Jump to content

After scanning with Malwarebytes my excel file is corrupted


Recommended Posts

Yesterday I used MalwareBytes to remove a Win7 defender Firewall alert virus. Now that I have removed it the most recent file i had been working on ( part of my thesis with many hours of work involved) will no longer open and is corrupt. I have tried repairing it, opening it in other programs and saving it to other formats to no success.

Any help you can provide would be greatly appreciated!

The DDS.txt and Attach.txt are below in that order

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.7.2

Run by rworsman89 at 14:13:30 on 2013-01-01

Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3819.2031 [GMT -5:00]

.

.

============== Running Processes ===============

.

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\ibmpmsvc.exe

C:\windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k GPSvcGroup

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\windows\system32\nvvsvc.exe

C:\windows\System32\spoolsv.exe

C:\windows\System32\svchost.exe -k NetworkService

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe

C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe

C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\windows\system32\mfevtps.exe

C:\windows\system32\svchost.exe -k regsvc

C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe

C:\windows\ccmsetup\ccmsetup.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe

C:\windows\system32\wbem\unsecapp.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\rundll32.exe

C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE

C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\windows\system32\sppsvc.exe

C:\Program Files (x86)\Lenovo\System Update\SUService.exe

C:\windows\system32\igfxext.exe

C:\windows\system32\igfxsrvc.exe

C:\windows\system32\SearchIndexer.exe

C:\Windows\RAVCpl64.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\windows\SysWOW64\rundll32.exe

C:\windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\rworsman89\AppData\Local\Akamai\netsession_win.exe

C:\Users\rworsman89\AppData\Local\Akamai\netsession_win.exe

C:\Users\rworsman89\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe

C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe

C:\Windows\SysWOW64\rundll32.exe

C:\windows\system32\rundll32.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

C:\Program Files (x86)\McAfee\Common Framework\McTray.exe

C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE

C:\windows\explorer.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE

C:\windows\system32\svchost.exe -k SDRSVC

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\windows\servicing\TrustedInstaller.exe

C:\windows\system32\taskeng.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearch Bar = Preserve

uDefault_Page_URL = hxxp://www.wpi.edu/

uProxyOverride = <local>

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120613091231.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [Akamai NetSession Interface] "C:\Users\rworsman89\AppData\Local\Akamai\netsession_win.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

mRun: [shStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun: [Communicator] "C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe" /fromrunkey

mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

mRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe

mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor

mRun: [sDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"

StartupFolder: C:\Users\RWORSM~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\rworsman89\AppData\Roaming\Dropbox\bin\Dropbox.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: NoSMConfigurePrograms = dword:1

uPolicies-Explorer: ForceStartMenuLogOff = dword:1

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

mPolicies-System: dontdisplaylastusername = dword:1

mPolicies-System: legalnoticecaption = WPI Administrative System - Authorized Use Only

mPolicies-System: legalnoticetext = Use of this system is governed by the WPI Acceptable Use Policy (AUP) found at http://www.wpi.edu/+AUP. Unauthorized access is strictly prohibited.

mPolicies-Windows\System: AllowX-ForestPolicy-and-RUP = dword:1

mPolicies-Windows\System: UserPolicyMode = dword:1

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll

DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} - hxxp://site.ebrary.com/lib/anysite/support/plugins/ebraryRdr.cab

DPF: {106E49CF-797A-11D2-81A2-00E02C015623} - hxxp://www.alternatiff.com/distribution/alternatiff-ax-w32-2.0.1.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

DPF: {D0659405-AD2E-4195-B67E-8B3AC42D763E} - hxxps://qbo.intuit.com/c5/v42.146/qboax11.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab

TCP: NameServer = 156.154.119.11 156.154.129.11 192.168.1.1

TCP: Interfaces\{B690CFFB-F4EA-42D8-A5D3-76FD86DC3001} : DHCPNameServer = 156.154.119.11 156.154.129.11 192.168.1.1

