3230M CPU @ 2.60GHz | SOCKET 0 | 2601/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 238 GiB total, 77.852 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Device ID: ROOT\NET\0002 Manufacturer: Cisco Systems Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 PNP Device ID: ROOT\NET\0002 Service: vpnva . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft Virtual WiFi Miniport Adapter Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&424B243&0&01 Manufacturer: Microsoft Name: Microsoft Virtual WiFi Miniport Adapter PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&424B243&0&01 Service: vwifimp . ==== System Restore Points =================== . No restore point in system. . ==== Hosts File Hijack ====================== . Hosts: 10.1.1.12 fileserver01ny.cbord.com fileserver01ny Hosts: 10.1.1.11 fileserver02ny.cbord.com fileserver02ny Hosts: 10.1.1.12 cfs.cbord.com Hosts: 10.1.1.33 citrix.cbord.com citrix Hosts: 10.1.1.26 ssrs.cbord.com ssrs Hosts: 10.1.1.100 email.cbord.com email Hosts: 10.1.1.101 exchange01ny.cbord.com exchange01ny Hosts: 10.1.1.102 exchange02ny.cbord.com exchange02ny Hosts: 10.1.1.114 ares.cbord.com ares Hosts: 10.1.1.158 clear.cbord.com clear Hosts: 10.1.1.159 eclear.cbord.com eclear Hosts: 10.1.1.85 dc01ny.cbord.com dc01ny Hosts: 10.1.1.55 dc02ny.cbord.com dc02ny Hosts: 10.1.1.16 source.cbord.com source Hosts: 10.1.6.3 vulcan.cbord.com vulcan Hosts: 10.1.1.171 fd2.cbord.com fd2 Hosts: 10.1.1.78 fd8.cbord.com fd8 Hosts: 10.1.1.17 fms-auto-build.cbord.com fms-auto-build Hosts: 10.1.20.131 fit-dotnet.cbord.com fit-dotnet Hosts: 10.1.1.71 share.cbord.com share Hosts: 10.1.1.72 share.cbord.com share Hosts: 10.1.1.150 im.cbord.com im Hosts: 10.1.1.149 im01.cbord.com im01 Hosts: 10.1.0.225 confluence.cbord.com confluence Hosts: 10.1.1.129 webtimesheet.cbord.com webtimesheet Hosts: 10.1.1.172 wwwhis.cbord.com wwwhis Hosts: 10.1.1.127 delphi.cbord.com delphi Hosts: 10.1.1.62 hades.cbord.com hades Hosts: 10.1.1.76 intranet.cbord.com Hosts: 10.1.1.34 merlin.cbord.com merlin Hosts: 10.1.1.14 symposium.cbord.com symposium Hosts: 10.1.1.111 echo.cbord.com echo Hosts: 172.17.1.41 getadmin.ugryd.com Hosts: 10.3.1.35 tps-ody-build.cbord.com Hosts: 172.31.1.234 gopher.services.local gopher Hosts: 172.31.1.121 wsusup.services.local wsusup Hosts: 172.31.1.21 hostsvcs1.services.local Hosts: 172.31.1.22 hostsvcs2.services.local Hosts: 172.31.1.24 hostsvcs4.services.local Hosts: 172.31.1.25 hostsvcs5.services.local Hosts: 172.31.1.26 hostsvcs6.services.local Hosts: 172.31.1.27 hostsvcs7.services.local Hosts: 172.31.1.28 hostsvcs8.services.local Hosts: 172.31.1.29 hostsvcs9.services.local Hosts: 172.31.1.30 hostsvcs10.services.local Hosts: 172.31.1.32 hostsvcs12.services.local Hosts: 172.31.1.34 hostsvcs14.services.local Hosts: 172.31.1.35 hostsvcs15.services.local . ==== Installed Programs ====================== . Adobe Flash Player 12 ActiveX Adobe Flash Player 12 Plugin Adobe Reader XI (11.0.06) Advanced Renamer Apple Application Support Apple Mobile Device Support Apple Software Update Auslogics Registry Cleaner BCWipe 6.0 BIG-IP Edge Client Components (All Users) Bonjour Bulk Rename Utility 2.7.1.2 CCleaner Cisco AnyConnect Secure Mobility Client Cisco AnyConnect Secure Mobility Client Citrix online plug-in - web Citrix online plug-in (DV) Citrix online plug-in (HDX) Citrix online plug-in (USB) Citrix online plug-in (Web) Conexant HDA D330 MDC V.92 Modem CREDANT Manager D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition Defraggler Dell Client System Update Dell ControlVault Host Components Installer 64 bit Dell Edoc Viewer Dell Feature Enhancement Pack Dell Touchpad Dell Webcam Central Dropbox EaseUS Partition Master 9.3.0 File Renamer - Basic FileZilla Client 3.7.3 Free Studio version 2013 Greenshot 1.1.6.2779 Intel PROSet Wireless Intel® Control Center Intel® Management Engine Components Intel® Network Connections 16.8.45.00 Intel® Processor Graphics Intel® Rapid Storage Technology Intel® USB 3.0 eXtensible Host Controller Driver Intel® WiDi Intel® Wireless Display Intel® PROSet/Wireless WiFi Software Intel® Trusted Connect Service Client IPTInstaller iTunes Java 7 Update 40 (64-bit) Java 7 Update 45 Java Auto Updater Juniper Networks Network Connect 7.0.0 Juniper Networks Network Connect 7.1.0 Juniper Networks Secure Application Manager Juniper Networks, Inc. Setup Client Juniper Terminal Services Client Junk Mail filter update K-Lite Mega Codec Pack 9.9.0 LaCie Network Assistant 1.5.15.72 LiveReg (Symantec Corporation) LiveUpdate 1.80 (Symantec Corporation) Logitech Touch Mouse Server 1.0 Malwarebytes Anti-Malware version 1.75.0.1300 Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Lync 2010 Microsoft Mouse and Keyboard Center Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Office 32-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 32-bit MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Modem Diagnostic Tool Mozilla Firefox 27.0.1 (x86 en-US) Mozilla Maintenance Service Mp3tag v2.58 MSVCRT MSVCRT_amd64 Music NFO Builder version 1.21a Netwaiting Norton Identity Safe OpenVPN 2.1_rc4 Password Policy Client 7.01 PCDJ DEX 2 2.6.4.0 PCDJ VJ PowerDVD DX SAMSUNG Mobile Modem Driver Set Samsung Mobile phone USB driver Drive Software SAMSUNG Mobile USB Modem 1.0 Software SAMSUNG Mobile USB Modem Software Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2) Security Update for Microsoft Excel 2010 (KB2826033) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2553284) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2687423) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2826023) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2826035) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2850016) 64-Bit Edition Security Update for Microsoft Outlook 2010 (KB2837597) 64-Bit Edition Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition SI TSS Skype™ 6.6 ST Microelectronics 3 Axis Digital Accelerometer Solution SUPERAntiSpyware Symantec Endpoint Protection Symantec pcAnywhere Synergy TextPad 7 Ultimate Windows Customizer UltraMon Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2836939) Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition Update for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit Edition Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition Update for Microsoft Office 2010 (KB2826026) 64-Bit Edition Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition Update for Microsoft OneNote 2010 (KB2810072) 64-Bit Edition Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition Update for Microsoft Word 2010 (KB2837593) 64-Bit Edition VLC media player 2.0.6 WebEx Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Resource Kit Tools - SubInAcl.exe WinMerge 2.14.0 WinRAR archiver WinZip . ==== Event Viewer Messages From Past Week ======== . 2/21/2014 3:03:58 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 2/21/2014 3:03:18 PM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. 2/21/2014 3:03:10 PM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain CBORDNT due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain. 2/21/2014 3:02:57 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: awlegacy Gernuwa UimBus Uim_IM Uim_VIM 2/21/2014 3:02:54 PM, Error: Service Control Manager [7001] - The SI TSS v1.2.1.41 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully. 2/21/2014 3:02:54 PM, Error: Microsoft-Windows-TaskScheduler [413] - Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183. 2/21/2014 3:02:46 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\awlegacy.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 2/21/2014 2:39:20 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 2/21/2014 2:39:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 2/21/2014 2:39:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 2/21/2014 2:39:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 2/21/2014 2:39:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 2/21/2014 2:37:28 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 2/21/2014 2:35:56 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 2/21/2014 2:35:48 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21 2/21/2014 2:35:28 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: awlegacy BHDrvx64 ccSettings_{2FF4FBED-F03A-4EE2-AC58-C985811A4FBE} ccSet_NST ctxusbm discache eeCtrl Gernuwa SASDIFSV SASKUTIL spldr SRTSP SRTSPX SymIRON SYMNETS UimBus Uim_IM Uim_VIM Wanarpv6 2/21/2014 2:35:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B} 2/21/2014 2:15:28 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 2/21/2014 2:15:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 2/21/2014 2:15:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 2/21/2014 2:14:56 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD awlegacy BHDrvx64 ccSettings_{2FF4FBED-F03A-4EE2-AC58-C985811A4FBE} ccSet_NST CSC ctxusbm DfsC discache eeCtrl Gernuwa NEOFLTR_7113_22557 NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr SRTSP SRTSPX SymIRON SYMNETS tdx UimBus Uim_IM Uim_VIM vwififlt Wanarpv6 WfpLwf 2/21/2014 2:14:56 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 2/21/2014 2:14:56 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 2/21/2014 2:14:56 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 2/21/2014 2:14:56 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 2/21/2014 2:14:56 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 2/21/2014 2:14:56 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 2/21/2014 2:14:56 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 2/21/2014 2:14:56 PM, Error: Service Control Manager [7001] - The Netlogon service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start. 2/21/2014 2:14:56 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 2/21/2014 2:14:56 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 2/21/2014 1:24:34 PM, Error: Microsoft-Windows-GroupPolicy [1030] - The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this operation at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful. 2/20/2014 8:42:23 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service. 2/20/2014 8:33:35 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ZeroConfigService service. 2/20/2014 8:33:05 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service. 2/20/2014 8:32:35 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SepMasterService service. 2/20/2014 8:32:11 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service. 2/20/2014 8:32:05 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service. 2/20/2014 8:31:38 AM, Error: Service Control Manager [7000] - The Symantec Management Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 2/20/2014 8:31:37 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Symantec Management Client service to connect. 2/20/2014 8:31:35 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service. 2/17/2014 2:56:19 PM, Error: Microsoft-Windows-GroupPolicy [1054] - The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly. 2/15/2014 5:08:32 AM, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1067] - The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. . . ==== End Of File =========================== attach.zip
  2. tat2ddeviant
    Getting a Windows update error 80244019 Updated and ran Malwarebytes and ran in safe-mode, nothing found. Little help..? Windows 7 Core i5 8GB Ram 256SSD Thanks, -Tat
  3. tat2ddeviant
    Full scan came up clean, everything is working beautifully. Just no sec. update. Ran Roguekiller, and found zeroaccess trojan (which RK took care of nicely), MS Sec update was finally able to run. Think I'm in the clear.. THANKS FOR ALL YOUR HELP..!!!!
  4. tat2ddeviant
    Well, the IP address blocking seems to have stopped, but I'm still unable to run MS security updates. I'm guessing that's pointing to a larger issue..?
