Jump to content

richb

Members
  • Posts

    3
  • Joined

  • Last visited

Everything posted by richb

  1. Addition.txt will follow because I got a message too long... Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-02-2015 Ran by rbrinega at 2015-02-23 18:22:50 Running from C:\Users\rbrinega.ORADEV\Documents\frst Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: McAfee VirusScan Enterprise (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892} AS: McAfee VirusScan Enterprise Antispyware Module (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: McAfee Host Intrusion Prevention Firewall (Enabled) {BE0ED752-0A0B-3FFF-80EC-B2269063014C} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 4.65 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0465-000001000000}) (Version: 4.65.00.0 - Igor Pavlov) AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.10.22 - STMicroelectronics) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\{A37E9FA0-00FE-479D-9F62-E6E3DBA51D29}) (Version: 16.0.0.296 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version: 3.0 - ) Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) BlackBerry USB and Modem Drivers 5.0.1 (HKLM-x32\...\BlackBerry_{F0702481-3E9C-4844-8355-B8D0439E9793}) (Version: 5.0.1.37 - Research In Motion Ltd.) BlackBerry USB and Modem Drivers 5.0.1 (x32 Version: 5.0.1.37 - Research In Motion Ltd.) Hidden CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.8.2523 - CDBurnerXP) Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05170 - Cisco Systems, Inc.) Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05170 - Cisco Systems, Inc.) Hidden Cisco Click to Call (HKLM\...\{4ED9D5AF-FE16-4CBA-805C-8D0C47F83E7F}) (Version: 8.0.2591 - Cisco Systems, Inc.) Cisco Click to Call (HKLM-x32\...\Cisco Click to Call) (Version: - ) Cisco IP Communicator (HKLM-x32\...\Cisco IP Communicator) (Version: - ) Cisco IP Communicator (x32 Version: 7.0.5.4 - Cisco Systems, Inc.) Hidden Cisco Systems VPN Client 5.0.07.0290 (HKLM\...\{467D5E81-8349-4892-9E81-C3674ED8E451}) (Version: 5.0.7 - Cisco Systems, Inc.) Cisco VPN Client 5.0.07.0290 (HKLM-x32\...\Cisco VPN Client 5.0.07.0290) (Version: - ) Cisco WebEx Meetings (HKU\S-1-5-21-3138815620-4253048750-3916773603-50764\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC) CMD Prompt Here as Administrator PowerToy v1.0.2 (Uninstall only) (HKLM\...\CmdHereAsAdmin) (Version: 1.0.2 - ) CMD Prompt Here PowerToy v1.0.3 (Uninstall only) (HKLM\...\CmdHere) (Version: 1.0.3 - ) ColorClix version 3.0 (HKLM-x32\...\{1103541B-697C-492A-B6D6-3BEBC7C5CCAD}_is1) (Version: 3.0 - Olympic) CrashPlan (HKLM\...\{3DC18F22-3F80-427A-B2A1-2B2E9E0986B8}) (Version: 3.5.3 - CrashPlan) Dell System Manager (HKLM\...\{FDF509ED-9624-4FDE-9BAA-9566C186AB96}) (Version: 1.6.00000 - Dell Inc.) Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1208.101.114 - ALPS ELECTRIC CO., LTD.) Development Base Image (HKLM-x32\...\Development Base Image) (Version: 7.1.00.0 - Product Development Desktop Support) FileLocator Lite 2010 (64-bit) (HKLM\...\FileLocator Lite (64-bit)_is1) (Version: - ) FileZilla Client 3.10.1.1 (HKLM-x32\...\FileZilla Client) (Version: 3.10.1.1 - Tim Kosse) FTP Site Manager (HKLM-x32\...\FTP Site Manager) (Version: - ) Git version 1.7.9-preview20120201 (HKLM-x32\...\Git_is1) (Version: 1.7.9-preview20120201 - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.) Google Chrome (HKU\S-1-5-21-3138815620-4253048750-3916773603-50764\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.) Google Desktop (HKLM-x32\...\Google Desktop) (Version: 5.9.1005.12335 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden GTK+ Runtime 2.14.7 rev a (remove only) (HKLM-x32\...\GTK 2.0) (Version: - ) Hoyle Card Games 2005 (HKLM-x32\...\{B44AA698-B221-4B3B-8CA5-E65EF6A5AF26}) (Version: 1.2.0.0 - Encore, Inc.) HP Officejet 6600 Basic Device Software (HKLM\...\{AEC699FC-F916-46A0-B15E-70EF1534AE93}) (Version: 25.0.619.0 - Hewlett-Packard Co.) HP Officejet 6600 Help (HKLM-x32\...\{C818BA3A-226F-4ED0-9CEF-96A0DF300211}) (Version: 140.0.2.2 - Hewlett Packard) HyperSnap 6 (HKLM-x32\...\HyperSnap 6) (Version: 5 - Hyperionics Technology LLC) I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP) Java 7 Update 75 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417075F0}) (Version: 7.0.750 - Oracle) Java 7 Update 75 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217075F0}) (Version: 7.0.750 - Oracle) Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation) Java SE Development Kit 6 Update 27 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0160270}) (Version: 1.6.0.270 - Oracle) Lexmark 4200 Series (HKLM\...\Lexmark 4200 Series) (Version: - Lexmark International, Inc.) Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) McAfee Agent (HKLM-x32\...\{0F9C79D3-14FA-4750-979D-2C966F1E5CE6}) (Version: 4.8.0.1605 - McAfee, Inc.) McAfee Host Intrusion Prevention (HKLM-x32\...\{B332732A-4958-41DD-B439-DDA2D32753C5}) (Version: 7.00.0800 - McAfee, Inc.) McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.194 - McAfee, Inc.) McAfee SiteAdvisor Enterprise Plus (HKLM-x32\...\{00FC3F65-86EB-475E-881F-A5B1CF731320}) (Version: 3.0.0.561 - McAfee, Inc.) McAfee VirusScan Enterprise (HKLM-x32\...\{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}) (Version: 8.8.04001 - McAfee, Inc.) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visio Viewer (HKLM-x32\...\Microsoft Visio Viewer) (Version: - ) Microsoft Visio Viewer 2010 (HKLM-x32\...\{95140000-0052-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Mozilla Firefox 31.4.0 ESR (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.4.0 ESR (x86 en-US)) (Version: 31.4.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.1.2 - Mozilla) Mozilla Thunderbird 31.4.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 en-US)) (Version: 31.4.0 - Mozilla) Network Recording Player (HKLM-x32\...\{2B53190C-E53E-4736-9E13-395741415991}) (Version: 2.29.3100 - Cisco WebEx LLC) Opera 11.64 (HKLM-x32\...\Opera 11.64.1403) (Version: 11.64.1403 - Opera Software ASA) Optimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version: 3.2.0.3 - PC Utilities Software Limited) <==== ATTENTION Oracle Beehive Conferencing (HKLM-x32\...\{4A8ABF7C-0DBB-41D9-8456-9CFC16F9B4BA}) (Version: 1.4 - Oracle Corporation) Oracle Beehive Extensions for Explorer (HKLM\...\{1FC44441-92DD-4C16-AA0E-D5781A8E323C}) (Version: 2.0.1.7 - Oracle Corporation) Oracle Content Server - Desktop Integration Suite (HKLM\...\{E9B67598-4F17-4E38-A863-838AC35CA847}) (Version: 11.1.4 - Oracle) Oracle Data Protection 1.8.0.0 (HKLM-x32\...\Oracle Data Protection 1.8.0.0) (Version: - ) Oracle Online Assistance (HKLM-x32\...\Oracle Online Assistance) (Version: - ) Oracle Open Office 3.3 (HKLM-x32\...\{C939ED08-0089-4D96-A421-7179EB8C459D}) (Version: 3.3.9552 - Oracle) Paperless Converter version 5.0.0.92 (HKLM-x32\...\Paperless Converter_is1) (Version: 5.0.0.92 - Rarefind Engineering Innovations Pvt. Ltd.) Paperless Printer version 5.1.0.16 (HKLM-x32\...\Paperless Printer_is1) (Version: 5.1.0.16 - Rarefind Engineering Innovations Pvt. Ltd.) Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.9 - ) PrimoPDF (HKLM-x32\...\PrimoPDF4.1.0.9) (Version: 4.1.0.9 - activePDF) Profile Copier 3.0 (HKLM-x32\...\ProfileCopier) (Version: - ) ProjectReader (HKLM-x32\...\{9ACD9F21-CA0A-4E08-B54B-EB39CAA0D42B}) (Version: 4.06.0000 - K-SOL S.r.l.) PuTTY .60 with WinSCP4 (HKLM-x32\...\PuTTY .60 with WinSCP4) (Version: - ) QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.) RealPlayer Enterprise (HKLM-x32\...\RealPlayer 6.0) (Version: - RealNetworks) Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.) Softerra LDAP Browser 4.5 (HKLM-x32\...\{5A3B2909-0CF3-4F8A-95AB-0A00222DCAA3}) (Version: 4.5.10625.0 - Softerra, Ltd.) Tether 1.4.3.7 (HKLM-x32\...\{2863C12B-2A02-4258-8495-6220605B2E5C}_is1) (Version: - Tether) TightVNC 2.0.4 (HKLM-x32\...\TightVNC) (Version: 2.0.4 - GlavSoft LLC.) ViewletBuilder6 Professional (HKLM-x32\...\ViewletBuilder6 Professional) (Version: - Qarbon) ViewSonic Windows 7 x64 Signed Files (HKLM-x32\...\{FC47C7A5-BE63-11D5-B7C9-005004566E4D}) (Version: - ) WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6900 - Broadcom Corporation) WModem Driver Installer (HKLM-x32\...\HTC_WModemDriver) (Version: 2.0.6.14 - HTC) WSE_Binkiland (HKLM-x32\...\WSE_Binkiland) (Version: - WSE_Binkiland) <==== ATTENTION! Zoom (HKU\S-1-5-21-3138815620-4253048750-3916773603-50764\...\ZoomUMX) (Version: 3.5 - Zoom Video Communications, Inc.) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3138815620-4253048750-3916773603-50764_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\rbrinega.ORADEV\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-3138815620-4253048750-3916773603-50764_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\rbrinega.ORADEV\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-3138815620-4253048750-3916773603-50764_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\rbrinega.ORADEV\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.) ==================== Restore Points ========================= 13-02-2015 10:00:19 Windows Update 15-02-2015 07:49:27 Installed Cisco Click to Call. 21-02-2015 10:00:12 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 18:34 - 2014-06-19 02:16 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {00748E8D-FA66-4CFA-A0DE-4810695DB941} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-22612181-1167196868-26564730-57735Core1cfe98575343649 => C:\Users\rbrinega.ORADEV\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-16] (Google Inc.) Task: {234859C9-FB16-435D-9D6A-5627E1EF2AF8} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro 3.38\OptProLauncher.exe <==== ATTENTION Task: {4DD9F8A2-8E2F-472E-8F13-47BD89A970F1} - System32\Tasks\Oracle\Synctime => C:\ProgramData\Oracle\Baseimage\synctime.exe [2003-04-07] () Task: {9B6E5F0D-82ED-4120-96B5-1D14C4345B03} - System32\Tasks\{5B80D250-0972-4CAB-A3D6-4D923F76DD18} => Firefox.exe http://ui.skype.com/ui/0/5.10.0.116/en/abandoninstall?source=lightinstaller&page=tsInstall Task: {A1D60D55-A6B8-401B-BC05-2938E02DF2F2} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => d:\program files\windows defender\MpCmdRun.exe Task: {AE6FAAE4-E128-4B58-B071-AD1460C77042} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-31] (Google Inc.) Task: {BB8D80CA-86B4-43BC-B42C-5110721A27C1} - System32\Tasks\{452F4E93-9543-4221-8569-4128FFE851B0} => Firefox.exe http://ui.skype.com/ui/0/6.20.0.104/en/abandoninstall?source=lightinstaller&page=tsInstall Task: {C3023ADB-4D1F-40D8-9CD4-1425724B43DC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-31] (Google Inc.) Task: {C42BA7E9-A1F3-451B-BA57-49BA6A778A61} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3138815620-4253048750-3916773603-50764UA => C:\Users\rbrinega.ORADEV\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-16] (Google Inc.) Task: {C4E8B14A-4159-4C58-BDAD-281DBBFC97E8} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => d:\program files\windows defender\MpCmdRun.exe Task: {D34795C5-B4D4-4746-9C6F-AD9FEDE665C8} - System32\Tasks\{4ADF3BCE-D1AC-4CAC-93A2-8FF735758716} => Firefox.exe http://ui.skype.com/ui/0/5.10.0.116/en/abandoninstall?source=lightinstaller&page=tsInstall Task: {DF206FEE-8787-46CA-8B4A-86FA02BBD9D9} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-21] (Adobe Systems Incorporated) Task: {FFEC9679-1A2E-420C-8634-36FE03D86E69} - System32\Tasks\{0C968383-0F36-48FC-AD76-6FC2155CC4F8} => Firefox.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=5.9.0.115&LastError=12031 Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-22612181-1167196868-26564730-57735Core1cf8adf35b1ae61.job => C:\Users\rbrinega.ST-USERS\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-22612181-1167196868-26564730-57735Core1cfe98575343649.job => C:\Users\rbrinega.ORADEV\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3138815620-4253048750-3916773603-50764UA.job => C:\Users\rbrinega.ORADEV\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2011-04-15 01:32 - 2006-11-06 14:55 - 00090624 _____ () C:\windows\System32\Primomonnt.dll 2012-04-24 16:05 - 2012-03-29 09:58 - 00019456 _____ () C:\windows\system32\spool\PRTPROCS\x64\QWritex64.dll 2013-04-08 15:42 - 2013-04-08 15:42 - 00014848 _____ () C:\Program Files\CrashPlan\md564.dll 2014-11-26 19:23 - 2014-11-26 19:23 - 00230400 _____ () C:\Program Files\CrashPlan\cpnative64.dll 2011-11-21 21:13 - 2011-09-29 13:29 - 00050416 _____ () C:\Program Files (x86)\Tether\TBService.exe 2010-10-15 18:08 - 2010-10-15 18:08 - 00173856 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll 2011-08-05 13:06 - 2011-02-21 11:14 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2011-08-05 10:23 - 2010-12-17 09:24 - 00686704 _____ () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe 2011-02-25 10:58 - 2011-02-25 10:58 - 00050600 _____ () C:\Program Files (x86)\Cisco Systems\Click to Call\main\exe\Cisco.ClickToCall.Common.WebDialer.XmlSerializers.dll 2014-06-10 19:34 - 2014-06-10 19:34 - 00063400 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll 2015-02-20 15:11 - 2015-02-20 15:11 - 01652280 _____ () c:\Program Files (x86)\Optimizer Pro 3.38\OptProMon.dll 2010-03-23 12:26 - 2010-03-23 12:26 - 00201512 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll 2007-04-18 18:30 - 2007-04-18 18:30 - 00393216 _____ () C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll 2007-04-18 18:30 - 2007-04-18 18:30 - 00471040 _____ () C:\Program Files (x86)\McAfee\Common Framework\ccme_base.dll 2010-11-25 02:12 - 2011-04-15 01:24 - 00985088 _____ () C:\Program Files (x86)\Oracle\Oracle Open Office 3\program\libxml2.dll 2015-01-14 10:27 - 2015-01-14 10:27 - 03347056 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll 2015-01-14 10:27 - 2015-01-14 10:27 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll 2015-01-14 10:27 - 2015-01-14 10:27 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll 2015-01-14 09:10 - 2015-01-14 09:10 - 03789936 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2015-02-23 16:57 - 2015-02-23 16:57 - 00018856 _____ () C:\Program Files (x86)\Java\jre1.7.0_75\bin\jp2native.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\rbrinega.ORADEV\Downloads\ACTION REQUIRED EM Alert CRITICAL gsi1av_security_login.eml:OECustomProperty AlternateDataStreams: C:\Users\rbrinega.ORADEV\Downloads\EM Incident Critical New - Internal error detected java.util.NoSuchElementException java.util.StringTokenizer 332 oracle.sysman.gcagent.addon.plugin.beacon.fetchlet.urltiming.HTMLParser 1555..eml:OECustomProperty AlternateDataStreams: C:\Users\rbrinega.ORADEV\Downloads\Found too many alerts triggered in EMCC on Sep 18, 2014.eml:OECustomProperty AlternateDataStreams: C:\Users\rbrinega.ORADEV\Downloads\Fwd Final Notice Cleanup of BugDB Generic Accounts owned by Email - NARASIMHA.GOGINENI@oracle.com.eml:OECustomProperty AlternateDataStreams: C:\Users\rbrinega.ORADEV\Downloads\Fwd SR 3-6662739331 1 Review Update FATAL Target(s) with Subscription ID152744 are DOWN.eml:OECustomProperty AlternateDataStreams: C:\Users\rbrinega.ORADEV\Downloads\Issues with OID We had a few login issues when attempting to log into EMCC OMS..eml:OECustomProperty AlternateDataStreams: C:\Users\rbrinega.ORADEV\Downloads\ODCS (EMCC-14648) HOW TO GET RID OF A METRIC COLLECTION ERROR FOR UDM'S WHICH NO LONGER EXIST 4_51AM.eml:OECustomProperty AlternateDataStreams: C:\Users\rbrinega.ORADEV\Downloads\ODCS (EMCC-14648) HOW TO GET RID OF A METRIC COLLECTION ERROR FOR UDM'S WHICH NO LONGER EXIST 8_20AM.eml:OECustomProperty AlternateDataStreams: C:\Users\rbrinega.ORADEV\Downloads\Outage Notification MyHelp System Will Be Unavailable - MyHelp Production upcoming Outage Notification. 02-May-2014 21 00 to 03-May-2014 05 00.eml:OECustomProperty AlternateDataStreams: C:\Users\rbrinega.ORADEV\Downloads\Please Read Recently Scanned Expense Report.eml:OECustomProperty AlternateDataStreams: C:\Users\rbrinega.ORADEV\Downloads\Re ACTION REQUIRED EM Alert CRITICAL slciafu.us.oracle.com 41830 - Host is Unreachable.eml:OECustomProperty AlternateDataStreams: C:\Users\rbrinega.ORADEV\Downloads\Re ACTION REQUIRED EM Alert CRITICAL us2jcsr3080059.usdc2.oraclecloud.com 3872 - Agent is Unreachable.eml:OECustomProperty AlternateDataStreams: C:\Users\rbrinega.ORADEV\Downloads\Re Bug# 17759430 - SR'S ARE NOT GETTING CLEARED EVEN THOUGH UNDERLYING ALERTS GET CLEARED.eml:OECustomProperty AlternateDataStreams: C:\Users\rbrinega.ORADEV\Downloads\Re devcc.eml:OECustomProperty AlternateDataStreams: C:\Users\rbrinega.ORADEV\Downloads\Re EM Metric Extension for EXA IB switches.eml:OECustomProperty AlternateDataStreams: C:\Users\rbrinega.ORADEV\Downloads\Re Found too many alerts triggered in EMCC on Sep 16, 2014.eml:OECustomProperty AlternateDataStreams: C:\Users\rbrinega.ORADEV\Downloads\Re List of EM Cloud Hosts.eml:OECustomProperty AlternateDataStreams: C:\Users\rbrinega.ORADEV\Downloads\Re MyHelp AutoSR2 Unplanned outage Notification.eml:OECustomProperty AlternateDataStreams: C:\Users\rbrinega.ORADEV\Downloads\Re MyHelp CRMOD - autoSR2 and Category Link not working.eml:OECustomProperty AlternateDataStreams: C:\Users\rbrinega.ORADEV\Downloads\Re SMS server upgrade.eml:OECustomProperty AlternateDataStreams: C:\Users\rbrinega.ORADEV\Downloads\Re Testing AutoSR3.eml:OECustomProperty AlternateDataStreams: C:\Users\rbrinega.ORADEV\Downloads\Re_ auto sr's not closing.eml:OECustomProperty AlternateDataStreams: C:\Users\rbrinega.ORADEV\Downloads\Richards Dell E6420 Laptop.eml:OECustomProperty AlternateDataStreams: C:\Users\rbrinega.ORADEV\Downloads\SR 497386-544365241.eml:OECustomProperty AlternateDataStreams: C:\Users\rbrinega.ORADEV\Downloads\SR 497386-614629042 Set up firewall from adsdx0013.oracleads.com and adsdx0014.oracleads.com to autosr2-prod.oraclecorp.com 443 as is set up for adsdx0009.oracleads.com and adsdx0010.oracleads.com.eml:OECustomProperty AlternateDataStreams: C:\Users\rbrinega.ORADEV\Downloads\SR 497386-614629042.eml:OECustomProperty AlternateDataStreams: C:\Users\rbrinega.ORADEV\Documents\Fwd Re Fwd Re Fwd Master _ Shared agents upgrade to PS2 PDIT UPGRADE.eml:OECustomProperty AlternateDataStreams: C:\Users\rbrinega.ST-USERS\Downloads\ACTION REQUIRED EM Alert CRITICAL gsi1av_security_login.eml:OECustomProperty AlternateDataStreams: C:\Users\rbrinega.ST-USERS\Downloads\Found too many alerts triggered in EMCC on Sep 18, 2014.eml:OECustomProperty AlternateDataStreams: C:\Users\rbrinega.ST-USERS\Downloads\Fwd SR 3-6662739331 1 Review Update FATAL Target(s) with Subscription ID152744 are DOWN.eml:OECustomProperty AlternateDataStreams: C:\Users\rbrinega.ST-USERS\Downloads\Issues with OID We had a few login issues when attempting to log into EMCC OMS..eml:OECustomProperty AlternateDataStreams: C:\Users\rbrinega.ST-USERS\Downloads\ODCS (EMCC-14648) HOW TO GET RID OF A METRIC COLLECTION ERROR FOR UDM'S WHICH NO LONGER EXIST 4_51AM.eml:OECustomProperty AlternateDataStreams: C:\Users\rbrinega.ST-USERS\Downloads\ODCS (EMCC-14648) HOW TO GET RID OF A METRIC COLLECTION ERROR FOR UDM'S WHICH NO LONGER EXIST 8_20AM.eml:OECustomProperty AlternateDataStreams: C:\Users\rbrinega.ST-USERS\Downloads\Outage Notification MyHelp System Will Be Unavailable - MyHelp Production upcoming Outage Notification. 