TCP: Interfaces\{DFDD00D3-3CDC-4BFF-BBB5-7FF6AA2D6877} : DHCPNameServer = 130.215.32.18 130.215.39.18 130.215.5.18

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

AppInit_DLLs= C:\windows\SysWOW64\nvinit.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

x64-mWinlogon: Userinit = userinit.exe,

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120613091231.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [Apoint] T.EXE

x64-Run: [synTPEnh] H.EXE

x64-Run: [igfxTray] DOWS\SYSTEM32\IGFXTRAY.EXE

x64-Run: [HotKeysCmds] DOWS\SYSTEM32\HKCMD.EXE

x64-Run: [Persistence] DOWS\SYSTEM32\IGFXPERS.EXE

x64-Run: [RtHDVCpl] RAVCpl64.exe

x64-Run: [skytel] Skytel.exe

x64-Run: [nwiz] STALLQUIET

x64-Run: [dshat] rundll32.exe "C:\Users\rworsman89\AppData\Roaming\dshat.dll",TextureKey

x64-Run: [uinca] "C:\windows\System32\rundll32.exe" "C:\Users\rworsman89\AppData\Roaming\uinca.dll",SimpleParseStringFlags

x64-Run: [wiefi] "C:\windows\System32\rundll32.exe" "C:\Users\rworsman89\AppData\Roaming\wiefi.dll",Iter_Next

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

x64-DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-SSODL: WebCheck - <orphaned>

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 aac;Adaptec RAID Miniport Driver;C:\windows\System32\drivers\aac.sys [2009-9-30 58880]

R0 DzHDD64;DzHDD64;C:\windows\System32\drivers\DZHDD64.SYS [2012-10-2 29512]

R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\windows\System32\drivers\iusb3hcs.sys [2012-10-2 19224]

R0 mfehidk;McAfee Inc. mfehidk;C:\windows\System32\drivers\mfehidk.sys [2011-6-22 642952]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\System32\drivers\mfewfpk.sys [2011-6-22 283744]

R0 nvpciflt;nvpciflt;C:\windows\System32\drivers\nvpciflt.sys [2012-10-3 30056]

R1 nvkflt;nvkflt;C:\windows\System32\drivers\nvkflt.sys [2012-10-3 284008]

R2 ccmsetup;ccmsetup;C:\Windows\ccmsetup\ccmsetup.exe [2012-10-2 611168]

R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2012-10-2 101736]

R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2012-10-2 133992]

R2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2011-1-12 120128]

R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-6-22 199008]

R2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [2011-1-12 209760]

R2 mfevtp;McAfee Validation Trust Protection Service;C:\windows\System32\mfevtps.exe [2011-6-22 158832]

R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-12-21 1103392]

R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-12-21 1369624]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-8-18 382312]

R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2012-10-2 145256]

R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2012-10-2 144960]

R3 5U877;5U877;C:\windows\System32\drivers\5U877.sys [2012-10-2 216704]

R3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2012-10-2 320576]

R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\windows\System32\drivers\iusb3hub.sys [2012-10-2 356632]

R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\windows\System32\drivers\iusb3xhc.sys [2012-10-2 789272]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\System32\drivers\mfeavfk.sys [2011-6-22 228752]

R3 NETwNv64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\windows\System32\drivers\NETwNv64.sys [2012-1-17 8399360]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-12-21 168384]

S3 dmvsc;dmvsc;C:\windows\System32\drivers\dmvsc.sys [2010-11-21 71168]

S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\windows\System32\drivers\e1k62x64.sys [2010-7-12 301232]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-11-12 1432400]

S3 HECIx64;Intel® Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2012-8-6 60184]

S3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2011-5-6 158976]

S3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-5-6 317440]

S3 mferkdet;McAfee Inc. mferkdet;C:\windows\System32\drivers\mferkdet.sys [2011-6-22 100904]

S3 NWDellPort;Dell Wireless Mobile Broadband Status Port Driver;C:\windows\System32\drivers\nwdelser.sys [2009-9-30 203392]