  5. tat2ddeviant
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.0.3 (09.27.2013:1) OS: Windows 7 Professional x64 Ran by arg on Thu 10/03/2013 at 9:33:39.84 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358060857-1380795615-1237804090-2007\Software\SweetIM Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\webcakedesktop_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\webcakedesktop_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askchecker_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askchecker_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\askchecker_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\askchecker_RASMANCS Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} ~~~ Files ~~~ Folders ~~~ FireFox Successfully deleted: [File] C:\Users\arg\AppData\Roaming\mozilla\firefox\profiles\x2rzjsox.default\user.js Successfully deleted: [File] C:\Users\arg\AppData\Roaming\mozilla\firefox\profiles\x2rzjsox.default\searchplugins\sweetim.xml Successfully deleted: [Folder] C:\Users\arg\AppData\Roaming\mozilla\firefox\profiles\x2rzjsox.default\extensions\staged Successfully deleted the following from C:\Users\arg\AppData\Roaming\mozilla\firefox\profiles\x2rzjsox.default\prefs.js user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", ""); user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", ""); user_pref("sweetim.toolbar.previous.keyword.URL", ""); Emptied folder: C:\Users\arg\AppData\Roaming\mozilla\firefox\profiles\x2rzjsox.default\minidumps [42 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Thu 10/03/2013 at 9:37:41.97 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v3.006 - Report created 03/10/2013 at 09:42:26 # Updated 01/10/2013 by Xplode # Operating System : Windows 7 Professional Service Pack 1 (64 bits) # Username : arg - ARG # Running from : C:\Users\arg\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16686 -\\ Mozilla Firefox v24.0 (en-US) [ File : C:\Users\arg\AppData\Roaming\Mozilla\Firefox\Profiles\x2rzjsox.default\prefs.js ] ************************* AdwCleaner[R0].txt - [1148 octets] - [03/10/2013 09:40:05] AdwCleaner[R1].txt - [880 octets] - [03/10/2013 09:42:10] AdwCleaner[s0].txt - [1150 octets] - [03/10/2013 09:40:52] AdwCleaner[s1].txt - [802 octets] - [03/10/2013 09:42:26] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [861 octets] ########## All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found. Registry key HKEY_USERS\S-1-5-21-1358060857-1380795615-1237804090-2007\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found. Prefs.js: "http://start.sweetpa...06.10045&barid={7E8E07B7-F654-11E2-8FF6-463500000031}&q=" removed from keyword.URL Prefs.js: "" removed from sweetim.toolbar.previous.browser.search.defaultenginename Prefs.js: "" removed from sweetim.toolbar.previous.browser.search.selectedEngine Prefs.js: "https://timesaver.ad...1s/TS/login.php" removed from browser.startup.homepage Prefs.js: "" removed from sweetim.toolbar.previous.keyword.URL File C:\Users\arg\AppData\Roaming\mozilla\firefox\profiles\x2rzjsox.default\searchplugins\sweetim.xml not found. Folder C:\Users\arg\AppData\Roaming\uTorrent\ not found. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\arg\Desktop\cmd.bat deleted successfully. C:\Users\arg\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 158616837 bytes ->Temporary Internet Files folder emptied: 12046933 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 598 bytes User: All Users User: arg ->Temp folder emptied: 2290709 bytes ->Temporary Internet Files folder emptied: 13208050 bytes ->Java cache emptied: 434559 bytes ->FireFox cache emptied: 31944550 bytes ->Flash cache emptied: 717 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: setup %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 5 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 4206460 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 43216639 bytes RecycleBin emptied: 16450932 bytes Total Files Cleaned = 269.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 10032013_094912 Files\Folders moved on Reboot... C:\Users\arg\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File\Folder C:\Users\arg\AppData\Local\Temp\~DF36723F4D315EFDFA.TMP not found! C:\Users\arg\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully. C:\Windows\temp\wbxtra_10032013_094527.wbt moved successfully. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot...
  6. tat2ddeviant
    OTL Extras logfile created on: 10/3/2013 9:07:13 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\arg\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16686) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.88 Gb Total Physical Memory | 5.61 Gb Available Physical Memory | 71.18% Memory free 15.75 Gb Paging File | 13.38 Gb Available in Paging File | 84.98% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 237.70 Gb Total Space | 135.98 Gb Free Space | 57.21% Space Free | Partition Type: NTFS Computer Name: ARG | User Name: arg | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1358060857-1380795615-1237804090-2007\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications] "AllowUserPrefMerge" = 1 "Enabled" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List] "%programfiles%\Microsoft Office Communicator\communicator.exe:*:enabled:Communicator" = %programfiles%\Microsoft Office Communicator\communicator.exe:*:enabled:Communicator "%systemdrive%\Clarify\eFrontOffice10.1.1\ClarifyClient\clarify.exe:*:enabled:Clarify" = %systemdrive%\Clarify\eFrontOffice10.1.1\ClarifyClient\clarify.exe:*:enabled:Clarify 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts] "AllowUserPrefMerge" = 1 "Enabled" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List] "1333:UDP:localsubnet:enabled:Password Policy Enforcer" = 1333:UDP:localsubnet:enabled:Password Policy Enforcer 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings] "AllowOutboundDestinationUnreachable" = 0 "AllowOutboundSourceQuench" = 0 "AllowRedirect" = 0 "AllowInboundEchoRequest" = 1 "AllowInboundRouterRequest" = 0 "AllowOutboundTimeExceeded" = 0 "AllowOutboundParameterProblem" = 0 "AllowInboundTimestampRequest" = 0 "AllowInboundMaskRequest" = 0 "AllowOutboundPacketTooBig" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging] "LogDroppedPackets" = 1 "LogSuccessfulConnections" = 1 "LogFilePath" = c:\windows\firewall.log "LogFileSize" = 4096 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings] "Enabled" = 1 "RemoteAddresses" = localsubnet 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint] "Enabled" = 1 "RemoteAddresses" = localsubnet,10.1.0.0/21,172.20.0.0/16 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop] "Enabled" = 1 "RemoteAddresses" = * 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\UPnPFramework] "Enabled" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications] "AllowUserPrefMerge" = 1 "Enabled" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications\List] "%programfiles%\Messenger\msmsgs.exe:*:enabled:Messenger" = %programfiles%\Messenger\msmsgs.exe:*:enabled:Messenger "%programfiles%\Microsoft Office Communicator\communicator.exe:*:enabled:Communicator" = %programfiles%\Microsoft Office Communicator\communicator.exe:*:enabled:Communicator "%systemdrive%\Clarify\eFrontOffice10.1.1\ClarifyClient\clarify.exe:*:enabled:Clarify" = %systemdrive%\Clarify\eFrontOffice10.1.1\ClarifyClient\clarify.exe:*:enabled:Clarify "%WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice" = %WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice "%WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe:*:Enabled: Offer Remote Assistance" = %WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe:*:Enabled: Offer Remote Assistance "%WINDIR%\SYSTEM32\Sessmgr.exe:*:Enabled:Remote Assistance" = %WINDIR%\SYSTEM32\Sessmgr.exe:*:Enabled:Remote Assistance 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts] "AllowUserPrefMerge" = 1 "Enabled" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts\List] "135:TCP:*:Enabled:Offer Remote Assistance" = 135:TCP:*:Enabled:Offer Remote Assistance "2967:UDP:*:enabled:Symantec AV Rtvscan" = 2967:UDP:*:enabled:Symantec AV Rtvscan "38293:UDP:*:enabled:Symantec AV LiveUpdate" = 38293:UDP:*:enabled:Symantec AV LiveUpdate "1333:UDP:localsubnet:enabled:Password Policy Enforcer" = 1333:UDP:localsubnet:enabled:Password Policy Enforcer 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Logging] "LogDroppedPackets" = 1 "LogSuccessfulConnections" = 1 "LogFilePath" = c:\windows\firewall.log "LogFileSize" = 4096 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\RemoteAdminSettings] "Enabled" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\FileAndPrint] "Enabled" = 1 "RemoteAddresses" = localsubnet 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\RemoteDesktop] "Enabled" = 1 "RemoteAddresses" = * 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\UPnPFramework] "Enabled" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications] "AllowUserPrefMerge" = 1 "Enabled" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List] "%programfiles%\Microsoft Office Communicator\communicator.exe:*:enabled:Communicator" = %programfiles%\Microsoft Office Communicator\communicator.exe:*:enabled:Communicator "%systemdrive%\Clarify\eFrontOffice10.1.1\ClarifyClient\clarify.exe:*:enabled:Clarify" = %systemdrive%\Clarify\eFrontOffice10.1.1\ClarifyClient\clarify.exe:*:enabled:Clarify [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts] "AllowUserPrefMerge" = 1 "Enabled" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List] "1333:UDP:localsubnet:enabled:Password Policy Enforcer" = 1333:UDP:localsubnet:enabled:Password Policy Enforcer [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings] "AllowOutboundDestinationUnreachable" = 0 "AllowOutboundSourceQuench" = 0 "AllowRedirect" = 0 "AllowInboundEchoRequest" = 1 "AllowInboundRouterRequest" = 0 "AllowOutboundTimeExceeded" = 0 "AllowOutboundParameterProblem" = 0 "AllowInboundTimestampRequest" = 0 "AllowInboundMaskRequest" = 0 "AllowOutboundPacketTooBig" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging] "LogDroppedPackets" = 1 "LogSuccessfulConnections" = 1 "LogFilePath" = c:\windows\firewall.log "LogFileSize" = 4096 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings] "Enabled" = 1 "RemoteAddresses" = localsubnet [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint] "Enabled" = 1 "RemoteAddresses" = localsubnet,10.1.0.0/21,172.20.0.0/16 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop] "Enabled" = 1 "RemoteAddresses" = * [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\UPnPFramework] "Enabled" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications] "AllowUserPrefMerge" = 1 "Enabled" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications\List] "%programfiles%\Messenger\msmsgs.exe:*:enabled:Messenger" = %programfiles%\Messenger\msmsgs.exe:*:enabled:Messenger "%programfiles%\Microsoft Office Communicator\communicator.exe:*:enabled:Communicator" = %programfiles%\Microsoft Office Communicator\communicator.exe:*:enabled:Communicator "%systemdrive%\Clarify\eFrontOffice10.1.1\ClarifyClient\clarify.exe:*:enabled:Clarify" = %systemdrive%\Clarify\eFrontOffice10.1.1\ClarifyClient\clarify.exe:*:enabled:Clarify "%WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice" = %WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice "%WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe:*:Enabled: Offer Remote Assistance" = %WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe:*:Enabled: Offer Remote Assistance "%WINDIR%\SYSTEM32\Sessmgr.exe:*:Enabled:Remote Assistance" = %WINDIR%\SYSTEM32\Sessmgr.exe:*:Enabled:Remote Assistance [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts] "AllowUserPrefMerge" = 1 "Enabled" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts\List] "135:TCP:*:Enabled:Offer Remote Assistance" = 135:TCP:*:Enabled:Offer Remote Assistance "2967:UDP:*:enabled:Symantec AV Rtvscan" = 2967:UDP:*:enabled:Symantec AV Rtvscan "38293:UDP:*:enabled:Symantec AV LiveUpdate" = 38293:UDP:*:enabled:Symantec AV LiveUpdate "1333:UDP:localsubnet:enabled:Password Policy Enforcer" = 1333:UDP:localsubnet:enabled:Password Policy Enforcer [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Logging] "LogDroppedPackets" = 1 "LogSuccessfulConnections" = 1 "LogFilePath" = c:\windows\firewall.log "LogFileSize" = 4096 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\RemoteAdminSettings] "Enabled" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\FileAndPrint] "Enabled" = 1 "RemoteAddresses" = localsubnet [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\RemoteDesktop] "Enabled" = 1 "RemoteAddresses" = * [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\UPnPFramework] "Enabled" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0B7FB37E-8EF9-4AF3-8009-1ED580D2DB19}," = lport=3389 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{104AFA5B-454D-48B4-A5C0-86584122A2B0}" = dir=in | app=c:\program files\microsoft lync\ucmapi64.exe | "{11A9CFAB-C576-4411-88AA-4F95B7730A66}" = dir=in | app=c:\program files (x86)\microsoft lync\communicator.exe | "{19D0B929-0320-4796-AC62-572A0DF2CB7B}" = dir=in | app=c:\program files (x86)\microsoft lync\ucmapi.exe | "{4450DF7D-7033-4C2B-BDC6-B5865AAA3A59}" = protocol=6 | dir=in | app=c:\program files\synergy\synergys.exe | "{508BD393-73BC-4BA5-BC03-A16FF8536CED}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech touch mouse server\itouch-server-win.exe | "{60398DDD-C2F9-4CAB-A9EB-43E2B19BD7F8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{6DB9373E-0B2B-42D6-BAAB-1C2D9FD03D32}" = protocol=17 | dir=in | app=c:\program files\synergy\synergys.exe | "{E3FA80C6-BC94-4976-9AE4-5C2913027C78}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{E46FB5F7-EF26-4FDA-A01D-0CC66249F03A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{E643C8C1-2E8B-4E97-80D9-8A9D19487525}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech touch mouse server\itouch-server-win.exe | "TCP Query User{02E458DC-36B2-47AD-8E20-840232BF4654}C:\program files (x86)\logitech touch mouse server\itouch-server-win.