02-May-2014 21 00 to 03-May-2014 05 00.eml:OECustomProperty AlternateDataStreams: C:\Users\rbrinega.ST-USERS\Downloads\Please Read Recently Scanned Expense Report.eml:OECustomProperty AlternateDataStreams: C:\Users\rbrinega.ST-USERS\Downloads\Re ACTION REQUIRED EM Alert CRITICAL slciafu.us.oracle.com 41830 - Host is Unreachable.eml:OECustomProperty AlternateDataStreams: C:\Users\rbrinega.ST-USERS\Downloads\Re Bug# 17759430 - SR'S ARE NOT GETTING CLEARED EVEN THOUGH UNDERLYING ALERTS GET CLEARED.eml:OECustomProperty AlternateDataStreams: C:\Users\rbrinega.ST-USERS\Downloads\Re devcc.eml:OECustomProperty AlternateDataStreams: C:\Users\rbrinega.ST-USERS\Downloads\Re EM Metric Extension for EXA IB switches.eml:OECustomProperty AlternateDataStreams: C:\Users\rbrinega.ST-USERS\Downloads\Re List of EM Cloud Hosts.eml:OECustomProperty AlternateDataStreams: C:\Users\rbrinega.ST-USERS\Downloads\Re MyHelp AutoSR2 Unplanned outage Notification.eml:OECustomProperty AlternateDataStreams: C:\Users\rbrinega.ST-USERS\Downloads\Re SMS server upgrade.eml:OECustomProperty AlternateDataStreams: C:\Users\rbrinega.ST-USERS\Downloads\Re_ auto sr's not closing.eml:OECustomProperty AlternateDataStreams: C:\Users\rbrinega.ST-USERS\Downloads\SR 497386-544365241.eml:OECustomProperty AlternateDataStreams: C:\Users\rbrinega.ST-USERS\Downloads\SR 497386-614629042 Set up firewall from adsdx0013.oracleads.com and adsdx0014.oracleads.com to autosr2-prod.oraclecorp.com 443 as is set up for adsdx0009.oracleads.com and adsdx0010.oracleads.com.eml:OECustomProperty AlternateDataStreams: C:\Users\rbrinega.ST-USERS\Downloads\SR 497386-614629042.eml:OECustomProperty AlternateDataStreams: C:\Users\rbrinega.ST-USERS\Documents\Fwd Re Fwd Re Fwd Master _ Shared agents upgrade to PS2 PDIT UPGRADE.eml:OECustomProperty ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) HKU\S-1-5-21-3138815620-4253048750-3916773603-50764\Software\Classes\.exe: => <===== ATTENTION! ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3138815620-4253048750-3916773603-50764\Control Panel\Desktop\\Wallpaper -> C:\Users\rbrinega.ST-USERS\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 198.17.210.130 - 144.24.23.18 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Administrator (S-1-5-21-2378886259-4119765314-3931536290-500 - Administrator - Disabled) Guest (S-1-5-21-2378886259-4119765314-3931536290-501 - Limited - Disabled) rbrinega (S-1-5-21-2378886259-4119765314-3931536290-1001 - Administrator - Enabled) => C:\Users\rbrinega support (S-1-5-21-2378886259-4119765314-3931536290-1000 - Administrator - Enabled) => C:\Users\support ==================== Faulty Device Manager Devices ============= Name: Cisco Systems VPN Adapter for 64-bit Windows Description: Cisco Systems VPN Adapter for 64-bit Windows Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: CVirtA Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Tether Ethernet Adapter Description: Tether Ethernet Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Tether Service: qrkis Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (02/23/2015 09:28:38 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/21/2015 03:12:53 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/20/2015 05:58:44 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/19/2015 00:35:01 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/19/2015 08:23:26 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Conferencing.exe, version: 2.0.1.8, time stamp: 0x51ba9663 Faulting module name: ntdll.dll, version: 6.1.7601.18229, time stamp: 0x51fb1072 Exception code: 0xc015000f Fault offset: 0x00084671 Faulting process id: 0x6648 Faulting application start time: 0xConferencing.exe0 Faulting application path: Conferencing.exe1 Faulting module path: Conferencing.exe2 Report Id: Conferencing.exe3 Error: (02/13/2015 09:55:30 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Conferencing.exe, version: 2.0.1.8, time stamp: 0x51ba9663 Faulting module name: ntdll.dll, version: 6.1.7601.18229, time stamp: 0x51fb1072 Exception code: 0xc015000f Fault offset: 0x00084671 Faulting process id: 0x3460 Faulting application start time: 0xConferencing.exe0 Faulting application path: Conferencing.exe1 Faulting module path: Conferencing.exe2 Report Id: Conferencing.exe3 Error: (02/08/2015 01:10:07 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/03/2015 03:56:25 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Conferencing.exe, version: 2.0.1.8, time stamp: 0x51ba9663 Faulting module name: ntdll.dll, version: 6.1.7601.18229, time stamp: 0x51fb1072 Exception code: 0xc015000f Fault offset: 0x00084671 Faulting process id: 0x7d40 Faulting application start time: 0xConferencing.exe0 Faulting application path: Conferencing.exe1 Faulting module path: Conferencing.exe2 Report Id: Conferencing.exe3 Error: (01/30/2015 08:58:59 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Conferencing.exe, version: 2.0.1.8, time stamp: 0x51ba9663 Faulting module name: ntdll.dll, version: 6.1.7601.18229, time stamp: 0x51fb1072 Exception code: 0xc015000f Fault offset: 0x00084671 Faulting process id: 0x5d50 Faulting application start time: 0xConferencing.exe0 Faulting application path: Conferencing.exe1 Faulting module path: Conferencing.exe2 Report Id: Conferencing.exe3 Error: (01/23/2015 10:22:31 AM) (Source: Application Error) (EventID: 1005) (User: ) Description: Windows cannot access the file for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Oracle Beehive Conferencing because of this error. Program: Oracle Beehive Conferencing File: The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: 00000000 Disk type: 0 System errors: ============= Error: (02/23/2015 06:15:02 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: ORADEV) Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. Error: (02/23/2015 06:12:58 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY) Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. Error: (02/23/2015 09:29:06 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C} Error: (02/23/2015 09:28:49 AM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1000) (User: NT AUTHORITY) Description: CBS Client initialization failed. Last error: 0x8007041d Error: (02/23/2015 09:28:49 AM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1053TrustedInstaller{752073A1-23F2-4396-85F0-8FDB879ED0ED} Error: (02/23/2015 09:28:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Windows Modules Installer service failed to start due to the following error: %%1053 Error: (02/23/2015 09:28:47 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect. Error: (02/23/2015 09:27:36 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The McAfee SiteAdvisor Enterprise Service service terminated with the following error: %%-2147467243 Error: (02/23/2015 09:27:28 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: ORADEV) Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. Error: (02/23/2015 09:27:13 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY) Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. Microsoft Office Sessions: ========================= Error: (02/23/2015 09:28:38 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/21/2015 03:12:53 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/20/2015 05:58:44 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/19/2015 00:35:01 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/19/2015 08:23:26 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Conferencing.exe2.0.1.851ba9663ntdll.dll6.1.7601.1822951fb1072c015000f00084671664801d04c5525c2b8cdC:\Users\rbrinega.ST-USERS\AppData\Roaming\Oracle\Beehive\Conferencing\Versions\D60AD16B-696E-4331-BA52-F3A86E9F3BD2\Conferencing.exeC:\windows\SysWOW64\ntdll.dlla162d14b-b853-11e4-85ad-9cb70dee2573 Error: (02/13/2015 09:55:30 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Conferencing.exe2.0.1.851ba9663ntdll.dll6.1.7601.1822951fb1072c015000f00084671346001d047ae305f06ccC:\Users\rbrinega.ST-USERS\AppData\Roaming\Oracle\Beehive\Conferencing\Versions\D60AD16B-696E-4331-BA52-F3A86E9F3BD2\Conferencing.exeC:\windows\SysWOW64\ntdll.dll7f6153d0-b3a9-11e4-85ad-9cb70dee2573 Error: (02/08/2015 01:10:07 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/03/2015 03:56:25 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Conferencing.exe2.0.1.851ba9663ntdll.dll6.1.7601.1822951fb1072c015000f000846717d4001d0400ac7f0d517C:\Users\rbrinega.ST-USERS\AppData\Roaming\Oracle\Beehive\Conferencing\Versions\D60AD16B-696E-4331-BA52-F3A86E9F3BD2\Conferencing.exeC:\windows\SysWOW64\ntdll.dll42a128c0-ac00-11e4-9bfd-9cb70dee2573 Error: (01/30/2015 08:58:59 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Conferencing.exe2.0.1.851ba9663ntdll.dll6.1.7601.1822951fb1072c015000f000846715d5001d03ca646ab6023C:\Users\rbrinega.ST-USERS\AppData\Roaming\Oracle\Beehive\Conferencing\Versions\D60AD16B-696E-4331-BA52-F3A86E9F3BD2\Conferencing.exeC:\windows\SysWOW64\ntdll.dll489d821d-a8a1-11e4-9bfd-9cb70dee2573 Error: (01/23/2015 10:22:31 AM) (Source: Application Error) (EventID: 1005) (User: ) Description: Oracle Beehive Conferencing000000000 CodeIntegrity Errors: =================================== Date: 2014-07-13 13:55:44.654 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\McAfee\VirusScan Enterprise\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system. Date: 2014-07-13 13:55:44.654 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\McAfee\VirusScan Enterprise\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system. Date: 2014-07-13 13:55:44.654 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\McAfee\VirusScan Enterprise\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system. Date: 2014-07-13 13:55:44.654 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\McAfee\VirusScan Enterprise\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system. Date: 2014-07-13 13:55:38.351 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\McAfee\VirusScan Enterprise\VSCore\x64\mfeelamk.sys because the set of per-page image hashes could not be found on the system. Date: 2014-07-13 13:55:38.351 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\McAfee\VirusScan Enterprise\VSCore\x64\mfeelamk.sys because the set of per-page image hashes could not be found on the system. Date: 2014-07-13 13:55:38.351 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\McAfee\VirusScan Enterprise\VSCore\x64\mfeelamk.sys because the set of per-page image hashes could not be found on the system. Date: 2014-07-13 13:55:38.351 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\McAfee\VirusScan Enterprise\VSCore\x64\mfeelamk.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core i5-2520M CPU @ 2.50GHz Percentage of memory in use: 43% Total physical RAM: 8072.93 MB Available physical RAM: 4586.07 MB Total Pagefile: 16144.05 MB Available Pagefile: 12751.3 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (System) (Fixed) (Total:100 GB) (Free:20.37 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (Data) (Fixed) (Total:187.11 GB) (Free:173.43 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 91EE639D) Partition 1: (Not Active) - (Size=11 GB) - (Type=07 NTFS) Partition 2: (Active) - (Size=100 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=187.1 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  2. I naively downloaded FileZilla from SourceForge (it used to be ok when I used SourceForge for Pidgin client). After starting that up, I was accosted by BikiniLand and Optimizer Pro 3.38. I downloaded MalWareBytes Trail version which apparently got rid of all traces of BikiniLand, but I appear to be stuck with Optimizer Pro 3.38, which I cannot get rid of. Actually, I've deleted all the files in the C:\Program Files (x86)\Optimizer Pro 3.38 directory except OptProMon.dll. Attempting to delete those give me the error "The action can't be completed because the file is open in Optimizer Pro Crash Monitor" -- something I cannot find. Following your instructions, here are the files from FRST: FRST.txt: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-02-2015 Ran by rbrinega (administrator) on RBRINEGA-LAP on 23-02-2015 18:21:53 Running from C:\Users\rbrinega.ORADEV\Documents\frst Loaded Profiles: rbrinega (Available profiles: rbrinega & support & rbrinega & rbrinega) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 9 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (CrashPlan) C:\Program Files\CrashPlan\CrashPlanService.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe ( ) C:\Windows\System32\lxbmcoms.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe (Oracle Corporation) C:\ProgramData\Oracle\MyDesktop\mydesktopservice.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe (O2Micro International) C:\Windows\System32\drivers\o2flash.exe (Oracle) C:\ProgramData\Oracle\MyDesktop\MyDesktopQOS.exe () C:\Program Files (x86)\Tether\TBService.exe (GlavSoft LLC.) C:\Program Files (x86)\TightVNC\tvnserver.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe (Google Inc.) C:\Users\rbrinega.ORADEV\AppData\Local\Google\Update\GoogleUpdate.exe (RealNetworks, Inc.) C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe (GlavSoft LLC.) C:\Program Files (x86)\TightVNC\tvnserver.exe (Cisco Systems) C:\Program Files (x86)\Cisco Systems\Click to Call\main\exe\clicktocall.exe (Code 42 Software, Inc.) C:\Program Files\CrashPlan\CrashPlanTray.exe (Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe (Oracle) C:\Program Files (x86)\Oracle\Oracle Open Office 3\program\soffice.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe (Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\Click to Call\add-ins\smarttag\communicator\communicator.exe (Oracle) C:\Program Files (x86)\Oracle\Oracle Open Office 3\program\soffice.bin (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [592240 2011-02-21] (Alps Electric Co., Ltd.) HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-02-21] (IDT, Inc.) HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] () HKLM\...\Run: [lxbmmon.exe] => C:\Program Files (x86)\Lexmark 4200 Series\lxbmmon.exe [230056 2009-04-27] (Lexmark International, Inc.) HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe [180224 2011-04-15] (RealNetworks, Inc.) HKLM-x32\...\Run: [McAfee Host Intrusion Prevention Tray] => C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe [979104 2010-06-15] (McAfee, Inc.) HKLM-x32\...\Run: [Google Desktop Search] => C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2011-09-23] (Google) HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\TightVNC\tvnserver.exe [828944 2011-08-03] (GlavSoft LLC.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Cisco ClickToCall] => C:\Program Files (x86)\Cisco Systems\Click to Call\main\exe\clicktocall.exe [882016 2011-02-25] (Cisco Systems) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-02] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [shStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [243560 2014-01-15] (McAfee, Inc.) HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [337768 2014-02-20] (McAfee, Inc.) HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707496 2014-06-10] (Cisco Systems, Inc.) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-21-3138815620-4253048750-3916773603-50764\...\Run: [Google Update] => C:\Users\rbrinega.ORADEV\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-16] (Google Inc.) HKU\S-1-5-21-3138815620-4253048750-3916773603-50764\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro 3.38\OptProLauncher.exe HKU\S-1-5-21-3138815620-4253048750-3916773603-50764\...\Run: [GoogleChromeAutoLaunch_EC56814605A5402EDF141134199A8E84] => "C:\Users\rbrinega.ORADEV\AppData\Local\Binkiland\Application\binkiland.exe" --no-startup-window HKU\S-1-5-21-3138815620-4253048750-3916773603-50764\...\RunOnce: [Adobe Speed Launcher] => 1424712509 HKU\S-1-5-21-3138815620-4253048750-3916773603-50764\...\MountPoints2: {44cd653c-696c-11e2-9796-5c260a69d9d3} - E:\TL-Bootstrap.exe HKU\S-1-5-21-3138815620-4253048750-3916773603-50764\...\MountPoints2: {5d77d173-19a1-11e1-b7f6-5c260a69d9d3} - E:\TL_Bootstrap.exe HKU\S-1-5-21-3138815620-4253048750-3916773603-50764\...\MountPoints2: {6e4c2f65-8cf7-11e3-9925-5c260a69d9d3} - E:\VerizonWirelessUpgradeAssistantSetup.exe -a HKU\S-1-5-21-3138815620-4253048750-3916773603-50764\...\MountPoints2: {713836bd-0fa4-11e1-b8bb-5c260a69d9d3} - E:\TL_Bootstrap.exe HKU\S-1-5-21-3138815620-4253048750-3916773603-50764\...\MountPoints2: {9074e1a7-e7e8-11e2-97f0-5c260a69d9d3} - E:\VZW_Software_upgrade_assistant.exe HKU\S-1-5-21-3138815620-4253048750-3916773603-50764\...\MountPoints2: {a6831b47-4f06-11e2-a543-5c260a69d9d3} - E:\TL_Bootstrap.exe HKU\S-1-5-21-3138815620-4253048750-3916773603-50764\...\MountPoints2: {b3b64599-86bd-11e2-962b-5c260a69d9d3} - E:\TL-Bootstrap.exe HKU\S-1-5-21-3138815620-4253048750-3916773603-50764\...\MountPoints2: {c053c27c-cf9c-11e1-b9cb-5c260a69d9d3} - E:\MotoCastSetup.exe -a HKU\S-1-5-21-3138815620-4253048750-3916773603-50764\...\MountPoints2: {c1ce400c-4c33-11e1-b75c-5c260a69d9d3} - F:\LaunchU3.exe -a HKU\S-1-5-18\...\RunOnce: [ClickToCallConfig] => C:\ProgramData\Oracle\BaseImage\config\config_cisco_clicktocall.exe [169453 2011-06-13] () HKU\S-1-5-18\...\RunOnce: [iPCConfig] => C:\ProgramData\Oracle\BaseImage\config\cisco_ipcommunicator-cfg.exe [215519 2011-03-07] () AppInit_DLLs-x32: C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL => C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2011-09-23] (Google) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk ShortcutTarget: CrashPlan Tray.lnk -> C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ProfileCopier.lnk ShortcutTarget: ProfileCopier.lnk -> C:\Program Files\Profile Copier\ProfileCopier.