S3 NWDellPort2;Dell Wireless Mobile Broadband Status2 Port Driver;C:\windows\System32\drivers\nwdelser2.sys [2009-9-30 203392]

S3 O2MDFRDR;O2MDFRDR;C:\windows\System32\drivers\o2mdfxpx64.sys [2011-5-6 71968]

S3 O2MDRRDR;O2MDRRDR;C:\windows\System32\drivers\O2MDRvstx64.sys [2011-5-6 75112]

S3 O2SDJRDR;O2SDJRDR;C:\windows\System32\drivers\o2sdjw7x64.sys [2011-5-6 83560]

S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2012-10-2 1662560]

S3 prl_mouf;Parallels Mouse Synchronization Device;C:\windows\System32\drivers\prl_mouf.sys [2009-12-16 19272]

S3 prl_pv64;prl_pv64;C:\windows\System32\drivers\prl_pv64.sys [2009-12-16 109896]

S3 prl_tg;prl_tg;C:\windows\System32\drivers\prl_tg.sys [2009-12-16 25288]

S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2012-10-2 1665120]

S3 QCFilterhp;HP USB Composite Device Filter Driver;C:\windows\System32\drivers\qcfilterhp.sys [2009-9-30 6528]

S3 qcusbserhp;HP USB Device for Legacy Serial Communication;C:\windows\System32\drivers\qcusbserhp.sys [2009-9-30 103680]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2012-11-13 19456]

S3 StorSvc;Storage Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]

S3 terminpt;Microsoft Remote Desktop Input Driver;C:\windows\System32\drivers\terminpt.sys [2012-11-13 29696]

S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2012-11-13 57856]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2012-11-13 30208]

S3 tsusbhub;Remote Deskotop USB Hub;C:\windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]

S3 wacmoumonitor;Wacom Mode Helper;C:\windows\System32\drivers\wacmoumonitor.sys [2011-1-4 18216]

S3 wacomhidfilter;Wacom HID Filter;C:\windows\System32\drivers\wacomhidfilter.sys [2011-1-4 12968]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-6-21 1255736]

.

=============== Created Last 30 ================

.

2012-12-31 20:00:58 -------- d-----w- C:\Users\rworsman89\AppData\Roaming\Autodesk Navisworks Freedom 2013

2012-12-31 20:00:58 -------- d-----w- C:\ProgramData\Autodesk Navisworks Freedom 2013

2012-12-31 19:20:17 -------- d-----w- C:\Users\rworsman89\AppData\Roaming\Malwarebytes

2012-12-31 19:20:09 24176 ----a-w- C:\windows\System32\drivers\mbam.sys

2012-12-31 19:20:09 -------- d-----w- C:\ProgramData\Malwarebytes

2012-12-31 19:20:09 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-12-31 18:21:15 302080 ----a-w- C:\Users\rworsman89\AppData\Roaming\wiefi.dll

2012-12-31 18:20:53 588800 ----a-w- C:\Users\rworsman89\AppData\Roaming\uinca.dll

2012-12-31 18:20:02 175616 ----a-w- C:\Users\rworsman89\AppData\Roaming\dshat.dll

2012-12-21 19:30:42 258048 ----a-w- C:\windows\System32\Spool\prtprocs\x64\hpfppw73.dll

2012-12-21 18:04:18 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2012-12-21 18:04:09 17272 ----a-w- C:\windows\System32\sdnclean64.exe