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech touch mouse server\itouch-server-win.exe | "TCP Query User{2C571B04-4C7C-4168-958E-2D6C6BC394FD}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=6 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe | "TCP Query User{52053458-D910-41DA-A42E-3504562ADF3B}C:\program files\synergy\synergys.exe" = protocol=6 | dir=in | app=c:\program files\synergy\synergys.exe | "TCP Query User{77286718-53C1-4779-A57B-EC1F62763B51}C:\program files (x86)\logitech touch mouse server\itouch-server-win.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech touch mouse server\itouch-server-win.exe | "TCP Query User{81B909F0-6B4E-4B3B-BE0A-DBDEB87A5F89}C:\program files\synergy\synergys.exe" = protocol=6 | dir=in | app=c:\program files\synergy\synergys.exe | "UDP Query User{010BFD36-18DC-4CEF-9F92-A4DA6DE693B9}C:\program files (x86)\logitech touch mouse server\itouch-server-win.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech touch mouse server\itouch-server-win.exe | "UDP Query User{07076B4A-8E90-4FD9-8313-5739060EDE27}C:\program files\synergy\synergys.exe" = protocol=17 | dir=in | app=c:\program files\synergy\synergys.exe | "UDP Query User{1AC5ADE3-DB62-441A-A75D-8211AE468574}C:\program files\synergy\synergys.exe" = protocol=17 | dir=in | app=c:\program files\synergy\synergys.exe | "UDP Query User{69E6C105-7DAD-467D-8A44-B1088BBECAB7}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=17 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe | "UDP Query User{6F7DDD8F-6A0E-4597-B5E6-0B5EDE028BD3}C:\program files (x86)\logitech touch mouse server\itouch-server-win.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech touch mouse server\itouch-server-win.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518) "{0335701D-8E28-4A7F-B0EF-312974755BB2}" = Modem Diagnostic Tool "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{26A24AE4-039D-4CA4-87B4-2F86417040FF}" = Java 7 Update 40 (64-bit) "{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display "{2CDF9857-2CC5-423C-8415-F2D796517C7F}" = Dell ControlVault Host Components Installer 64 bit "{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{537056B7-32A4-4408-9B54-0341963C7C9C}" = UltraMon "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6097158B-0184-4140-BEC3-7885794D2571}" = Intel® WiDi "{6438A99C-A37E-4758-A0AE-95F8A63AAFF5}" = Intel® Network Connections 16.8.45.00 "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{6DEFE980-DF48-477A-B6E4-D30CEA0D31EA}" = CREDANT Manager "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7AB8C73F-03FE-48AE-990C-CCB8D6C4FAB8}" = Intel® Trusted Connect Service Client "{81BE0B17-563B-45D4-B198-5721E6C665CD}" = Microsoft Lync 2010 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{87C925D6-F6BF-4FBD-840B-53BAE2648B7B}" = Symantec Endpoint Protection "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer "{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{39E35753-DE4A-419C-AB3D-DE38058C3103}" = "{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-1000-0000000FF1CE}_Office14.PROPLUS_{B5F5C3B8-2C08-4712-97AA-A68582A2D00B}" = "{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-1000-0000000FF1CE}_Office14.PROPLUS_{B5F5C3B8-2C08-4712-97AA-A68582A2D00B}" = "{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUS_{B5F5C3B8-2C08-4712-97AA-A68582A2D00B}" = "{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-1000-0000000FF1CE}_Office14.PROPLUS_{B5F5C3B8-2C08-4712-97AA-A68582A2D00B}" = "{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{B5F5C3B8-2C08-4712-97AA-A68582A2D00B}" = "{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-1000-0000000FF1CE}_Office14.PROPLUS_{B5F5C3B8-2C08-4712-97AA-A68582A2D00B}" = "{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{B5F5C3B8-2C08-4712-97AA-A68582A2D00B}" = "{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B5F5C3B8-2C08-4712-97AA-A68582A2D00B}" = "{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUS_{B5F5C3B8-2C08-4712-97AA-A68582A2D00B}" = "{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010 "{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{B5F5C3B8-2C08-4712-97AA-A68582A2D00B}" = "{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010 "{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUS_{B5F5C3B8-2C08-4712-97AA-A68582A2D00B}" = "{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 "{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUS_{B5F5C3B8-2C08-4712-97AA-A68582A2D00B}" = "{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUS_{B5F5C3B8-2C08-4712-97AA-A68582A2D00B}" = "{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-1000-0000000FF1CE}_Office14.PROPLUS_{B5F5C3B8-2C08-4712-97AA-A68582A2D00B}" = "{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 "{90140000-00BA-0409-1000-0000000FF1CE}_Office14.PROPLUS_{B5F5C3B8-2C08-4712-97AA-A68582A2D00B}" = "{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{992D1CE7-A20F-4AB0-9D9D-AFC3418844DA}" = Dell Feature Enhancement Pack "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad "{A2309A2F-4BEB-45C8-92E1-84D430AC15AD}" = SI TSS "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{ECE5B218-A086-4E18-A362-D11181681457}" = Intel® PROSet/Wireless WiFi Software "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F73A118B-8271-47E2-8790-0C636B2539C5}" = iTunes "CCleaner" = CCleaner "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem "Greenshot_is1" = Greenshot 1.1.5.2643 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "ProInst" = Intel PROSet Wireless "PROSetDX" = Intel® Network Connections 16.8.45.00 "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "WinRAR archiver" = WinRAR archiver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{04566294-A6B6-4462-9721-031073EB3694}" = Dell Client System Update "{08208143-777D-4A06-BB54-71BF0AD1BB70}" = IPTInstaller "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver "{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 40 "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{29466812-44FB-46B9-8D46-A9F45146EC99}" = Password Policy Client 7.01 "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Netwaiting "{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6 "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7170F93F-6B61-4DC1-A664-0E222744CEC7}" = Citrix online plug-in (DV) "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1" = Auslogics Registry Cleaner "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}" = ST Microelectronics 3 Axis Digital Accelerometer Solution "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9F53AC20-2D32-4341-9DA1-29DD40E2199E}" = TextPad 7 "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A80CEA4E-74C1-4F9F-806B-E1D9AFC01768}" = inSSIDer 3 "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) "{AE66F944-596A-4D09-9A1C-DAF3DE836991}" = Citrix online plug-in (HDX) "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D641760F-FE66-4655-99B9-59A451F2FFAB}" = Citrix online plug-in (USB) "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E05E8183-866A-11D3-97DF-0000F8D8F2E9}" = Symantec pcAnywhere "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E5F05232-96B6-4552-A480-785A60A94B21}" = System Requirements Lab CYRI "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center "{F9F0C5D5-AAE5-45FA-95C2-CA1EE0FA067A}" = Citrix online plug-in (Web) "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "ActiveTouchMeetingClient" = WebEx "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Bulk Rename Utility_is1" = Bulk Rename Utility 2.7.1.2 "CitrixOnlinePluginPackWeb" = Citrix online plug-in - web "Dell Webcam Central" = Dell Webcam Central "F5 Networks Client Components" = BIG-IP Edge Client Components (All Users) "File Renamer - Basic" = File Renamer - Basic "FileZilla Client" = FileZilla Client 3.7.3 "Juniper Network Connect 7.1.0" = Juniper Networks Network Connect 7.1.0 "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.9.0 "LiveReg" = LiveReg (Symantec Corporation) "LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation) "Logitech Touch Mouse Server" = Logitech Touch Mouse Server 1.0 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "Mozilla Firefox 24.0 (x86 en-US)" = Mozilla Firefox 24.0 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "Mp3tag" = Mp3tag v2.54 "Neoteris_Secure_Application_Manager" = Juniper Networks Secure Application Manager "OpenVPN" = OpenVPN 2.1_rc4 "PCDJ VJ" = PCDJ VJ "Synergy" = Synergy "VLC media player" = VLC media player 2.0.6 "WinLiveSuite" = Windows Live Essentials "WinZip" = WinZip ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1358060857-1380795615-1237804090-2007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client "Juniper_Term_Services" = Juniper Terminal Services Client ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 9/23/2013 10:45:56 AM | Computer Name = ARG.cbord.com | Source = Symantec AntiVirus | ID = 16711753 Description = SONAR has generated an error: code 1: description: Heuristic Scan or Load Failure Error - 9/23/2013 10:50:06 AM | Computer Name = ARG.cbord.com | Source = SignInAssistant | ID = 0 Description = Error - 9/23/2013 11:28:01 AM | Computer Name = ARG.cbord.com | Source = WinMgmt | ID = 10 Description = Error - 9/23/2013 11:33:11 AM | Computer Name = ARG.cbord.com | Source = Symantec AntiVirus | ID = 16711753 Description = SONAR has generated an error: code 1: description: Heuristic Scan or Load Failure Error - 9/23/2013 11:36:12 AM | Computer Name = ARG.cbord.com | Source = SignInAssistant | ID = 0 Description = Error - 9/23/2013 11:41:45 AM | Computer Name = ARG.cbord.com | Source = Symantec AntiVirus | ID = 16711754 Description = SONAR has generated an error: code 0: description: Definition Failure Error - 9/23/2013 12:24:15 PM | Computer Name = ARG.cbord.com | Source = WinMgmt | ID = 10 Description = Error - 9/23/2013 12:26:48 PM | Computer Name = ARG.cbord.com | Source = WinMgmt | ID = 10 Description = Error - 9/23/2013 12:30:06 PM | Computer Name = ARG.cbord.com | Source = Symantec AntiVirus | ID = 16711753 Description = SONAR has generated an error: code 1: description: Heuristic Scan or Load Failure Error - 9/23/2013 12:33:14 PM | Computer Name = ARG.cbord.com | Source = System Restore | ID = 8193 Description = [ System Events ] Error - 9/13/2013 8:54:27 AM | Computer Name = ARG.cbord.com | Source = Application Popup | ID = 1060 Description = \??\C:\Program Files (x86)\Symantec\SYMEVENT.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 9/13/2013 10:00:45 AM | Computer Name = ARG.cbord.com | Source = Application Popup | ID = 1060 Description = \??\C:\Program Files (x86)\Symantec\SYMEVENT.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 9/13/2013 10:00:45 AM | Computer Name = ARG.cbord.com | Source = Application Popup | ID = 1060 Description = \??\C:\Program Files (x86)\Symantec\SYMEVENT.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 9/13/2013 11:55:39 AM | Computer Name = ARG.cbord.com | Source = Application Popup | ID = 1060 Description = \??\C:\Program Files (x86)\Symantec\SYMEVENT.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 9/13/2013 11:55:39 AM | Computer Name = ARG.cbord.com | Source = Application Popup | ID = 1060 Description = \??\C:\Program Files (x86)\Symantec\SYMEVENT.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 9/13/2013 1:55:41 PM | Computer Name = ARG.cbord.com | Source = Application Popup | ID = 1060 Description = \??\C:\Program Files (x86)\Symantec\SYMEVENT.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 9/13/2013 1:55:41 PM | Computer Name = ARG.cbord.com | Source = Application Popup | ID = 1060 Description = \??\C:\Program Files (x86)\Symantec\SYMEVENT.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 9/13/2013 3:55:43 PM | Computer Name = ARG.cbord.com | Source = Application Popup | ID = 1060 Description = \??\C:\Program Files (x86)\Symantec\SYMEVENT.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 9/13/2013 3:55:43 PM | Computer Name = ARG.cbord.com | Source = Application Popup | ID = 1060 Description = \??\C:\Program Files (x86)\Symantec\SYMEVENT.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 9/13/2013 5:55:45 PM | Computer Name = ARG.cbord.com | Source = Application Popup | ID = 1060 Description = \??\C:\Program Files (x86)\Symantec\SYMEVENT.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. < End of report >