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe () Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\startControlconfig.lnk ShortcutTarget: startControlconfig.lnk -> C:\ProgramData\Oracle\Baseimage\utils\startControlConfig.hta () Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\startControlconfig.lnk ShortcutTarget: startControlconfig.lnk -> C:\ProgramData\Oracle\Baseimage\utils\startControlConfig.hta () Startup: C:\Users\rbrinega.ORADEV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Oracle Open Office 3.3.lnk ShortcutTarget: Oracle Open Office 3.3.lnk -> C:\Program Files (x86)\Oracle\Oracle Open Office 3\program\quickstart.exe () Startup: C:\Users\rbrinega.ORADEV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\stuff.wri.lnk ShortcutTarget: stuff.wri.lnk -> D:\x\stuff.wri () Startup: C:\Users\rbrinega.ORADEV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Oracle Open Office 3.3.lnk ShortcutTarget: Oracle Open Office 3.3.lnk -> C:\Program Files (x86)\Oracle\Oracle Open Office 3\program\quickstart.exe () Startup: C:\Users\rbrinega.ORADEV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\stuff.wri.lnk ShortcutTarget: stuff.wri.lnk -> D:\x\stuff.wri () Startup: C:\Users\rbrinega.ST-USERS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Oracle Open Office 3.3.lnk ShortcutTarget: Oracle Open Office 3.3.lnk -> C:\Program Files (x86)\Oracle\Oracle Open Office 3\program\quickstart.exe () Startup: C:\Users\rbrinega.ST-USERS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\stuff.wri.lnk ShortcutTarget: stuff.wri.lnk -> D:\x\stuff.wri () Startup: C:\Users\support\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\startControlconfig.lnk ShortcutTarget: startControlconfig.lnk -> C:\ProgramData\Oracle\Baseimage\utils\startControlConfig.hta () CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) AutoConfigURL: [s-1-5-21-3138815620-4253048750-3916773603-50764] => http://wpad/wpad.dat HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://my.oracle.com/ HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKU\S-1-5-21-3138815620-4253048750-3916773603-50764\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://my.oracle.com HKU\S-1-5-21-3138815620-4253048750-3916773603-50764\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7GGLG_en URLSearchHook: HKU\S-1-5-21-3138815620-4253048750-3916773603-50764 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) URLSearchHook: HKU\S-1-5-21-3138815620-4253048750-3916773603-50764 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) SearchScopes: HKLM -> DefaultScope {59C2215F-74F9-4B21-A776-F27FE99CF887} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = SearchScopes: HKLM -> {59C2215F-74F9-4B21-A776-F27FE99CF887} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} SearchScopes: HKLM -> {C37BBE81-5CF4-4826-812D-52BC377FBE2C} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} SearchScopes: HKU\S-1-5-21-3138815620-4253048750-3916773603-50764 -> DefaultScope {407D9884-164B-486A-B6EF-E3299576834E} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_frg01_15_08&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0DzytA0BtA0A0B0Azz0B0EtDtN0D0Tzu0StCtCyEyCtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0C0FzytDyBtByCtGtAtAzz0AtGzy0F0A0DtG0DtD0B0EtGyCtD0D0FyDtBzzyEzz0EtBtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0CtDtB0FtC0F0DtG0D0E0B0BtGyEyE0FtAtGzzyDyD0BtG0C0AyBzz0C0C0AyD0E0F0AtD2Q&cr=818385273&ir= SearchScopes: HKU\S-1-5-21-3138815620-4253048750-3916773603-50764 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = https://search.yahoo.com/search?fr=mcafee&type=B010US0D20131014&p={searchTerms} SearchScopes: HKU\S-1-5-21-3138815620-4253048750-3916773603-50764 -> {407D9884-164B-486A-B6EF-E3299576834E} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_frg01_15_08&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0DzytA0BtA0A0B0Azz0B0EtDtN0D0Tzu0StCtCyEyCtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0C0FzytDyBtByCtGtAtAzz0AtGzy0F0A0DtG0DtD0B0EtGyCtD0D0FyDtBzzyEzz0EtBtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0CtDtB0FtC0F0DtG0D0E0B0BtGyEyE0FtAtGzzyDyD0BtG0C0AyBzz0C0C0AyD0E0F0AtD2Q&cr=818385273&ir= SearchScopes: HKU\S-1-5-21-3138815620-4253048750-3916773603-50764 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=XFhmI9B67eZ63y2PqBfPungU6M4?q={searchTerms} SearchScopes: HKU\S-1-5-21-3138815620-4253048750-3916773603-50764 -> {D55F3D85-A6E0-484D-8A9E-964DE5A2E395} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7GGLD_en BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation) BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20140713135551.dll (McAfee, Inc.) BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.7.0_75\bin\ssv.dll (Oracle Corporation) BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20140713135553.dll (McAfee, Inc.) BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.7.0_75\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) DPF: HKLM-x32 {00191E4B-49C2-48E2-A548-8F702D75622A} https://strtc.oracle.com/imtapp/res/jar/cnsload.cab DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: HKLM-x32 {EB01EBAB-25F9-4C5B-A704-BB532C6B0A24} http://emgc.us.oracle.com/em/console/monitoring/website/txn/lib/OraDHTMLRec.CAB Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 Tcpip\..\Interfaces\{DD0F31FA-BE92-4AE2-B2E5-75B6A8A08E09}: [NameServer] 198.17.210.130,144.24.23.18 Tcpip\..\Interfaces\{F6758CBC-D36D-4030-A4B1-0C70087D054B}: [NameServer] 208.67.222.222,208.67.220.220 FireFox: ======== FF ProfilePath: C:\Users\rbrinega.ORADEV\AppData\Roaming\Mozilla\Firefox\Profiles\6rgxglwi.default FF DefaultSearchUrl: hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF NetworkProxy: "autoconfig_url", "http://wpad/wpad.dat" FF NetworkProxy: "backup.ftp", "www-proxy.us.oracle.com" FF NetworkProxy: "backup.ftp_port", 80 FF NetworkProxy: "backup.gopher", "adc-proxy.oracle.com" FF NetworkProxy: "backup.gopher_port", 80 FF NetworkProxy: "backup.socks", "www-proxy.us.oracle.com" FF NetworkProxy: "backup.socks_port", 80 FF NetworkProxy: "backup.ssl", "www-proxy.us.oracle.com" FF NetworkProxy: "backup.ssl_port", 80 FF NetworkProxy: "ftp", "www-proxy.us.oracle.com" FF NetworkProxy: "ftp_port", 80 FF NetworkProxy: "gopher", "www-proxy.us.oracle.com" FF NetworkProxy: "gopher_port", 80 FF NetworkProxy: "http", "www-proxy.us.oracle.com" FF NetworkProxy: "http_port", 80 FF NetworkProxy: "no_proxies_on", ".oracle.com, .us.oracle.com, .oraclecorp.com, .oracleads.com, .oracleportal.com, 140.87.245.22, 140.87.245.21, 127.0.0.1, crmondemand.com,192.168.0.1" FF NetworkProxy: "share_proxy_settings", true FF NetworkProxy: "socks", "www-proxy.us.oracle.com" FF NetworkProxy: "socks_port", 80 FF NetworkProxy: "ssl", "www-proxy.us.oracle.com" FF NetworkProxy: "ssl_port", 80 FF NetworkProxy: "type", 2 FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll () FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.75.2 -> C:\Program Files (x86)\Java\jre1.7.0_75\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.75.2 -> C:\Program Files (x86)\Java\jre1.7.0_75\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=6.0.11.3012 -> C:\Program Files (x86)\Real\RealPlayer Enterprise\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprjplug;version=1.0.2.3070 -> C:\Program Files (x86)\Real\RealPlayer Enterprise\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.1830 -> C:\Program Files (x86)\Real\RealPlayer Enterprise\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3138815620-4253048750-3916773603-50764: @tools.google.com/Google Update;version=3 -> C:\Users\rbrinega.ORADEV\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-3138815620-4253048750-3916773603-50764: @tools.google.com/Google Update;version=9 -> C:\Users\rbrinega.ORADEV\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-3138815620-4253048750-3916773603-50764: @zoom.us/ZoomVideoPlugin -> C:\Users\rbrinega.ORADEV\AppData\Roaming\Zoom\bin\npzoomplugin.dll (Zoom Video Communications, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll (Cisco WebEx LLC) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\rbrinega.ORADEV\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC) FF SearchPlugin: C:\Users\rbrinega.ORADEV\AppData\Roaming\Mozilla\Firefox\Profiles\6rgxglwi.default\searchplugins\oracle-bug-number.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml FF Extension: Flashblock - C:\Users\rbrinega.ORADEV\AppData\Roaming\Mozilla\Firefox\Profiles\6rgxglwi.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-12-11] FF Extension: Firebug - C:\Users\rbrinega.ORADEV\AppData\Roaming\Mozilla\Firefox\Profiles\6rgxglwi.default\Extensions\firebug@software.joehewitt.com.xpi [2014-11-07] FF Extension: Better Bug - C:\Users\rbrinega.ORADEV\AppData\Roaming\Mozilla\Firefox\Profiles\6rgxglwi.default\Extensions\{7cad0727-da80-44e6-ab41-2fe3875883fe}.xpi [2014-11-07] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-01-14] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-01-14] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0043-ABCDEFFEDCBA} [2015-01-14] FF HKLM-x32\...