2012-12-21 18:04:03 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2

2012-12-21 18:03:09 -------- d-----w- C:\Users\rworsman89\AppData\Local\Programs

2012-12-17 19:51:39 3149824 ----a-w- C:\windows\System32\win32k.sys

2012-12-17 19:50:28 46080 ----a-w- C:\windows\System32\atmlib.dll

2012-12-17 19:50:28 367616 ----a-w- C:\windows\System32\atmfd.dll

2012-12-17 19:50:28 34304 ----a-w- C:\windows\SysWow64\atmlib.dll

2012-12-17 19:50:27 295424 ----a-w- C:\windows\SysWow64\atmfd.dll

2012-12-17 19:49:27 16384 ----a-w- C:\windows\System32\ntvdm64.dll

2012-12-17 19:49:27 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll

2012-12-17 19:47:59 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

2012-12-17 19:46:01 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb

2012-12-17 19:46:01 2382848 ----a-w- C:\windows\System32\mshtml.tlb

2012-12-11 22:04:23 -------- d-----w- C:\Users\rworsman89\AppData\Local\Microsoft Help

2012-12-08 17:41:47 -------- d-----w- C:\found.000

2012-12-06 16:39:36 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A4542B2B-4203-4D01-9C41-29764D4CC8F1}\mpengine.dll

2012-12-06 14:18:05 -------- d-----w- C:\windows\pss

.

==================== Find3M ====================

.

2012-12-11 18:40:26 73656 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-11 18:40:26 697272 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2012-12-05 13:59:17 544240 ----a-w- C:\windows\System32\npdeployJava1.dll

2012-12-05 13:59:17 525808 ----a-w- C:\windows\System32\deployJava1.dll

2012-11-14 06:11:44 2312704 ----a-w- C:\windows\System32\jscript9.dll

2012-11-14 06:04:11 1392128 ----a-w- C:\windows\System32\wininet.dll

2012-11-14 06:02:49 1494528 ----a-w- C:\windows\System32\inetcpl.cpl

2012-11-14 05:57:46 599040 ----a-w- C:\windows\System32\vbscript.dll

2012-11-14 05:57:35 173056 ----a-w- C:\windows\System32\ieUnatt.exe

2012-11-14 02:09:22 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- C:\windows\SysWow64\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- C:\windows\SysWow64\vbscript.dll

2012-11-02 05:59:11 478208 ----a-w- C:\windows\System32\dpnet.dll

2012-11-02 05:11:31 376832 ----a-w- C:\windows\SysWow64\dpnet.dll

2012-10-04 18:01:02 95208 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-10-04 18:00:58 821736 ----a-w- C:\windows\SysWow64\npdeployJava1.dll

2012-10-04 18:00:58 746984 ----a-w- C:\windows\SysWow64\deployJava1.dll

2012-10-04 17:59:13 60304 ----a-w- C:\Users\rworsman89\g2mdlhlpx.exe

2012-10-04 17:46:16 362496 ----a-w- C:\windows\System32\wow64win.dll

2012-10-04 17:46:15 243200 ----a-w- C:\windows\System32\wow64.dll

2012-10-04 17:46:15 13312 ----a-w- C:\windows\System32\wow64cpu.dll

2012-10-04 17:45:55 215040 ----a-w- C:\windows\System32\winsrv.dll

2012-10-04 17:41:16 424960 ----a-w- C:\windows\System32\KernelBase.dll

2012-10-04 16:47:41 5120 ----a-w- C:\windows\SysWow64\wow32.dll

2012-10-04 16:47:41 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll

2012-10-04 15:23:32 98304 ----a-w- C:\windows\SysWow64\bsreffs.dll

2012-10-04 15:23:32 90112 ----a-w- C:\windows\SysWow64\bsrlback.dll

2012-10-04 15:23:31 81920 ----a-w- C:\windows\SysWow64\bsrgvas.dll

2012-10-04 15:23:31 692224 ----a-w- C:\windows\SysWow64\bsrmgcv.dll

2012-10-04 15:23:31 192512 ----a-w- C:\windows\SysWow64\bsrmgps.dll

2012-10-04 15:23:07 585728 ----a-w- C:\windows\SysWow64\bsratswf.dll

2012-10-04 15:23:07 147456 ----a-w- C:\windows\SysWow64\bsratwmv.dll

2012-10-04 15:21:55 338432 ----a-w- C:\windows\System32\conhost.exe

2012-10-04 14:46:46 7680 ----a-w- C:\windows\SysWow64\instnm.exe

2012-10-04 14:46:46 25600 ----a-w- C:\windows\SysWow64\setup16.exe

2012-10-04 14:46:43 2048 ----a-w- C:\windows\SysWow64\user.exe

2012-10-04 14:41:50 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-10-04 14:41:50 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-10-04 14:41:50 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-10-04 14:41:50 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

.