  7. tat2ddeviant
    Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2013.10.03.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16686 arg :: ARG [limited] Protection: Enabled 10/3/2013 9:02:47 AM mbam-log-2013-10-03 (09-02-47).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 239919 Time elapsed: 1 minute(s), 42 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 2 HKLM\SOFTWARE\Updater By SweetPacks (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Wow6432Node\Updater By SweetPacks (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) OTL logfile created on: 10/3/2013 9:07:13 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\arg\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16686) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.88 Gb Total Physical Memory | 5.61 Gb Available Physical Memory | 71.18% Memory free 15.75 Gb Paging File | 13.38 Gb Available in Paging File | 84.98% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 237.70 Gb Total Space | 135.98 Gb Free Space | 57.21% Space Free | Partition Type: NTFS Computer Name: ARG | User Name: arg | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2013/10/03 09:03:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\arg\Desktop\OTL.exe PRC - [2013/07/16 09:09:33 | 000,136,784 | ---- | M] (Cisco WebEx LLC) -- C:\Windows\SysWOW64\atashost.exe PRC - [2013/06/27 15:44:02 | 012,108,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Lync\communicator.exe PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2013/01/28 22:22:56 | 000,017,760 | ---- | M] (CREDANT Technologies, Inc.) -- C:\Program Files\CREDANT\CREDANT Manager\Credant.Manager.Loader.exe PRC - [2012/12/18 15:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/12/07 18:27:50 | 000,167,424 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2012/10/22 20:29:42 | 000,365,600 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe PRC - [2012/10/22 20:29:42 | 000,278,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe PRC - [2012/10/22 20:29:40 | 000,166,432 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe PRC - [2012/10/16 09:54:28 | 000,291,648 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2012/05/30 15:00:02 | 000,013,632 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2012/05/30 15:00:00 | 000,284,480 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe PRC - [2011/06/23 02:01:26 | 000,670,792 | ---- | M] (Juniper Networks) -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe PRC - [2011/06/17 16:31:22 | 000,137,224 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe PRC - [2011/04/25 02:24:16 | 000,726,976 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe PRC - [2011/04/25 02:22:40 | 000,305,088 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe PRC - [2009/12/21 08:00:50 | 000,081,920 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe PRC - [2009/02/04 21:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe PRC - [2007/06/14 20:43:20 | 000,538,112 | ---- | M] () -- C:\Program Files (x86)\OpenVPN\bin\openvpn.exe PRC - [2007/06/14 20:43:20 | 000,104,968 | ---- | M] () -- C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe ========== Modules (No Company Name) ========== MOD - [2013/09/23 14:59:39 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll MOD - [2013/09/19 21:19:52 | 000,489,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\812063380a132051c054f5ca865f322e\IAStorUtil.ni.dll MOD - [2013/09/19 21:19:52 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e218ecb21700f8ba41ec9d7415567388\IAStorCommon.ni.dll MOD - [2013/09/19 21:14:01 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\28ea347a952d20959ac6ae02d7457d39\System.Windows.Forms.ni.dll MOD - [2013/09/19 21:13:57 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll MOD - [2013/09/19 21:13:48 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1f6f220f9efe936d1158c79b9d4b451f\WindowsBase.ni.dll MOD - [2013/09/19 21:13:44 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll MOD - [2013/09/19 21:13:42 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8f7d83126a3cf283e5ac97f2d6d99f12\System.Configuration.ni.dll MOD - [2013/09/19 21:13:41 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll MOD - [2013/09/19 21:13:37 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll MOD - [2007/06/14 20:43:20 | 000,947,200 | ---- | M] () -- C:\Program Files (x86)\OpenVPN\bin\libeay32.dll MOD - [2007/06/14 20:43:20 | 000,538,112 | ---- | M] () -- C:\Program Files (x86)\OpenVPN\bin\openvpn.exe MOD - [2007/06/14 20:43:20 | 000,173,568 | ---- | M] () -- C:\Program Files (x86)\OpenVPN\bin\libssl32.dll MOD - [2007/06/14 20:43:20 | 000,104,968 | ---- | M] () -- C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe ========== Services (SafeList) ========== SRV:64bit: - [2013/01/28 22:22:56 | 001,854,304 | ---- | M] (CREDANT Technologies, Inc.) [Auto | Running] -- C:\Program Files\CREDANT\CREDANT Manager\Credant.Manager.exe -- (CredMgmtAgent) SRV:64bit: - [2013/01/28 22:22:56 | 000,017,760 | ---- | M] (CREDANT Technologies, Inc.) [Auto | Running] -- C:\Program Files\CREDANT\CREDANT Manager\Credant.Manager.Loader.exe -- (CredMgmtLoader) SRV:64bit: - [2012/08/23 17:05:12 | 003,342,640 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService) SRV:64bit: - [2012/08/23 17:04:28 | 000,272,688 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:64bit: - [2012/08/23 17:04:00 | 000,629,040 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:64bit: - [2012/08/23 17:03:14 | 000,149,296 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV:64bit: - [2012/08/15 17:38:04 | 002,280,504 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe -- (DFEPService) SRV:64bit: - [2012/07/27 11:54:18 | 000,636,952 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel® SRV:64bit: - [2012/02/13 12:20:00 | 000,313,856 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV) SRV:64bit: - [2011/12/02 14:03:00 | 001,043,872 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service) SRV:64bit: - [2011/12/02 14:03:00 | 000,036,768 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage) SRV:64bit: - [2011/11/16 15:47:22 | 000,244,328 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\o2flash.exe -- (O2FLASH) SRV:64bit: - [2011/11/09 18:38:06 | 000,189,608 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel® SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013/10/01 09:34:49 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/09/26 10:12:10 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/07/16 09:09:33 | 000,136,784 | ---- | M] (Cisco WebEx LLC) [Auto | Running] -- C:\Windows\SysWOW64\atashost.exe -- (atashost) SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/12/18 15:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/12/07 18:27:50 | 000,167,424 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2012/10/22 20:29:42 | 000,365,600 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012/10/22 20:29:42 | 000,278,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012/10/22 20:29:40 | 000,166,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service) SRV - [2012/05/30 15:00:02 | 000,013,632 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2012/05/11 10:42:24 | 001,643,520 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Security Innovation\SI TSS\bin\tcsd_win32.exe -- (tcsd_win32.exe) SRV - [2012/02/08 21:42:52 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2011/06/23 02:01:26 | 000,670,792 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService) SRV - [2011/06/17 16:31:26 | 002,591,232 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\Smc.exe -- (SmcService) SRV - [2011/06/17 16:31:26 | 000,324,528 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\snac64.exe -- (SNAC) SRV - [2011/06/17 16:31:22 | 000,137,224 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe -- (SepMasterService) SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/04/29 15:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService) SRV - [2007/06/14 20:43:20 | 000,016,384 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService) SRV - [2003/05/29 11:00:00 | 000,106,496 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\pcAnywhere\awhost32.exe -- (awhost32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2013/03/24 09:16:03 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2013/03/24 09:15:58 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2013/03/24 09:15:58 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2013/02/18 13:59:44 | 000,633,680 | ---- | M] (Paragon) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\Uim_IMx64.sys -- (Uim_IM) DRV:64bit: - [2013/02/18 13:59:44 | 000,090,960 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\uimx64.sys -- (UimBus) DRV:64bit: - [2013/02/18 13:59:42 | 000,390,352 | ---- | M] (Paragon) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\uim_vimx64.sys -- (Uim_VIM) DRV:64bit: - [2013/01/28 22:15:34 | 000,018,688 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\CredFltU.sys -- (CredFltU) DRV:64bit: - [2013/01/28 22:15:32 | 000,036,608 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\CredFltL.sys -- (CredFltL) DRV:64bit: - [2013/01/17 16:28:28 | 000,018,992 | ---- | M] (F5 Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urfltv64.sys -- (f5ipfw) DRV:64bit: - [2012/12/21 15:47:50 | 000,449,480 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012/12/07 18:27:50 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot) DRV:64bit: - [2012/11/07 06:21:52 | 000,099,192 | ---- | M] (Juniper Networks) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NEOFLTR_7113_22557.SYS -- (NEOFLTR_7113_22557) DRV:64bit: - [2012/10/16 09:53:20 | 000,791,608 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012/10/16 09:53:20 | 000,358,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012/10/16 09:53:20 | 000,020,024 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2012/10/09 19:48:52 | 000,035,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible) DRV:64bit: - [2012/10/09 19:48:52 | 000,025,528 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus) DRV:64bit: - [2012/10/09 19:48:50 | 000,188,896 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xHCIPort.sys -- (XHCIPort) DRV:64bit: - [2012/10/09 19:48:50 | 000,047,072 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usb3Hub.sys -- (usb3Hub) DRV:64bit: - [2012/09/30 02:24:08 | 011,523,072 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64) DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012/08/10 22:44:18 | 000,482,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) DRV:64bit: - [2012/07/13 01:56:32 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2012/05/30 