\Firefox\Extensions: [{be327679-1381-4aaa-93b3-4495c36762c5}] - C:\Program Files (x86)\Cisco Systems\Click to Call\add-ins\firefox FF Extension: Cisco Click to Call - C:\Program Files (x86)\Cisco Systems\Click to Call\add-ins\firefox [2011-12-30] FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2012-05-11] FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore FF Extension: IDS_SS_NAME - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2013-10-08] Chrome: ======= CHR HomePage: Default -> hxxp://binkiland.com/?f=1&a=bnk_frg01_15_08&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0DzytA0BtA0A0B0Azz0B0EtDtN0D0Tzu0StCtCyEyCtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0C0FzytDyBtByCtGtAtAzz0AtGzy0F0A0DtG0DtD0B0EtGyCtD0D0FyDtBzzyEzz0EtBtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0CtDtB0FtC0F0DtG0D0E0B0BtGyEyE0FtAtGzzyDyD0BtG0C0AyBzz0C0C0AyD0E0F0AtD2Q&cr=818385273&ir= CHR StartupUrls: Default -> "hxxp://binkiland.com/?f=7&a=bnk_frg01_15_08&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0DzytA0BtA0A0B0Azz0B0EtDtN0D0Tzu0StCtCyEyCtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0C0FzytDyBtByCtGtAtAzz0AtGzy0F0A0DtG0DtD0B0EtGyCtD0D0FyDtBzzyEzz0EtBtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0CtDtB0FtC0F0DtG0D0E0B0BtGyEyE0FtAtGzzyDyD0BtG0C0AyBzz0C0C0AyD0E0F0AtD2Q&cr=818385273&ir=" CHR DefaultSearchKeyword: Default -> binkiland.com CHR DefaultSearchURL: Default -> http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_frg01_15_08&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0DzytA0BtA0A0B0Azz0B0EtDtN0D0Tzu0StCtCyEyCtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0C0FzytDyBtByCtGtAtAzz0AtGzy0F0A0DtG0DtD0B0EtGyCtD0D0FyDtBzzyEzz0EtBtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0CtDtB0FtC0F0DtG0D0E0B0BtGyEyE0FtAtGzzyDyD0BtG0C0AyBzz0C0C0AyD0E0F0AtD2Q&cr=818385273&ir= CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR Profile: C:\Users\rbrinega.ORADEV\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Angry Birds) - C:\Users\rbrinega.ORADEV\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-11-07] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\rbrinega.ORADEV\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-07] CHR Extension: (Google Cast) - C:\Users\rbrinega.ORADEV\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-12-31] CHR Extension: (Google Calendar) - C:\Users\rbrinega.ORADEV\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-11-07] CHR Extension: (SiteAdvisor) - C:\Users\rbrinega.ORADEV\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-11-07] CHR Extension: (Search Center) - C:\Users\rbrinega.ORADEV\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndfplmdnbnefomnjiknbpejdceedhdmf [2014-11-07] CHR Extension: (Google Wallet) - C:\Users\rbrinega.ORADEV\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-07] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-02-19] CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-02-19] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 0084541424741323mcinstcleanup; C:\windows\TEMP\008454~1.EXE [827456 2012-01-09] (McAfee, Inc.) R2 4ef60154; c:\Program Files (x86)\Optimizer Pro 3.38\OptProMon.dll [1652280 2015-02-20] () R2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [222720 2013-04-08] (CrashPlan) [File not signed] R2 enterceptAgent; C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe [1498224 2010-06-15] (McAfee, Inc.) S3 GoogleDesktopManager-051210-111108; C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2011-09-23] (Google) R2 hips; C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe [39840 2010-01-26] (McAfee, Inc.) R2 lxbm_device; C:\windows\system32\lxbmcoms.exe [566192 2007-01-30] ( ) R2 lxbm_device; C:\windows\SysWOW64\lxbmcoms.exe [537520 2007-01-30] ( ) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S2 McAfee SiteAdvisor Enterprise Service; C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [226624 2010-03-25] (McAfee, Inc.) R2 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [155368 2015-02-12] (McAfee, Inc.) R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [127848 2014-02-20] (McAfee, Inc.) R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [242448 2014-07-13] (McAfee, Inc.) R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [208416 2014-01-15] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [185280 2014-07-13] (McAfee, Inc.) R2 MyDesktopWindows; C:\ProgramData\Oracle\MyDesktop\MyDesktopService.exe [5778304 2014-08-08] (Oracle Corporation) R2 QOSMyDesktop; C:\ProgramData\Oracle\MyDesktop\MyDesktopQOS.exe [470016 2009-10-13] (Oracle) [File not signed] R2 Tether; C:\Program Files (x86)\Tether\TBService.exe [50416 2011-09-29] () [File not signed] R2 tvnserver; C:\Program Files (x86)\TightVNC\tvnserver.exe [828944 2011-08-03] (GlavSoft LLC.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] () S3 Firehk; C:\Windows\System32\DRIVERS\firehk.sys [56648 2008-10-17] (McAfee, Inc.) R3 FirehkMP; C:\Windows\System32\DRIVERS\firehk.sys [56648 2008-10-17] (McAfee, Inc.) R3 firelm01; C:\windows\system32\drivers\firelm01.sys [38968 2010-06-15] (McAfee, Inc.) R0 FirePM; C:\Windows\System32\Drivers\FirePM.sys [186784 2010-06-15] (McAfee, Inc.) R1 FireTDI; C:\Windows\system32\Drivers\FireTDI.sys [254520 2010-06-15] (McAfee, Inc.) R3 HIPK; C:\Windows\System32\drivers\HIPK.sys [138904 2010-01-26] (McAfee, Inc.) R3 HIPPSK; C:\Windows\System32\drivers\HIPPSK.sys [45424 2010-01-26] (McAfee, Inc.) R3 HIPQK; C:\Windows\System32\drivers\HIPQK.sys [40152 2010-01-26] (McAfee, Inc.) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-23] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-07-13] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-07-13] (McAfee, Inc.) U3 mfeavfk01; No ImagePath R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782968 2014-07-13] (McAfee, Inc.) S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [107032 2014-07-13] (McAfee, Inc.) S4 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [84424 2010-10-22] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344176 2014-07-13] (McAfee, Inc.) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-05-20] (Research In Motion Limited) R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd) R3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-06-10] (Cisco Systems, Inc.) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-23 18:19 - 2015-02-23 18:21 - 00000000 ____D () C:\Users\rbrinega.ORADEV\Documents\frst 2015-02-23 16:58 - 2015-02-08 13:23 - 00319912 _____ (Oracle Corporation) C:\windows\system32\javaws.exe 2015-02-23 16:57 - 2015-02-23 16:57 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe 2015-02-23 16:57 - 2015-02-23 16:57 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll 2015-02-23 16:52 - 2015-02-23 16:55 - 85906432 _____ () C:\Users\rbrinega.ORADEV\Downloads\oracle-jre-7.0.75-win.exe 2015-02-23 09:27 - 2015-02-23 09:27 - 00134169 _____ () C:\windows\SysWOW64\api_hook_list.dat 2015-02-23 09:27 - 2015-02-23 09:27 - 00002033 _____ () C:\windows\system32\api_hook_list.dat 2015-02-23 09:19 - 2015-02-23 09:19 - 06111012 _____ () C:\Program Files (x86)\delme.zip 2015-02-21 01:48 - 2015-02-21 01:48 - 04437680 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe 2015-02-20 17:06 - 2015-02-23 11:49 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2015-02-20 17:05 - 2015-02-20 17:05 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\rbrinega.ORADEV\Downloads\mbam-setup-2.0.4.1028.exe 2015-02-20 17:05 - 2015-02-20 17:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-02-20 17:05 - 2015-02-20 17:05 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-02-20 17:05 - 2015-02-20 17:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-02-20 17:05 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2015-02-20 17:05 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2015-02-20 17:05 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2015-02-20 16:58 - 2015-02-23 18:22 - 00000000 ____D () C:\FRST 2015-02-20 16:12 - 2015-02-20 16:12 - 00000046 _____ () C:\Users\rbrinega.ORADEV\AppData\Roaming\WB.CFG 2015-02-20 15:17 - 2015-02-23 18:20 - 00000000 ____D () C:\Users\rbrinega.ORADEV\Documents\Optimizer Pro 2015-02-20 15:17 - 2015-02-20 15:17 - 00003262 _____ () C:\windows\System32\Tasks\Optimizer Pro Schedule 2015-02-20 15:17 - 2015-02-20 15:17 - 00000000 ____D () C:\Users\rbrinega.ORADEV\AppData\Roaming\Optimizer Pro 2015-02-20 15:13 - 2015-02-20 17:55 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client 2015-02-20 15:13 - 2015-02-20 15:25 - 00000000 ____D () C:\Users\rbrinega.ORADEV\AppData\Roaming\FileZilla 2015-02-20 15:13 - 2015-02-20 15:13 - 00000000 ____D () C:\Users\rbrinega.ORADEV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SPAM- BLand 2015-02-20 15:13 - 2015-02-20 15:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client 2015-02-20 15:11 - 2015-02-23 09:24 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro 3.38 2015-02-20 15:11 - 2015-02-20 18:02 - 00000000 ____D () C:\ProgramData\{a6b76fff-fcd7-2fea-a6b7-76ffffcdbfff} 2015-02-20 15:11 - 2015-02-20 15:11 - 00001109 _____ () C:\Users\rbrinega.ORADEV\Desktop\Optimizer Pro.lnk 2015-02-20 15:11 - 2015-02-20 15:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2 2015-02-20 15:08 - 2015-02-20 15:08 - 00749000 _____ (Installer Web ) C:\Users\rbrinega.ORADEV\Documents\FileZilla_3.10.1.1_win32-setup.exe 2015-02-20 12:23 - 2015-01-22 20:07 - 02339840 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2015-02-20 12:23 - 2015-01-22 19:59 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2015-02-20 12:23 - 2015-01-22 19:00 - 01810944 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2015-02-20 12:23 - 2015-01-22 18:51 - 00717824 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2015-02-19 12:34 - 2010-01-26 07:56 - 00040328 _____ (McAfee, Inc.) C:\windows\SysWOW64\HIPIS0e011b5.dll 2015-02-19 12:34 - 2010-01-26 07:44 - 00047080 _____ (McAfee, Inc.) C:\windows\system32\HIPIS0e011b5.dll 2015-02-17 16:57 - 2015-02-17 16:57 - 00013502 _____ () C:\Users\rbrinega.ORADEV\Downloads\Fwd Final Notice Cleanup of BugDB Generic Accounts owned by Email - NARASIMHA.GOGINENI@oracle.com.eml 2015-02-13 14:22 - 2015-02-13 14:21 - 00207578 _____ () C:\Users\rbrinega.ORADEV\Documents\PDIT-DS Instance access.csv 2015-02-13 14:20 - 2015-02-13 14:20 - 00022065 _____ () C:\Users\rbrinega.ORADEV\Documents\PDIT-DS