============= FINISH: 14:18:01.22 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Enterprise

Boot Device: \Device\HarddiskVolume1

Install Date: 10/1/2012 9:58:57 AM

System Uptime: 1/1/2013 1:45:17 PM (1 hours ago)

.

Motherboard: LENOVO | | 2394CTO

Processor: Intel® Core i5-3360M CPU @ 2.80GHz | CPU Socket - U3E1 | 2801/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 298 GiB total, 231.607 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft Teredo Tunneling Adapter

Device ID: ROOT\*TEREDO\0000

Manufacturer: Microsoft

Name: Microsoft Teredo Tunneling Adapter

PNP Device ID: ROOT\*TEREDO\0000

Service: tunnel

.

Class GUID:

Description: Base System Device

Device ID: PCI\VEN_1180&DEV_E823&SUBSYS_21F617AA&REV_05\4&CDC17AF&0&00E0

Manufacturer:

Name: Base System Device

PNP Device ID: PCI\VEN_1180&DEV_E823&SUBSYS_21F617AA&REV_05\4&CDC17AF&0&00E0

Service:

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

7-Zip 9.20 (x64 edition)

AC3Filter 1.63b

Adobe Acrobat X Pro

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Shockwave Player 11.6

Akamai NetSession Interface

Apple Application Support

Apple Software Update

Autodesk Design Review 2013

Autodesk Material Library 2013

Autodesk Material Library Base Resolution Image Library 2013

Autodesk Material Library Low Resolution Image Library 2013

Autodesk Material Library Medium Resolution Image Library 2013

Autodesk Navisworks 2013 32 bit Exporter Plug-ins

Autodesk Navisworks 2013 32 bit Exporter Plug-ins English Language Pack

Autodesk Navisworks 2013 64 bit Exporter Plug-ins

Autodesk Navisworks 2013 64 bit Exporter Plug-ins English Language Pack

Autodesk Navisworks Freedom 2013

Autodesk Navisworks Freedom 2013 English Language Pack

Autodesk Navisworks Manage 2013

Autodesk Navisworks Manage 2013 - 2008 DWG File Reader

Autodesk Navisworks Manage 2013 - 2009 DWG File Reader

Autodesk Navisworks Manage 2013 - 2010 DWG File Reader

Autodesk Navisworks Manage 2013 - 2011 DWG File Reader

Autodesk Navisworks Manage 2013 - 2012 DWG File Reader

Autodesk Navisworks Manage 2013 - 2013 DWG File Reader

Autodesk Navisworks Manage 2013 English Language Pack

Autodesk Revit 2013

BSR Screen Recorder 6

CDBurnerXP

Compatibility Pack for the 2007 Office system

Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dell Touchpad

DG2002

Dropbox

EverFE version 2.25

FARO LS 1.1.408.2

FARO LS 4.8.2.25521

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

GoToMeeting 5.1.0.880

Integrated Camera Driver Installer Package Ver.1.2.1.18

Intel® USB 3.0 eXtensible Host Controller Driver

Java 7 Update 7

Java Auto Updater

Java 6 Update 37

Java 6 Update 37 (64-bit)

Juniper Networks Network Connect 7.2.0

Juniper Networks, Inc. Setup Client

Juniper Networks, Inc. Setup Client 64-bit Activex Control

Juniper Networks, Inc. Setup Client Activex Control

Lenovo Auto Scroll Utility

Lenovo Patch Utility

Lenovo Patch Utility 64 bit

Lenovo Power Management Driver

Malwarebytes Anti-Malware version 1.70.0.1100

McAfee Agent

McAfee VirusScan Enterprise

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Application Virtualization Desktop Client