17:42:10 | 000,569,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2012/05/21 02:54:04 | 000,068,208 | ---- | M] (STMicroelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ST_ACCEL.sys -- (ST_ACCEL) DRV:64bit: - [2012/04/06 00:15:42 | 000,045,776 | ---- | M] (F5 Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\covpnv64.sys -- (urvpndrv) DRV:64bit: - [2012/02/13 12:20:00 | 000,535,552 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2012/02/01 18:52:00 | 014,659,808 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011/12/06 09:23:08 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2011/12/05 12:51:16 | 000,045,672 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv) DRV:64bit: - [2011/12/02 14:03:12 | 000,015,976 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wbfcvusbdrv.sys -- (wbfcvusbdrv) DRV:64bit: - [2011/11/14 19:44:46 | 000,084,712 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys -- (O2SDJRDR) DRV:64bit: - [2011/07/16 00:31:22 | 000,022,128 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn) DRV:64bit: - [2011/06/23 01:28:04 | 000,032,768 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dsNcAdpt.sys -- (dsNcAdpt) DRV:64bit: - [2011/06/17 16:31:28 | 000,928,888 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\SEP\0C01029F\136B.105\x64\SymEFA64.sys -- (SymEFA) DRV:64bit: - [2011/06/17 16:31:28 | 000,451,192 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SEP\0C01029F\136B.105\x64\SymDS64.sys -- (SymDS) DRV:64bit: - [2011/06/17 16:31:28 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\SEP\0C01029F\136B.105\x64\symnets.sys -- (SYMNETS) DRV:64bit: - [2011/06/17 16:31:28 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C01029F\136B.105\x64\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2011/06/17 16:31:26 | 000,745,592 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C01029F\136B.105\x64\srtsp64.sys -- (SRTSP) DRV:64bit: - [2011/06/17 16:31:26 | 000,170,104 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C01029F\136B.105\x64\Ironx64.sys -- (SymIRON) DRV:64bit: - [2011/04/25 01:49:16 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm) DRV:64bit: - [2011/01/03 18:19:56 | 000,074,984 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\O2MDRw7x64.sys -- (O2MDRRDR) DRV:64bit: - [2011/01/03 16:04:44 | 000,072,808 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\o2mdfw7x64.sys -- (O2MDFRDR) DRV:64bit: - [2010/11/20 23:23:48 | 000,168,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc60.sys -- (netvsc) DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010/11/20 23:23:48 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusVideoM.sys -- (SynthVid) DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/11 01:11:52 | 000,141,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdserd.sys -- (sscdserd) DRV:64bit: - [2010/11/11 01:11:50 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm) DRV:64bit: - [2010/11/11 01:11:50 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) DRV:64bit: - [2010/11/11 01:11:50 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl) DRV:64bit: - [2010/11/06 22:24:34 | 000,024,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter) DRV:64bit: - [2010/09/10 18:22:16 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt) DRV:64bit: - [2009/11/02 06:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64) DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009/07/13 20:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan) DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/04/29 15:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio) DRV:64bit: - [2009/02/13 02:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV) DRV:64bit: - [2009/02/13 02:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL) DRV:64bit: - [2009/02/13 02:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf) DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM) DRV:64bit: - [2007/06/15 00:46:18 | 000,029,696 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901) DRV:64bit: - [2007/01/18 09:23:10 | 000,045,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RecFltr.sys -- (RecFltr) DRV:64bit: - [2006/06/18 10:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk) DRV - [2013/09/16 08:52:14 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20131002.022\ex64.sys -- (NAVEX15) DRV - [2013/09/16 08:52:14 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20131002.022\eng64.sys -- (NAVENG) DRV - [2013/08/27 08:21:33 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2013/07/19 14:47:08 | 000,073,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\SYMEVENT.SYS -- (SymEvent) DRV - [2013/05/31 13:00:16 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20130924.011\BHDrvx64.sys -- (BHDrvx64) DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008/11/14 02:11:42 | 000,020,512 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys -- (UltraMonUtility) DRV - [2003/04/21 14:08:44 | 000,010,901 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\AWLEGACY.sys -- (awlegacy) DRV - [2003/04/21 13:00:32 | 000,013,898 | R--- | M] (Symantec Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysWow64\drivers\GERNUWA.sys -- (Gernuwa) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6062D0A2-0C25-42D2-BDF1-BF9BBC8F666F} IE:64bit: - HKLM\..\SearchScopes\{6062D0A2-0C25-42D2-BDF1-BF9BBC8F666F}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDRJS IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{6062D0A2-0C25-42D2-BDF1-BF9BBC8F666F}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDRJS IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10045&barid={7E8E07B7-F654-11E2-8FF6-463500000031} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1358060857-1380795615-1237804090-2007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13-comm.msn.com IE - HKU\S-1-5-21-1358060857-1380795615-1237804090-2007\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://login.microsoftonline.com/ [binary data over 200 bytes] IE - HKU\S-1-5-21-1358060857-1380795615-1237804090-2007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://cbord.webex.com/mw0306ld/mywebex/default.do?siteurl=cbord IE - HKU\S-1-5-21-1358060857-1380795615-1237804090-2007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ IE - HKU\S-1-5-21-1358060857-1380795615-1237804090-2007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US IE - HKU\S-1-5-21-1358060857-1380795615-1237804090-2007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7F D6 A4 85 97 B8 CE 01 [binary data] IE - HKU\S-1-5-21-1358060857-1380795615-1237804090-2007\..\SearchScopes,DefaultScope = {6062D0A2-0C25-42D2-BDF1-BF9BBC8F666F} IE - HKU\S-1-5-21-1358060857-1380795615-1237804090-2007\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10045&barid={7E8E07B7-F654-11E2-8FF6-463500000031} IE - HKU\S-1-5-21-1358060857-1380795615-1237804090-2007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1358060857-1380795615-1237804090-2007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "https://timesaver.adp.com/i17/hw1s/TS/login.php" FF - prefs.js..extensions.enabledAddons: %7B5384767E-00D9-40E9-B72F-9CC39D655D6F%7D:1.4.2.1 FF - prefs.js..extensions.enabledAddons: foxmarks%40kei.com:4.2.1 FF - prefs.js..extensions.enabledAddons: tiletabs%40DW-dev:10.1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0 FF - prefs.js..keyword.URL: "http://start.sweetpacks.com/?src=2&st=12&crg=3.5000006.10045&barid={7E8E07B7-F654-11E2-8FF6-463500000031}&q=" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "https://timesaver.adp.com/i17/hw1s/TS/login.php" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/10/01 09:34:46 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/10/01 09:34:46 | 000,000,000 | ---D | M] [2013/04/22 11:05:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\arg\AppData\Roaming\mozilla\Extensions [2013/09/27 11:39:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\arg\AppData\Roaming\mozilla\Firefox\Profiles\x2rzjsox.default\extensions [2013/05/16 15:22:19 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\arg\AppData\Roaming\mozilla\Firefox\Profiles\x2rzjsox.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2013/05/21 15:28:08 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\arg\AppData\Roaming\mozilla\Firefox\Profiles\x2rzjsox.default\extensions\foxmarks@kei.com [2013/09/27 11:39:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\arg\AppData\Roaming\mozilla\Firefox\Profiles\x2rzjsox.default\extensions\staged [2013/08/23 20:29:45 | 000,119,969 | ---- | M] () (No name found) -- C:\Users\arg\AppData\Roaming\mozilla\firefox\profiles\x2rzjsox.default\extensions\tiletabs@DW-dev.xpi [2013/07/31 04:13:50 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\arg\AppData\Roaming\mozilla\firefox\profiles\x2rzjsox.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013/07/26 20:36:05 | 000,001,793 | ---- | M] () -- C:\Users\arg\AppData\Roaming\mozilla\firefox\profiles\x2rzjsox.default\searchplugins\Bing.xml [2013/07/28 04:00:19 | 000,001,720 | ---- | M] () -- C:\Users\arg\AppData\Roaming\mozilla\firefox\profiles\x2rzjsox.default\searchplugins\sweetim.xml [2013/10/01 09:34:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2013/10/01 09:34:49 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013/06/27 15:41:24 | 000,032,440 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll O1 HOSTS File: ([2013/07/11 13:47:35 | 000,002,129 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 10.1.1.12 fileserver01ny.cbord.com fileserver01ny O1 - Hosts: 10.1.1.11 fileserver02ny.cbord.com fileserver02ny O1 - Hosts: 10.1.1.12 cfs.cbord.com O1 - Hosts: 10.1.1.33 citrix.cbord.com citrix O1 - Hosts: 10.1.1.26 ssrs.cbord.com ssrs O1 - Hosts: 10.1.1.100 email.cbord.com email O1 - Hosts: 10.1.1.101 exchange01ny.cbord.com exchange01ny O1 - Hosts: 10.1.1.102 exchange02ny.cbord.com exchange02ny O1 - Hosts: 10.1.1.114 ares.cbord.com ares O1 - Hosts: 10.1.1.158 clear.cbord.com clear O1 - Hosts: 10.1.1.159 eclear.cbord.com eclear O1 - Hosts: 10.1.1.85 dc01ny.cbord.com dc01ny O1 - Hosts: 10.1.1.55 dc02ny.cbord.com dc02ny O1 - Hosts: 10.1.1.16 source.cbord.com source O1 - Hosts: 10.1.6.3 vulcan.cbord.com vulcan O1 - Hosts: 10.1.1.171 fd2.cbord.com fd2 O1 - Hosts: 10.1.1.78 fd8.cbord.com fd8 O1 - Hosts: 10.1.1.17 fms-auto-build.cbord.com fms-auto-build O1 - Hosts: 10.1.20.131 fit-dotnet.cbord.com fit-dotnet O1 - Hosts: 10.1.1.71 share.cbord.com share O1 - Hosts: 10.1.1.72 share.cbord.com share O1 - Hosts: 10.1.1.150 im.cbord.com im O1 - Hosts: 10.1.1.149 im01.cbord.com im01 O1 - Hosts: 10.1.0.225 confluence.cbord.com confluence O1 - Hosts: 32 more lines... O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [DFEPApplication] C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe (Dell Inc.) O4:64bit: - HKLM..\Run: [Greenshot] C:\Program Files\Greenshot\Greenshot.exe (Greenshot) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [intelPROSet] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Communicator] C:\Program Files (x86)\Microsoft Lync\communicator.exe (Microsoft Corporation) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [uSB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1358060857-1380795615-1237804090-2007..\Run: [synergy Client] "C:\Program Files\Synergy\synergyc.exe" --no-daemon --debug WARNING --name ARG 192.168.1.51:24800 File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk = File not found O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk = File not found O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-21-1358060857-1380795615-1237804090-2007\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-21-1358060857-1380795615-1237804090-2007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1358060857-1380795615-1237804090-2007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoReadingPane = 1 O9 - Extra Button: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-1358060857-1380795615-1237804090-2007\..Trusted Domains: cbord.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-1358060857-1380795615-1237804090-2007\..Trusted Domains: cbord.com ([share] https in Local intranet) O15 - HKU\S-1-5-21-1358060857-1380795615-1237804090-2007\..Trusted Domains: dynamics.com ([*.crm] * in Trusted sites) O15 - HKU\S-1-5-21-1358060857-1380795615-1237804090-2007\..Trusted Domains: live.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-1358060857-1380795615-1237804090-2007\..Trusted Domains: salesforce.