Admin Access.csv 2015-02-12 22:46 - 2015-01-12 19:10 - 01190912 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll 2015-02-12 22:46 - 2015-01-12 18:49 - 01011200 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll 2015-02-12 22:46 - 2015-01-06 19:15 - 00104896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mup.sys 2015-02-12 22:46 - 2015-01-06 19:10 - 00782848 _____ (Microsoft Corporation) C:\windows\system32\gpsvc.dll 2015-02-12 22:46 - 2015-01-06 18:44 - 00079872 _____ (Microsoft Corporation) C:\windows\SysWOW64\gpapi.dll 2015-02-12 22:46 - 2015-01-06 17:49 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdbss.sys 2015-02-12 22:46 - 2015-01-06 17:49 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys 2015-02-12 22:46 - 2015-01-06 17:48 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys 2015-02-12 22:46 - 2015-01-06 17:48 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys 2015-02-12 22:46 - 2015-01-06 17:48 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dfsc.sys 2015-02-12 22:45 - 2015-01-15 00:14 - 00155072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys 2015-02-12 22:45 - 2015-01-15 00:14 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys 2015-02-12 22:45 - 2015-01-15 00:09 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll 2015-02-12 22:45 - 2015-01-15 00:09 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll 2015-02-12 22:45 - 2015-01-15 00:09 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe 2015-02-12 22:45 - 2015-01-15 00:09 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll 2015-02-12 22:45 - 2015-01-15 00:09 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll 2015-02-12 22:45 - 2015-01-15 00:08 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe 2015-02-12 22:45 - 2015-01-15 00:06 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll 2015-02-12 22:45 - 2015-01-15 00:06 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll 2015-02-12 22:45 - 2015-01-15 00:04 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll 2015-02-12 22:45 - 2015-01-14 23:42 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe 2015-02-12 22:45 - 2015-01-14 23:42 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll 2015-02-12 22:45 - 2015-01-14 23:41 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll 2015-02-12 22:45 - 2015-01-14 23:39 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll 2015-02-12 22:45 - 2015-01-14 23:39 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll 2015-02-12 22:45 - 2015-01-14 23:37 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll 2015-02-12 22:45 - 2015-01-14 20:22 - 00458824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys 2015-02-12 22:45 - 2015-01-13 19:08 - 17878016 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2015-02-12 22:45 - 2015-01-13 18:49 - 01392128 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2015-02-12 22:45 - 2015-01-13 18:47 - 00599040 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2015-02-12 22:45 - 2015-01-13 18:47 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2015-02-12 22:45 - 2015-01-13 18:45 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2015-02-12 22:45 - 2015-01-13 18:45 - 00282112 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2015-02-12 22:45 - 2015-01-13 18:44 - 02382848 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2015-02-12 22:45 - 2015-01-13 18:44 - 00248320 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2015-02-12 22:45 - 2015-01-13 18:44 - 00096768 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2015-02-12 22:45 - 2015-01-13 17:51 - 12371456 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2015-02-12 22:45 - 2015-01-13 17:42 - 01129472 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2015-02-12 22:45 - 2015-01-13 17:41 - 00421376 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2015-02-12 22:45 - 2015-01-13 17:40 - 02382848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2015-02-12 22:45 - 2015-01-13 17:40 - 00353792 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll 2015-02-12 22:45 - 2015-01-13 17:40 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll 2015-02-12 22:45 - 2015-01-13 17:40 - 00176640 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2015-02-12 22:45 - 2015-01-13 17:40 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2015-02-12 22:44 - 2015-01-13 18:59 - 10924032 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2015-02-12 22:44 - 2015-01-13 18:59 - 00448512 _____ (Microsoft Corporation) C:\windows\system32\html.iec 2015-02-12 22:44 - 2015-01-13 18:49 - 01388032 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2015-02-12 22:44 - 2015-01-13 18:47 - 01494016 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2015-02-12 22:44 - 2015-01-13 18:47 - 00237056 _____ (Microsoft Corporation) C:\windows\system32\url.dll 2015-02-12 22:44 - 2015-01-13 18:46 - 00729088 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2015-02-12 22:44 - 2015-01-13 18:46 - 00173056 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2015-02-12 22:44 - 2015-01-13 18:45 - 02157056 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2015-02-12 22:44 - 2015-01-13 18:44 - 00055296 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll 2015-02-12 22:44 - 2015-01-13 18:44 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe 2015-02-12 22:44 - 2015-01-13 18:44 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe 2015-02-12 22:44 - 2015-01-13 17:49 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec 2015-02-12 22:44 - 2015-01-13 17:46 - 09742336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2015-02-12 22:44 - 2015-01-13 17:43 - 01139712 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2015-02-12 22:44 - 2015-01-13 17:42 - 01427968 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2015-02-12 22:44 - 2015-01-13 17:41 - 01802752 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2015-02-12 22:44 - 2015-01-13 17:41 - 00607744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2015-02-12 22:44 - 2015-01-13 17:41 - 00231936 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll 2015-02-12 22:44 - 2015-01-13 17:41 - 00142848 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe 2015-02-12 22:44 - 2015-01-13 17:41 - 00065024 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2015-02-12 22:44 - 2015-01-13 17:40 - 00041472 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll 2015-02-12 22:44 - 2015-01-13 17:40 - 00011776 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe 2015-02-12 22:44 - 2015-01-13 17:40 - 00010752 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe 2015-02-12 22:43 - 2015-01-13 22:09 - 05554112 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2015-02-12 22:43 - 2015-01-13 22:05 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll 2015-02-12 22:43 - 2015-01-13 22:05 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll 2015-02-12 22:43 - 2015-01-13 22:04 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe 2015-02-12 22:43 - 2015-01-13 21:44 - 03972544 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe 2015-02-12 22:43 - 2015-01-13 21:44 - 03917760 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe 2015-02-12 22:43 - 2015-01-13 21:41 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll 2015-02-12 22:43 - 2014-12-07 19:09 - 00406528 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll 2015-02-12 22:43 - 2014-12-07 18:46 - 00308224 _____ (Microsoft Corporation) C:\windows\SysWOW64\scesrv.dll 2015-02-12 22:42 - 2015-01-08 18:03 - 03201536 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2015-02-12 15:09 - 2015-02-12 15:09 - 00001032 _____ () C:\Users\rbrinega.ORADEV\Documents\Expense Report W40734405 pre.log 2015-02-09 19:41 - 2015-02-09 19:41 - 00001030 _____ () C:\Users\rbrinega.ORADEV\Documents\View Role_ LIBERTE_OPER - Oracle Enterprise Manager.log 2015-02-08 13:21 - 2015-02-08 13:22 - 93427112 _____ (Oracle Corporation) C:\Users\rbrinega.ST-USERS\Downloads\jre-8u31-windows-x64.exe 2015-02-06 18:01 - 2015-02-06 18:01 - 00000218 _____ () C:\Users\rbrinega.ORADEV\.recently-used.xbel 2015-02-06 09:49 - 2013-06-04 17:00 - 00022909 _____ () C:\Users\rbrinega.ORADEV\Documents\grep-v2 2015-02-06 09:30 - 2015-02-06 09:30 - 00001787 _____ () C:\Users\rbrinega.ORADEV\Desktop\Zoom.lnk 2015-02-06 09:30 - 2015-02-06 09:30 - 00000000 ____D () C:\Users\rbrinega.ORADEV\AppData\Roaming\Zoom 2015-02-06 09:30 - 2015-02-06 09:30 - 00000000 ____D () C:\Users\rbrinega.ORADEV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom 2015-02-06 09:29 - 2015-02-06 09:29 - 00133528 _____ (Zoom Video Communications, Inc.) C:\Users\rbrinega.ST-USERS\Downloads\Zoom_launcher.exe 2015-02-04 16:20 - 2015-02-04 16:20 - 01062496 _____ () C:\Users\rbrinega.ST-USERS\Downloads\108012__ryansnook__klaxon4.wav 2015-02-04 09:30 - 2014-03-17 11:48 - 01943329 _____ () C:\Users\rbrinega.ORADEV\Documents\EM12.1.0.4-MonitoringEnhancements4.pptx 2015-02-03 04:50 - 2014-11-07 19:16 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll 2015-02-03 04:50 - 2014-11-07 18:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll 2015-02-02 13:57 - 2015-02-02 13:57 - 00000000 ____D () C:\Users\rbrinega.ORADEV\AppData\Local\Deployment 2015-02-02 13:56 - 2015-02-02 13:56 - 00009004 _____ () C:\Users\rbrinega.ST-USERS\Downloads\RightNow.Installer.application 2015-01-29 18:35 - 2015-01-29 18:35 - 00001075 _____ () C:\Users\rbrinega.ORADEV\Documents\Provider