Microsoft Conferencing Add-in for Microsoft Office Outlook

Microsoft Office 2010 Language Pack Service Pack 1 (SP1)

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Communicator 2007 R2

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office Live Meeting 2007

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Project MUI (English) 2010

Microsoft Office Project Professional 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Visio 2010

Microsoft Office Visio MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Project 2010 Service Pack 1 (SP1)

Microsoft Project Professional 2010

Microsoft Silverlight

Microsoft Text-to-Speech Engine 4.0 (English)

Microsoft Visio 2010 Service Pack 1 (SP1)

Microsoft Visio Premium 2010

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2008 x64 ATL Runtime 9.0.30729

Microsoft Visual C++ 2008 x64 CRT Runtime 9.0.30729

Microsoft Visual C++ 2008 x64 MFC Runtime 9.0.30729

Microsoft Visual C++ 2008 x64 OpenMP Runtime 9.0.30729

Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729

Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729

Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729

Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft WSE 3.0

NVIDIA 3D Vision Driver 305.93

NVIDIA Control Panel 305.93

NVIDIA Graphics Driver 305.93

NVIDIA HD Audio Driver 1.3.18.0

NVIDIA Install Application

NVIDIA nView 136.49

NVIDIA Optimus 1.10.8

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 1.10.8

NVIDIA Update Components

On Screen Display

Oracle 11G Instant Client

Power Manager

PowerDVD DX

Previous Versions Client

PuTTY version 0.62

QuickTime

ReadPlease 2003/ReadPlease PLUS 2003

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek High Definition Audio Driver

RealUpgrade 1.1

Revit 2013

Revit 2013 Language Pack - English

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio 2010 (KB2597171) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

Spybot - Search & Destroy

swMSM

Synaptics Pointing Device Driver

System Update

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177

Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177

WinSCP 4.3.7

Xvid Video Codec

.

==== Event Viewer Messages From Past Week ========

.

12/31/2012 2:33:37 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

12/31/2012 2:31:28 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: hpdskflt

12/31/2012 1:58:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

12/31/2012 1:58:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

12/31/2012 1:58:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

12/31/2012 1:58:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

12/31/2012 1:58:04 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

12/31/2012 1:56:04 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr TPPWRIF Wanarpv6

12/31/2012 1:56:00 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

12/31/2012 1:38:15 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

12/31/2012 1:38:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

12/31/2012 1:38:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

12/31/2012 1:37:32 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache mfehidk NetBIOS NetBT nsiproxy Psched rdbss spldr tdx TPPWRIF Wanarpv6 WfpLwf

12/31/2012 1:37:32 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

12/31/2012 1:37:32 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

12/31/2012 1:37:32 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

12/31/2012 1:37:32 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

12/31/2012 1:37:32 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

12/31/2012 1:37:32 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

12/31/2012 1:37:32 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

12/31/2012 1:37:32 PM, Error: Service Control Manager [7001] - The Netlogon service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.

12/31/2012 1:37:32 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.

12/31/2012 1:37:32 PM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.

12/31/2012 1:37:32 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

12/31/2012 1:37:32 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

12/31/2012 1:24:50 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {0002DF01-0000-0000-C000-000000000046}. The error: "5" Happened while starting this command: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -Embedding

12/29/2012 3:02:09 PM, Error: Service Control Manager [7000] - The Power Manager DBC Service service failed to start due to the following error: The pipe has been ended.

12/26/2012 12:06:01 PM, Error: NETLOGON [5783] - The session setup to the Windows NT or Windows 2000 Domain Controller \\DC-03.admin.wpi.edu for the domain ADMIN is not responsive. The current RPC call from Netlogon on \\CEE-NB25 to \\DC-03.admin.wpi.edu has been cancelled.