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-1358060857-1380795615-1237804090-2007\..Trusted Domains: sharepoint.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-1358060857-1380795615-1237804090-2007\..Trusted Domains: webex.com ([]* in Trusted sites) O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} C:\Users\arg\AppData\Local\Temp\f5tmp\urxvpn.cab (F5 Networks VPN Manager) O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} C:\Users\arg\AppData\Local\Temp\f5tmp\f5tunsrv.cab (F5 Networks Dynamic Application Tunnel Control) O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} C:\Users\arg\AppData\Local\Temp\IXP000.TMP\InstallerControl.cab#-1,-1,-1,-1 (F5 Networks Auto Update) O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} C:\Users\arg\AppData\Local\Temp\f5tmp\urxshost.cab (F5 Networks SuperHost Class) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://cbord.webex.com/client/T27LB/support/ieatgpc1.cab (GpcContainer Class) O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} C:\Users\arg\AppData\Local\Temp\f5tmp\urxhost.cab (F5 Networks Host Control) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://sslvpn.coloradocollege.edu/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.85 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cbord.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21EF0F4B-D0D6-4AE5-926B-46BFDFBDA3AF}: DhcpNameServer = 10.1.1.85 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B4FD816-0B32-42C3-8764-1BAA07E0A3B2}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2E84BB2-B7C1-445F-BD17-12AF6F2A56CD}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found O18:64bit: - Protocol\Filter\ica - No CLSID value found O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\PCANotify: DllName - (PCANotify.dll) - C:\Windows\SysWow64\PCANotify.dll (Symantec Corporation) O20 - Winlogon\Notify\SEP: DllName - (C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\WinLogoutNotifier.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{5c5f710c-bf9f-11e2-86f9-74867a6cbe19}\Shell - "" = AutoRun O33 - MountPoints2\{5c5f710c-bf9f-11e2-86f9-74867a6cbe19}\Shell\AutoRun\command - "" = F:\TL-Bootstrap.exe O33 - MountPoints2\{79520f59-0160-11e3-b7c1-463500000031}\Shell - "" = AutoRun O33 - MountPoints2\{79520f59-0160-11e3-b7c1-463500000031}\Shell\AutoRun\command - "" = F:\TL-Bootstrap.exe O33 - MountPoints2\{79520f5a-0160-11e3-b7c1-463500000031}\Shell - "" = AutoRun O33 - MountPoints2\{79520f5a-0160-11e3-b7c1-463500000031}\Shell\AutoRun\command - "" = E:\HTC_Sync_Manager_PC.exe O33 - MountPoints2\{e9c363b6-adf1-11e2-8588-74867a6cbe19}\Shell - "" = AutoRun O33 - MountPoints2\{e9c363b6-adf1-11e2-8588-74867a6cbe19}\Shell\AutoRun\command - "" = I:\TLBootstrap_WPP.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/10/03 09:03:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\arg\Desktop\OTL.exe [2013/10/01 12:30:48 | 000,589,896 | ---- | C] (Juniper Networks) -- C:\Windows\SysNative\dsNcSmartCardProv.dll [2013/10/01 12:30:48 | 000,421,448 | ---- | C] (Juniper Networks) -- C:\Windows\SysNative\dsNcCredProv.dll [2013/10/01 09:34:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013/09/23 22:35:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Resource Kits [2013/09/23 22:31:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable) [2013/09/23 22:30:29 | 000,000,000 | ---D | C] -- C:\Users\arg\Desktop\mbar [2013/09/23 22:08:40 | 000,000,000 | ---D | C] -- C:\Users\arg\AppData\Roaming\Greenshot [2013/09/23 22:08:40 | 000,000,000 | ---D | C] -- C:\Users\arg\AppData\Local\Greenshot [2013/09/23 22:08:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greenshot [2013/09/23 22:08:36 | 000,000,000 | ---D | C] -- C:\Program Files\Greenshot [2013/09/23 21:24:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013/09/23 21:24:20 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013/09/23 21:24:19 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013/09/23 21:24:19 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013/09/23 15:24:52 | 000,000,000 | -HSD | C] -- C:\$$PendingFiles [2013/09/23 13:17:31 | 000,000,000 | ---D | C] -- C:\Users\arg\Desktop\Mail Archive [2013/09/23 12:29:13 | 000,000,000 | ---D | C] -- C:\Users\arg\AppData\Roaming\Malwarebytes [2013/09/23 12:29:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/09/23 12:29:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2013/09/23 12:29:09 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013/09/23 12:29:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/09/23 12:29:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/09/23 11:50:10 | 000,099,192 | ---- | C] (Juniper Networks) -- C:\Windows\SysNative\drivers\NEOFLTR_7113_22557.SYS [2013/09/23 11:50:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Juniper Networks [2013/09/23 11:49:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Juniper Networks [2013/09/23 11:46:00 | 000,000,000 | ---D | C] -- C:\Users\arg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Juniper Networks [2013/09/23 11:45:37 | 000,000,000 | ---D | C] -- C:\Users\arg\AppData\Roaming\Juniper Networks [2013/09/23 10:57:56 | 000,000,000 | ---D | C] -- C:\Users\arg\AppData\Local\ElevatedDiagnostics [2013/09/23 10:28:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinMerge [2013/09/23 10:28:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinMerge [2013/09/22 04:08:54 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur [2013/09/16 12:45:23 | 000,000,000 | ---D | C] -- C:\Users\arg\AppData\Roaming\KiTTY [2013/09/16 09:41:56 | 000,000,000 | ---D | C] -- C:\Users\arg\AppData\Roaming\FileZilla [2013/09/16 09:41:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client [2013/09/16 09:41:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client [2013/09/16 04:07:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT [2013/09/13 14:22:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle [2013/09/13 14:22:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013/09/13 14:22:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013/09/13 14:20:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java [2013/09/13 14:20:05 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013/09/11 10:41:16 | 000,000,000 | ---D | C] -- C:\_OCA [2013/09/06 12:39:44 | 000,000,000 | ---D | C] -- C:\Users\arg\AppData\Roaming\Free-PDF-to-Word.com [2013/09/05 04:56:15 | 000,000,000 | ---D | C] -- C:\Users\arg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Logitech Touch Mouse Server [2013/09/05 04:56:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech Touch Mouse Server [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/10/03 09:03:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\arg\Desktop\OTL.exe [2013/10/03 05:55:28 | 000,131,072 | -HS- | M] () -- C:\CredSED.dat [2013/10/02 12:20:21 | 000,000,067 | ---- | M] () -- C:\Windows\synergy.sgc [2013/10/01 21:22:09 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/10/01 21:22:09 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/10/01 21:19:13 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/10/01 21:19:13 | 000,660,318 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/10/01 21:19:13 | 000,121,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/10/01 21:14:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/10/01 21:14:51 | 2047,963,135 | -HS- | M] () -- C:\hiberfil.sys [2013/10/01 12:42:03 | 000,000,054 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.SDY [2013/10/01 12:41:58 | 000,002,278 | -H-- | M] () -- C:\Users\arg\Documents\Default.rdp [2013/09/27 20:12:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/09/25 11:39:30 | 000,005,506 | RHS- | M] () -- C:\Users\arg\ntuser.pol [2013/09/23 22:37:05 | 000,000,298 | ---- | M] () -- C:\Users\arg\Desktop\fix.cmd [2013/09/23 21:24:28 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013/09/23 15:02:35 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013/09/23 15:02:34 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013/09/23 13:34:58 | 000,000,542 | ---- | M] () -- C:\Users\arg\Desktop\SiteLogins.lnk [2013/09/23 12:45:46 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/09/22 16:41:38 | 007,556,660 | ---- | M] () -- C:\Users\arg\Desktop\X1222USB_X1832USB_P0A0I_OI_EN_ES_FR.pdf [2013/09/19 21:10:35 | 000,418,768 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/09/16 09:41:52 | 000,002,006 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk [2013/09/16 04:05:23 | 000,773,050 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/09/23 22:37:05 | 000,000,298 | ---- | C] () -- C:\Users\arg\Desktop\fix.cmd [2013/09/23 21:24:28 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013/09/23 20:34:28 | 000,002,585 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UltraMon.lnk [2013/09/23 15:02:35 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013/09/23 15:02:34 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013/09/23 13:34:58 | 000,000,542 | ---- | C] () -- C:\Users\arg\Desktop\SiteLogins.lnk [2013/09/23 12:45:46 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/09/22 16:39:55 | 007,556,660 | ---- | C] () -- C:\Users\arg\Desktop\X1222USB_X1832USB_P0A0I_OI_EN_ES_FR.pdf [2013/09/16 09:41:52 | 000,002,006 | ---- | C] () -- C:\Users\Public\Desktop\FileZilla Client.lnk [2013/09/01 18:52:33 | 000,000,037 | -HS- | C] () -- C:\Users\arg\AppData\Local\70149b02515b3bb20dd492.47983420 [2013/06/13 16:08:11 | 000,000,000 | ---- | C] () -- C:\Windows\f5unistall.INI [2013/05/17 20:43:51 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2013/05/17 20:43:51 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2013/05/17 20:43:51 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll [2013/05/17 20:43:51 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2013/05/17 20:43:49 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2013/04/26 12:05:53 | 000,121,681 | ---- | C] () -- C:\Windows\File Renamer - Basic Uninstaller.exe [2013/04/22 09:06:58 | 000,005,506 | RHS- | C] () -- C:\Users\arg\ntuser.pol [2013/04/03 12:18:07 | 000,029,522 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2013/03/24 09:10:11 | 000,735,796 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin [2013/03/24 09:10:10 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin [2013/03/24 09:10:08 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2013/03/24 09:10:06 | 013,007,360 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll [2012/07/27 11:36:58 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2013/03/24 09:16:00 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{8a6d475c-e0e7-6dd4-bee6-d26a961e4324}\L [2013/06/11 01:35:54 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{8a6d475c-e0e7-6dd4-bee6-d26a961e4324}\U [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013/04/03 10:02:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ICAClient [2013/04/03 10:03:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Wave Systems Corp [2013/04/23 17:12:12 | 000,000,000 | ---D | M] -- C:\Users\arg\AppData\Roaming\AusLogics [2013/10/03 01:10:17 | 000,000,000 | ---D | M] -- C:\Users\arg\AppData\Roaming\FileZilla [2013/09/06 12:39:44 | 000,000,000 | ---D | M] -- C:\Users\arg\AppData\Roaming\Free-PDF-to-Word.com [2013/09/23 22:08:40 | 000,000,000 | ---D | M] -- C:\Users\arg\AppData\Roaming\Greenshot [2013/04/22 12:25:50 | 000,000,000 | ---D | M] -- C:\Users\arg\AppData\Roaming\Helios [2013/07/26 09:14:57 | 000,000,000 | ---D | M] -- C:\Users\arg\AppData\Roaming\HTC [2013/09/23 15:23:02 | 000,000,000 | ---D | M] -- C:\Users\arg\AppData\Roaming\ICAClient [2013/10/01 12:30:50 | 000,000,000 | ---D | M] -- C:\Users\arg\AppData\Roaming\Juniper Networks [2013/09/16 12:46:41 | 000,000,000 | ---D | M] -- C:\Users\arg\AppData\Roaming\KiTTY [2013/09/27 18:45:24 | 000,000,000 | ---D | M] -- C:\Users\arg\AppData\Roaming\Mp3tag [2013/05/27 16:21:24 | 000,000,000 | ---D | M] -- C:\Users\arg\AppData\Roaming\SystemRequirementsLab [2013/09/23 12:26:09 | 000,000,000 | ---D | M] -- C:\Users\arg\AppData\Roaming\uTorrent [2013/06/14 14:53:38 | 000,000,000 | ---D | M] -- C:\Users\arg\AppData\Roaming\webex [2013/05/18 16:48:44 | 000,000,000 | ---D | M] -- C:\Users\arg\AppData\Roaming\WindSolutions ========== Purity Check ========== < End of report >
  8. tat2ddeviant
    Elaborating on host file hijacks. Those are from a (currently connected) VPN connection.