Lookup Online.log 2015-01-26 15:31 - 2015-01-26 15:34 - 85912186 _____ () C:\Users\rbrinega.ST-USERS\Downloads\apex_4.2.6_en.zip ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-23 18:17 - 2011-08-05 10:29 - 00001552 _____ () C:\windows\system32\config\netlogon.ftl 2015-02-23 18:12 - 2014-12-31 12:01 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-23 18:12 - 2014-11-07 15:56 - 00000600 _____ () C:\Users\rbrinega.ORADEV\AppData\Local\PUTTY.RND 2015-02-23 18:12 - 2014-11-07 15:55 - 00000000 ____D () C:\Users\rbrinega.ORADEV\AppData\Roaming\.purple 2015-02-23 17:48 - 2014-03-17 17:33 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2015-02-23 17:28 - 2011-04-15 01:39 - 00000000 ____D () C:\Program Files (x86)\McAfee 2015-02-23 17:27 - 2014-11-14 13:47 - 00000934 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3138815620-4253048750-3916773603-50764UA.job 2015-02-23 17:01 - 2011-08-05 12:18 - 00000000 ____D () C:\Users\rbrinega 2015-02-23 17:01 - 2011-08-05 11:25 - 00000000 ____D () C:\Users\support 2015-02-23 16:58 - 2011-04-15 01:17 - 00000000 ____D () C:\Program Files\Java 2015-02-23 16:57 - 2014-07-22 20:39 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe 2015-02-23 16:57 - 2014-07-22 20:39 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe 2015-02-23 16:57 - 2011-04-15 01:17 - 00000000 ____D () C:\Program Files (x86)\Java 2015-02-23 15:47 - 2011-08-05 10:29 - 01088457 _____ () C:\windows\WindowsUpdate.log 2015-02-23 10:27 - 2014-10-16 13:09 - 00000882 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-22612181-1167196868-26564730-57735Core1cfe98575343649.job 2015-02-23 10:07 - 2009-07-13 20:45 - 00029936 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-23 10:07 - 2009-07-13 20:45 - 00029936 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-23 09:28 - 2014-11-07 14:43 - 00000000 ____D () C:\Program Files\Profile Copier 2015-02-23 09:27 - 2014-12-31 12:01 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-23 09:27 - 2009-07-13 21:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2015-02-23 09:27 - 2009-07-13 20:51 - 00086576 _____ () C:\windows\setupact.log 2015-02-23 09:26 - 2010-11-20 19:47 - 00497132 _____ () C:\windows\PFRO.log 2015-02-21 15:11 - 2009-07-13 21:32 - 00000000 ____D () C:\windows\Offline Web Pages 2015-02-21 01:48 - 2014-03-17 17:33 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2015-02-21 01:48 - 2014-03-17 17:33 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-02-21 01:48 - 2014-03-17 17:33 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater 2015-02-20 16:36 - 2014-11-07 15:55 - 00000600 _____ () C:\Users\rbrinega.ORADEV\PUTTY.RND 2015-02-19 21:13 - 2014-12-31 12:03 - 00002189 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-02-19 17:52 - 2014-11-07 15:55 - 00002603 _____ () C:\Users\rbrinega.ORADEV\Desktop\Google Chrome.lnk 2015-02-19 14:21 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\rescache 2015-02-19 12:34 - 2009-07-13 20:45 - 00400120 _____ () C:\windows\system32\FNTCACHE.DAT 2015-02-19 12:31 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\PolicyDefinitions 2015-02-19 12:30 - 2013-08-07 13:52 - 00000000 ____D () C:\Users\rbrinega.ST-USERS\Documents\SQLDev Stuff 2015-02-16 16:07 - 2014-11-07 15:55 - 00000000 ____D () C:\Users\rbrinega.ORADEV\AppData\Roaming\SQL Developer 2015-02-15 07:50 - 2014-11-07 15:55 - 00002390 _____ () C:\Users\rbrinega.ORADEV\Desktop\Cisco Click to Call.lnk 2015-02-15 07:50 - 2014-11-07 15:55 - 00000000 ____D () C:\Users\rbrinega.ORADEV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cisco Click to Call 2015-02-13 16:50 - 2014-11-07 16:18 - 00000000 ____D () C:\Users\rbrinega.ORADEV\Documents\SQLDev Stuff 2015-02-12 15:09 - 2014-11-07 15:56 - 00006809 _____ () C:\Users\rbrinega.ORADEV\AppData\Roaming\PrimoPDFSet.xml 2015-02-08 13:26 - 2014-11-07 15:51 - 00000000 ____D () C:\Users\rbrinega.ORADEV\AppData\Local\Adobe 2015-02-08 13:23 - 2014-02-18 10:09 - 00111016 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll 2015-02-08 13:23 - 2013-02-07 14:41 - 00191400 _____ (Oracle Corporation) C:\windows\system32\javaw.exe 2015-02-08 13:23 - 2013-02-07 14:41 - 00190888 _____ (Oracle Corporation) C:\windows\system32\java.exe 2015-02-08 13:14 - 2009-07-13 21:13 - 00726444 _____ () C:\windows\system32\PerfStringBackup.INI 2015-02-06 18:01 - 2014-11-07 15:51 - 00000000 ____D () C:\Users\rbrinega.ORADEV 2015-02-05 14:46 - 2014-11-07 15:55 - 00000000 ____D () C:\Users\rbrinega.ORADEV\AppData\Local\gtk-2.0 2015-02-05 01:07 - 2014-12-31 12:01 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-02-05 01:07 - 2014-12-31 12:01 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-02-04 10:22 - 2014-11-14 13:47 - 00003914 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3138815620-4253048750-3916773603-50764UA 2015-02-04 10:22 - 2014-11-14 13:47 - 00003518 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-22612181-1167196868-26564730-57735Core1cfe98575343649 2015-02-03 13:55 - 2013-05-13 11:26 - 00000135 _____ () C:\windows\SysWOW64\WebPageInfo.txt 2015-02-03 13:55 - 2011-05-05 10:44 - 00000151 _____ () C:\windows\RSMInst.log 2015-02-02 13:57 - 2014-11-07 15:55 - 00000000 ____D () C:\Users\rbrinega.ORADEV\AppData\Local\Apps\2.0 2015-02-02 05:30 - 2011-04-15 01:45 - 00143552 _____ (McAfee, Inc.) C:\windows\SysWOW64\KevlarSigs.dll 2015-01-28 15:39 - 2013-03-06 09:32 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-01-28 14:00 - 2014-11-07 15:56 - 00003135 _____ () C:\Users\rbrinega.ORADEV\Downloads\untitled.txt ==================== Files in the root of some directories ======= 2015-02-23 09:19 - 2015-02-23 09:19 - 6111012 _____ () C:\Program Files (x86)\delme.zip 2014-11-07 15:56 - 2015-02-12 15:09 - 0006809 _____ () C:\Users\rbrinega.ORADEV\AppData\Roaming\PrimoPDFSet.xml 2015-02-20 16:12 - 2015-02-20 16:12 - 0000046 _____ () C:\Users\rbrinega.ORADEV\AppData\Roaming\WB.CFG 2014-11-07 15:56 - 2015-02-23 18:12 - 0000600 _____ () C:\Users\rbrinega.ORADEV\AppData\Local\PUTTY.RND 2014-11-07 15:56 - 2012-07-02 08:41 - 0007627 _____ () C:\Users\rbrinega.ORADEV\AppData\Local\Resmon.ResmonCfg 2012-04-21 21:44 - 2012-04-21 21:44 - 0000057 _____ () C:\ProgramData\Ament.ini 2013-06-28 12:10 - 2013-06-28 12:10 - 0002082 _____ () C:\ProgramData\regid.2002-12.it.k-sol,projectreader_ADBA5736-2070-4B17-8489-5EE61980C4CE.swidtag 2011-09-23 14:44 - 2011-09-23 14:44 - 0001160 _____ () C:\ProgramData\tmp2B2D.log 2011-09-23 14:44 - 2011-09-23 14:44 - 0512078 _____ () C:\ProgramData\tmp2B2D.tmp 2011-09-23 14:39 - 2011-09-23 14:39 - 0001152 _____ () C:\ProgramData\tmp836A.log 2011-09-23 14:39 - 2011-09-23 14:39 - 0431498 _____ () C:\ProgramData\tmp836A.tmp Some content of TEMP: ==================== C:\Users\rbrinega\AppData\Local\Temp\CFGDOM.exe C:\Users\rbrinega\AppData\Local\Temp\rebootnt.exe C:\Users\rbrinega.ORADEV\AppData\Local\Temp\inetutil.dll C:\Users\rbrinega.ORADEV\AppData\Local\Temp\optprosetup.exe C:\Users\rbrinega.ORADEV\AppData\Local\Temp\q8hd4pgd.dll C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\20130918095327393jniverify.dll C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\CSDJavaInstaller.dll C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\DocumentFormat.OpenXml.dll C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\i4jdel0.exe C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\IKVM.OpenJDK.Core.dll C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\IKVM.OpenJDK.Security.dll C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\IKVM.OpenJDK.SwingAWT.dll C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\IKVM.OpenJDK.Text.dll C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\IKVM.OpenJDK.Util.dll C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\IKVM.OpenJDK.XML.API.dll C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\IKVM.OpenJDK.XML.Bind.dll C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\IKVM.Runtime.dll C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\InstallAX_11_7_700_202.exe C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\InstallPlugin_11_7_700_202.exe C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\Microsoft.Practices.EnterpriseLibrary.Common.dll C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\Microsoft.Practices.EnterpriseLibrary.Logging.dll C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\Microsoft.Practices.ServiceLocation.dll C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\Microsoft.Practices.Unity.dll C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\Microsoft.Practices.Unity.Interception.dll C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\mpxj.dll C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\poi-3.6-20091214.dll C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\ProjectLibrary.dll C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\ProjectViewer.exe C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\pslist.exe C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\Ricciolo.Controls.TreeListView.dll C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\System.Windows.Interactivity.dll C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\unzip.exe C:\Users\rbrinega.ST-USERS\AppData\Local\Temp\WPFToolkit.Extended.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-23 00:23 ==================== End Of Log ============================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.