  9. tat2ddeviant
    Hi Borislav. Here are the requested log files: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16686 BrowserJavaVersion: 10.40.2 Run by arg at 8:31:14 on 2013-10-03 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8065.5200 [GMT -4:00] . AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\System32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\svchost.exe -k NetworkService C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\CREDANT\CREDANT Manager\Credant.Manager.Loader.exe C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Windows\system32\svchost.exe -k HsfXAudioService C:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Windows\system32\IProsetMonitor.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\o2flash.exe C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\Explorer.EXE C:\Windows\system32\wbem\WmiApSrv.exe C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe C:\Program Files\CREDANT\CREDANT Manager\Credant.Manager.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe C:\Program Files\DellTPad\Apoint.exe C:\Program Files\Greenshot\Greenshot.exe C:\Program Files\UltraMon\UltraMon.exe C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe C:\Program Files\UltraMon\UltraMonTaskbar.exe C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\Smc.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\DellTPad\Apntex.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Citrix\ICA Client\concentr.exe C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe C:\Program Files\UltraMon\UltraMonUiAcc.exe C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Windows\SysWOW64\atashost.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wuauclt.exe C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe C:\Program Files (x86)\OpenVPN\bin\openvpn.exe C:\Program Files (x86)\Microsoft Lync\communicator.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Program Files\Microsoft Lync\UcMapi64.exe C:\Program Files\Synergy\synergyc.exe C:\Program Files (x86)\Logitech Touch Mouse Server\iTouch-Server-Win.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe C:\PROGRA~2\WINZIP\winzip32.exe C:\Program Files (x86)\TextPad 7\TextPad.exe C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll uRun: [synergy Client] "C:\Program Files\Synergy\synergyc.exe" --no-daemon --debug WARNING --name ARG 192.168.1.51:24800 mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript mRun: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\UltraMon.lnk - C:\Windows\Installer\{537056B7-32A4-4408-9B54-0341963C7C9C}\IcoUltraMon.ico uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 uPolicies-Explorer: NoReadingPane = dword:1 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll Trusted Zone: cbord.com Trusted Zone: live.com Trusted Zone: salesforce.com Trusted Zone: sharepoint.com Trusted Zone: webex.com DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - C:\Users\arg\AppData\Local\Temp\f5tmp\urxvpn.cab DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - C:\Users\arg\AppData\Local\Temp\f5tmp\f5tunsrv.cab DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - C:\Users\arg\AppData\Local\Temp\IXP000.TMP\InstallerControl.cab#-1,-1,-1,-1 DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - C:\Users\arg\AppData\Local\Temp\f5tmp\urxshost.cab DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - C:\Users\arg\AppData\Local\Temp\f5tmp\urxhost.cab TCP: NameServer = 10.1.1.85 TCP: Interfaces\{21EF0F4B-D0D6-4AE5-926B-46BFDFBDA3AF} : DHCPNameServer = 10.1.1.85 TCP: Interfaces\{4B4FD816-0B32-42C3-8764-1BAA07E0A3B2} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{4B4FD816-0B32-42C3-8764-1BAA07E0A3B2}\35F6D6D656273456E6475627 : DHCPNameServer = 10.3.11.8 10.3.11.9 TCP: Interfaces\{4B4FD816-0B32-42C3-8764-1BAA07E0A3B2}\3626F62746D2770716 : DHCPNameServer = 10.1.1.85 10.1.1.91 TCP: Interfaces\{C2E84BB2-B7C1-445F-BD17-12AF6F2A56CD} : DHCPNameServer = 192.168.1.1 Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll Notify: PCANotify - PCANotify.dll Notify: SEP - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\WinLogoutNotifier.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [intelPROSet] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PROSet/Wireless x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [DFEPApplication] C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe x64-Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices x64-Run: [Greenshot] C:\Program Files\Greenshot\Greenshot.exe x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL Hosts: 10.1.1.12 fileserver01ny.cbord.com fileserver01ny Hosts: 10.1.1.11 fileserver02ny.cbord.com fileserver02ny Hosts: 10.1.1.12 cfs.cbord.com Hosts: 10.1.1.33 citrix.cbord.com citrix Hosts: 10.1.1.26 ssrs.cbord.com ssrs . Note: multiple HOSTS entries found. Please refer to Attach.txt . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\arg\AppData\Roaming\Mozilla\Firefox\Profiles\x2rzjsox.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - Google FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\arg\AppData\Roaming\Mozilla\plugins\npatgpc.dll FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R0 CredFltL;CredFltL;C:\Windows\System32\drivers\CredFltL.sys [2013-1-28 36608] R0 CredFltU;CredFltU;C:\Windows\System32\drivers\CredFltU.sys [2013-1-28 18688] R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-3-24 20024] R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2013-3-24 22128] R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\SEP\0C01029F\136B.105\x64\SymDS64.sys [2011-6-17 451192] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\SEP\0C01029F\136B.105\x64\SymEFA64.sys [2011-6-17 928888] R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2011-4-25 87600] R1 NEOFLTR_7113_22557;Juniper Networks TDI Filter Driver (NEOFLTR_7113_22557);C:\Windows\System32\drivers\NEOFLTR_7113_22557.SYS [2013-9-23 99192] R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\SEP\0C01029F\136B.105\x64\Ironx64.sys [2011-6-17 170104] R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2013-4-3 136784] R2 Credential Vault Host Control Service;Credential Vault Host Control Service;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2011-12-2 1043872] R2 Credential Vault Host Storage;Credential Vault Host Storage;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2011-12-2 36768] R2 CredMgmtAgent;CREDANT Manager Agent;C:\Program Files\CREDANT\CREDANT Manager\Credant.Manager.exe [2013-1-28 1854304] R2 CredMgmtLoader;CREDANT Manager Loader;C:\Program Files\CREDANT\CREDANT Manager\Credant.Manager.Loader.exe [2013-1-28 17760] R2 DFEPService;Dell Feature Enhancement Pack Service;C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2012-8-15 2280504] R2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-13 27136] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-3-24 13632] R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-7-27 636952] R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2013-3-24 189608] R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-3-24 166432] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-9-23 418376] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-9-23 701512] R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-12-7 167424] R2 SepMasterService;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe [2011-6-17 137224] R2 UltraMonUtility;UltraMon Utility Driver;C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-3-24 365600] R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-8-23 3342640] R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2013-3-24 292864] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2013-3-24 176096] R3 cvusbdrv;Dell ControlVault;C:\Windows\System32\drivers\cvusbdrv.sys [2013-3-24 45672] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-3-24 331264] R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-3-24 358456] R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-3-24 791608] R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2012-10-9 25528] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-9-23 25928] R3 O2SDJRDR;O2SDJRDR;C:\Windows\System32\drivers\o2sdjw7x64.sys [2013-3-24 84712] R3 ST_ACCEL;STMicroelectronics Accelerometer Service;C:\Windows\System32\drivers\ST_ACCEL.sys [2013-3-24 68208] R3 urvpndrv;F5 Networks VPN Adapter;C:\Windows\System32\drivers\covpnv64.sys [2012-4-6 45776] R3 usb3Hub;USB-IF USB 3.0 Hub;C:\Windows\System32\drivers\usb3Hub.sys [2012-10-9 47072] R3 XHCIPort;USB-IF xHCI USB Host Controller;C:\Windows\System32\drivers\xHCIPort.sys [2012-10-9 188896] S1 BHDrvx64;BHDrvx64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20130924.011\BHDrvx64.sys [2013-10-2 1393240] S1 SYMNETS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\SEP\0C01029F\136B.105\x64\symnets.sys [2011-6-17 386168] S1 Uim_VIM;UIM Virtual Image Plugin;C:\Windows\System32\drivers\uim_vimx64.sys [2013-2-18 390352] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408] S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168] S3 f5ipfw;F5 Networks StoneWall Filter;C:\Windows\System32\drivers\urfltv64.sys [2013-6-13 18992] S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2013-5-18 33736] S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2012-12-7 36928] S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2012-10-9 35256] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-8-23 272688] S3 netvsc;netvsc;C:\Windows\System32\drivers\netvsc60.sys [2010-11-21 168448] S3 O2MDFRDR;O2MDFRDR;C:\Windows\System32\drivers\o2mdfw7x64.sys [2013-3-24 72808] S3 O2MDRRDR;O2MDRRDR;C:\Windows\System32\drivers\O2MDRw7x64.sys [2013-3-24 74984] S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440] S3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2013-5-18 24176] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-4-3 19456] S3 RecFltr;Reclusa Keyboard;C:\Windows\System32\drivers\RecFltr.sys [2007-1-18 45440] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136] S3 SynthVid;SynthVid;C:\Windows\System32\drivers\VMBusVideoM.sys [2010-11-21 22528] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-4-3 57856] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-4-3 30208] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-4-3 1255736] S3 wbfcvusbdrv;WBF Control Vault;C:\Windows\System32\drivers\wbfcvusbdrv.sys [2011-12-2 15976] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464] S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== File Associations =============== . FileExt: .txt: Applications\TextPad.exe="C:\Program Files (x86)\TextPad 7\TextPad.exe" -s "%1" [userChoice] . =============== Created Last 30 ================ . 2013-10-01 16:30:48 589896 ----a-w- C:\Windows\System32\dsNcSmartCardProv.dll 2013-10-01 16:30:48 421448 ----a-w- C:\Windows\System32\dsNcCredProv.dll 2013-09-24 02:35:39 -------- d-----w- C:\Program Files (x86)\Windows Resource Kits 2013-09-24 02:31:07 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-09-24 02:08:40 -------- d-----w- C:\Users\arg\AppData\Roaming\Greenshot 2013-09-24 02:08:40 -------- d-----w- C:\Users\arg\AppData\Local\Greenshot 2013-09-24 02:08:36 -------- d-----w- C:\Program Files\Greenshot 2013-09-24 01:24:27 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys 2013-09-24 01:24:20 -------- d-----w- C:\Program Files\iPod 2013-09-24 01:24:19 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-09-24 01:24:19 -------- d-----w- C:\Program Files\iTunes 2013-09-23 19:24:52 -------- d-sh--w- C:\$$PendingFiles 2013-09-23 18:53:56 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys 2013-09-23 16:29:13 -------- d-----w- C:\Users\arg\AppData\Roaming\Malwarebytes 2013-09-23 16:29:10 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2013-09-23 16:29:09 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-09-23 16:29:09 -------- d-----w- C:\ProgramData\Malwarebytes 2013-09-23 16:29:09 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-09-23 15:50:10 99192 ----a-w- C:\Windows\System32\drivers\NEOFLTR_7113_22557.SYS 2013-09-23 15:49:48 -------- d-----w- C:\Program Files (x86)\Juniper Networks 2013-09-23 15:45:37 -------- d-----w- C:\Users\arg\AppData\Roaming\Juniper Networks 2013-09-23 14:57:56 -------- d-----w- C:\Users\arg\AppData\Local\ElevatedDiagnostics 2013-09-23 14:28:36 -------- d-----w- C:\Program Files (x86)\WinMerge 2013-09-22 08:08:54 -------- d-----w- C:\Windows\CheckSur 2013-09-19 14:59:46 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2013-09-19 14:59:46 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys 2013-09-19 14:59:46 144384 ----a-w- C:\Windows\System32\cdd.dll 2013-09-19 14:59:23 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2013-09-19 14:59:23 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2013-09-19 14:59:23 139776 ----a-w- C:\Windows\System32\cryptnet.dll 2013-09-19 14:59:23 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2013-09-19 14:59:21 224256 ----a-w- C:\Windows\System32\wintrust.dll 2013-09-19 14:59:21 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll 2013-09-19 14:59:21 1472512 ----a-w- C:\Windows\System32\crypt32.dll 2013-09-19 14:59:21 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll 2013-09-19 14:58:20 111448 ----a-w- C:\Windows\System32\consent.exe 2013-09-19 14:58:18 70144 ----a-w- C:\Windows\System32\appinfo.dll 2013-09-19 14:58:17 1930752 ----a-w- C:\Windows\System32\authui.dll 2013-09-19 14:58:17 1796096 ----a-w- C:\Windows\SysWow64\authui.dll 2013-09-19 14:57:40 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll 2013-09-19 14:57:40 230400 ----a-w- C:\Windows\System32\wwansvc.dll 2013-09-19 14:57:01 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2013-09-19 14:55:53 624128 ----a-w- C:\Windows\System32\qedit.dll 2013-09-19 14:55:53 509440 ----a-w- C:\Windows\SysWow64\qedit.dll 2013-09-19 14:55:46 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys 2013-09-19 14:55:37 3155456 ----a-w- C:\Windows\System32\win32k.sys 2013-09-19 14:55:04 751104 ----a-w- C:\Windows\System32\win32spl.dll 2013-09-19 14:55:04 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll 2013-09-16 16:45:23 -------- d-----w- C:\Users\arg\AppData\Roaming\KiTTY 2013-09-16 08:07:29 -------- d-----w- C:\Windows\System32\MRT 2013-09-13 18:22:36 -------- d-----w- C:\ProgramData\Oracle 2013-09-13 18:22:17 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-09-13 18:20:10 973736 ----a-w- C:\Windows\System32\deployJava1.dll 2013-09-13 18:20:10 1095080 ----a-w- C:\Windows\System32\npDeployJava1.dll 2013-09-13 18:20:08 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll 2013-09-11 14:41:16 -------- d-----w- C:\_OCA 2013-09-06 16:39:44 -------- d-----w- C:\Users\arg\AppData\Roaming\Free-PDF-to-Word.com 2013-09-05 08:56:15 -------- d-----w- C:\Program Files (x86)\Logitech Touch Mouse Server . ==================== Find3M ==================== . 2013-09-26 14:12:10 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-09-26 14:12:10 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-09-13 18:22:15 868264 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-09-13 18:22:15 790440 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-08-02 02:23:53 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-08-02 02:15:44 1732032 ----a-w- C:\Windows\System32\ntdll.dll 2013-08-02 02:15:03 362496 ----a-w- C:\Windows\System32\wow64win.dll 2013-08-02 02:15:03 243712 ----a-w- C:\Windows\System32\wow64.dll 2013-08-02 02:15:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll 2013-08-02 02:14:11 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll 2013-08-02 01:59:30 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-08-02 01:59:30 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-08-02 01:51:23 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll 2013-08-02 01:50:42 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe 2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe 2013-08-02 00:45:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2013-08-02 00:45:36 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2013-08-02 00:45:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2013-08-02 00:45:34 2048 ----a-w- C:\Windows\SysWow64\user.exe 2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2013-07-26 13:14:53 5 ----a-w- C:\Windows\SysWow64\lMMLDeleteUserData42107612FX.tmp 2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL 2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL 2013-07-19 18:47:08 83208 ----a-w- C:\Windows\SysWow64\S32EVNT1.DLL 2013-07-19 18:47:08 73496 ----a-w- C:\Windows\SysWow64\drivers\SYMEVENT.SYS 2013-07-19 18:47:08 124167 ----a-w- C:\Windows\SysWow64\SYMEVNT.386 2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll 2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2013-07-16 13:09:33 219216 ----a-w- C:\Windows\SysWow64\atsckernel.exe 2013-07-16 13:09:33 136784 ----a-w- C:\Windows\SysWow64\atashost.exe 2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll 2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll 2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys . ============= FINISH: 8:31:25.90 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume2 Install Date: 4/2/2013 2:34:57 PM System Uptime: 10/1/2013 9:14:43 PM (35 hours ago) . Motherboard: Dell Inc. | | 0CPWYR Processor: Intel® Core i5-3230M CPU @ 2.60GHz | SOCKET 0 | 2601/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 238 GiB total, 135.978 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft Virtual WiFi Miniport Adapter Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&424B243&0&01 Manufacturer: Microsoft Name: Microsoft Virtual WiFi Miniport Adapter PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&424B243&0&01 Service: vwifimp . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: Symantec Network Security WFP Driver Device ID: ROOT\LEGACY_SYMNETS\0000 Manufacturer: Name: Symantec Network Security WFP Driver PNP Device ID: ROOT\LEGACY_SYMNETS\0000 Service: SYMNETS . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: BHDrvx64 Device ID: ROOT\LEGACY_BHDRVX64\0000 Manufacturer: Name: BHDrvx64 PNP Device ID: ROOT\LEGACY_BHDRVX64\0000 Service: BHDrvx64 . ==== System Restore Points =================== . RP88: 9/23/2013 6:24:09 PM - Windows Update RP89: 9/23/2013 8:23:56 PM - Windows Update RP90: 9/23/2013 8:42:57 PM - Windows Update RP91: 9/23/2013 9:23:18 PM - Installed iTunes RP92: 9/23/2013 10:35:26 PM - Installed Windows Resource Kit Tools - SubInAcl.exe RP93: 9/23/2013 10:44:18 PM - Windows Update RP94: 9/23/2013 10:59:57 PM - Windows Update RP95: 9/23/2013 11:05:56 PM - Windows Update RP96: 9/24/2013 9:11:58 PM - Windows Update RP97: 9/30/2013 4:00:10 AM - Windows Update RP98: 9/30/2013 5:23:46 PM - Windows Update . ==== Hosts File Hijack ====================== . Hosts: 10.1.1.12 fileserver01ny.cbord.com fileserver01ny Hosts: 10.1.1.11 fileserver02ny.cbord.com fileserver02ny Hosts: 10.1.1.12 cfs.cbord.com Hosts: 10.1.1.33 citrix.cbord.com citrix Hosts: 10.1.1.26 ssrs.cbord.com ssrs Hosts: 10.1.1.100 email.cbord.com email Hosts: 10.1.1.101 exchange01ny.cbord.com exchange01ny Hosts: 10.1.1.102 exchange02ny.cbord.com exchange02ny Hosts: 10.1.1.114 ares.cbord.com ares Hosts: 10.1.1.158 clear.cbord.com clear Hosts: 10.1.1.159 eclear.cbord.com eclear Hosts: 10.1.1.85 dc01ny.cbord.com dc01ny Hosts: 10.1.1.55 dc02ny.cbord.com dc02ny Hosts: 10.1.1.16 source.cbord.com source Hosts: 10.1.6.3 vulcan.cbord.com vulcan Hosts: 10.1.1.171 fd2.cbord.com fd2 Hosts: 10.1.1.78 fd8.cbord.com fd8 Hosts: 10.1.1.17 fms-auto-build.cbord.com fms-auto-build Hosts: 10.1.20.131 fit-dotnet.cbord.com fit-dotnet Hosts: 10.1.1.71 share.cbord.com share Hosts: 10.1.1.72 share.cbord.com share Hosts: 10.1.1.150 im.cbord.com im Hosts: 10.1.1.149 im01.cbord.com im01 Hosts: 10.1.0.225 confluence.cbord.com confluence Hosts: 10.1.1.129 webtimesheet.cbord.com webtimesheet Hosts: 10.1.1.172 wwwhis.cbord.com wwwhis Hosts: 10.1.1.127 delphi.cbord.com delphi Hosts: 10.1.1.62 hades.cbord.com hades Hosts: 10.1.1.76 intranet.cbord.com Hosts: 10.1.1.34 merlin.cbord.com merlin Hosts: 10.1.1.14 symposium.cbord.com symposium Hosts: 10.1.1.111 echo.cbord.com echo Hosts: 172.17.1.41 getadmin.ugryd.com Hosts: 10.3.1.35 tps-ody-build.cbord.com Hosts: 172.31.1.234 gopher.services.local gopher Hosts: 172.31.1.121 wsusup.services.local wsusup Hosts: 172.31.1.21 hostsvcs1.services.local Hosts: 172.31.1.22 hostsvcs2.services.local Hosts: 172.31.1.24 hostsvcs4.services.local Hosts: 172.31.1.25 hostsvcs5.services.local Hosts: 172.31.1.26 hostsvcs6.services.local Hosts: 172.31.1.27 hostsvcs7.services.local Hosts: 172.31.1.28 hostsvcs8.services.local Hosts: 172.31.1.29 hostsvcs9.services.local Hosts: 172.31.1.30 hostsvcs10.services.local Hosts: 172.31.1.32 hostsvcs12.services.local Hosts: 172.31.1.34 hostsvcs14.services.local Hosts: 172.31.1.35 hostsvcs15.services.local . ==== Installed Programs ====================== . Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader XI (11.0.02) Apple Application Support Apple Mobile Device Support Apple Software Update Auslogics Registry Cleaner BIG-IP Edge Client Components (All Users) Bonjour Bulk Rename Utility 2.7.1.2 CCleaner Citrix online plug-in - web Citrix online plug-in (DV) Citrix online plug-in (HDX) Citrix online plug-in (USB) Citrix online plug-in (Web) Conexant HDA D330 MDC V.92 Modem CREDANT Manager D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition Dell Client System Update Dell ControlVault Host Components Installer 64 bit Dell Edoc Viewer Dell Feature Enhancement Pack Dell Touchpad Dell Webcam Central File Renamer - Basic FileZilla Client 3.7.3 Greenshot 1.1.5.2643 inSSIDer 3 Intel PROSet Wireless Intel® Control Center Intel® Management Engine Components Intel® Network Connections 16.8.45.00 Intel® Processor Graphics Intel® Rapid Storage Technology Intel® USB 3.0 eXtensible Host Controller Driver Intel® WiDi Intel® Wireless Display Intel® PROSet/Wireless WiFi Software Intel® Trusted Connect Service Client IPTInstaller iTunes Java 7 Update 40 Java 7 Update 40 (64-bit) Java Auto Updater Juniper Networks Network Connect 7.1.0 Juniper Networks Secure Application Manager Juniper Networks, Inc. Setup Client Juniper Terminal Services Client Junk Mail filter update K-Lite Mega Codec Pack 9.9.0 LiveReg (Symantec Corporation) LiveUpdate 1.80 (Symantec Corporation) Logitech Touch Mouse Server 1.0 Malwarebytes Anti-Malware version 1.75.0.1300 Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Lync 2010 Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Office 32-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 32-bit MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Modem Diagnostic Tool Mozilla Firefox 24.0 (x86 en-US) Mozilla Maintenance Service Mp3tag v2.54 MSVCRT MSVCRT_amd64 Netwaiting OpenVPN 2.1_rc4 Password Policy Client 7.01 PCDJ VJ PeerBlock 1.1 (r518) PowerDVD DX SAMSUNG Mobile Modem Driver Set Samsung Mobile phone USB driver Drive Software SAMSUNG Mobile USB Modem 1.0 Software SAMSUNG Mobile USB Modem Software Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft Excel 2010 (KB2760597) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2687423) 64-Bit Edition Security Update for Microsoft Outlook 2010 (KB2794707) 64-Bit Edition Security Update for Microsoft Word 2010 (KB2760769) 64-Bit Edition Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition SI TSS Skype™ 6.6 ST Microelectronics 3 Axis Digital Accelerometer Solution Symantec Endpoint Protection Symantec pcAnywhere Synergy System Requirements Lab CYRI TextPad 7 UltraMon Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2836939) Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition Update for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit Edition Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553157) 64-Bit Edition Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition Update for Microsoft Office 2010 (KB2589370) 64-Bit Edition Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition Update for Microsoft Office 2010 (KB2760758) 64-Bit Edition Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition Update for Microsoft OneNote 2010 (KB2810072) 64-Bit Edition Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition VLC media player 2.0.6 WebEx Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Resource Kit Tools - SubInAcl.exe WinRAR archiver WinZip . ==== Event Viewer Messages From Past Week ======== . 9/30/2013 5:24:15 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070005: Security Update for Windows 7 for x64-based Systems (KB2847927). 9/27/2013 8:40:46 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR6. 9/26/2013 9:04:11 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UxSms service. 9/26/2013 9:03:41 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UmRdpService service. 10/3/2013 8:29:16 AM, Error: Application Popup [1060] - \??\C:\Program Files (x86)\Symantec\SYMEVENT.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 10/3/2013 1:14:46 AM, Error: Service Control Manager [7031] - The Symantec Endpoint Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. 10/2/2013 7:23:25 AM, Error: Service Control Manager [7000] - The BHDrvx64 service failed to start due to the following error: Element not found. 10/1/2013 9:17:07 PM, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1067] - The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. . 10/1/2013 9:15:06 PM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. 10/1/2013 9:15:05 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: awlegacy BHDrvx64 Gernuwa SYMNETS UimBus Uim_IM Uim_VIM 10/1/2013 9:15:00 PM, Error: Service Control Manager [7001] - The SI TSS v1.2.1.41 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully. 10/1/2013 9:15:00 PM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain CBORDNT due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain. 10/1/2013 9:15:00 PM, Error: Microsoft-Windows-TaskScheduler [413] - Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183. 10/1/2013 9:14:47 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\awlegacy.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. . ==== End Of File ===========================
  10. tat2ddeviant
    Windows 7, Symantec Endpoint (up to date) in addition to MBAM (up to date) SEP -- Finds nothing MBAM -- Finds nothing MS Safety Scan - Finds nothing MBAM is continuously blocking the same IP address (IP-BLOCK 217.23.9.122 (Type: outgoing, Port: 49661, Process: firefox.exe) when firefox isn't up. I'm also unable to run the most recent MS security update: KB284727 -- I keep getting a 80005007 unknown error. Suggestions..? Thanks, -Aran
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.