1/1/2013 1:51:49 PM, Error: Microsoft-Windows-GroupPolicy [1053] - The processing of Group Policy failed. Windows could not resolve the user name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

1/1/2013 1:46:39 PM, Error: Microsoft-Windows-GroupPolicy [1055] - The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

1/1/2013 1:46:18 PM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain ADMIN due to the following: The RPC server is unavailable. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.

1/1/2013 1:45:44 PM, Error: Service Control Manager [7003] - The Spybot-S&D 2 Security Center Service service depends the following service: wscsvc. This service might not be installed.

1/1/2013 1:45:36 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

1/1/2013 1:45:35 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

1/1/2013 1:45:33 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

1/1/2013 1:45:33 PM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain ADMIN due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.

1/1/2013 1:45:17 PM, Error: hpdskflt [1001] -

1/1/2013 1:10:14 PM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

.

==== End Of File ===========================

Link to post
Share on other sites

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

  • Ensure that Combofix is saved directly to the Desktop <--- Very important
  • Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
  • Close any open browsers and any other programs you might have running
  • Double click the combofix.gif icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
  • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended.

*EXTRA NOTES*

  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin

Link to post
Share on other sites

Kevin,

First of all thank you for your help!!

I followed the steps you outlined and the combofix log is below.

ComboFix 13-01-01.02 - rworsman89 01/01/2013 15:32:45.1.4 - x64

Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3819.2172 [GMT -5:00]

Running from: c:\users\rworsman89\Downloads\ComboFix.exe

* Created a new restore point

* Resident AV is active

.

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\rworsman89\AppData\Roaming\dshat.dll

c:\users\rworsman89\AppData\Roaming\uinca.dll

c:\users\rworsman89\AppData\Roaming\wiefi.dll

c:\users\rworsman89\g2mdlhlpx.exe

c:\windows\wininit.ini

.

.

((((((((((((((((((((((((( Files Created from 2012-12-01 to 2013-01-01 )))))))))))))))))))))))))))))))

.

.

2013-01-01 20:37 . 2013-01-01 20:41 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-01-01 20:37 . 2013-01-01 20:37 -------- d-----w- c:\users\prr\AppData\Local\temp

2013-01-01 20:37 . 2013-01-01 20:37 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-01-01 20:37 . 2013-01-01 20:37 -------- d-----w- c:\users\cccservice\AppData\Local\temp

2012-12-31 20:00 . 2012-12-31 20:01 -------- d-----w- c:\users\rworsman89\AppData\Roaming\Autodesk Navisworks Freedom 2013

2012-12-31 20:00 . 2012-12-31 20:01 -------- d-----w- c:\programdata\Autodesk Navisworks Freedom 2013

2012-12-31 19:20 . 2012-12-31 19:20 -------- d-----w- c:\users\rworsman89\AppData\Roaming\Malwarebytes

2012-12-31 19:20 . 2012-12-31 19:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-12-31 19:20 . 2012-12-31 19:20 -------- d-----w- c:\programdata\Malwarebytes

2012-12-31 19:20 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-21 19:30 . 2009-07-14 01:41 258048 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpfppw73.dll

2012-12-21 18:04 . 2013-01-01 20:27 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-12-21 18:04 . 2009-01-25 17:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe

2012-12-21 18:04 . 2012-12-21 18:04 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2

2012-12-21 18:03 . 2012-12-21 18:03 -------- d-----w- c:\users\rworsman89\AppData\Local\Programs

2012-12-17 19:51 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys

2012-12-17 19:50 . 2012-11-05 21:35 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-17 19:50 . 2012-11-05 20:41 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-17 19:50 . 2012-11-05 20:32 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-17 19:50 . 2012-11-05 20:32 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-17 19:49 . 2012-10-04 17:43 16384 ----a-w- c:\windows\system32\ntvdm64.dll

2012-12-17 19:49 . 2012-10-04 14:46 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2012-12-17 19:47 . 2012-10-04 17:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2012-12-17 19:46 . 2012-11-14 05:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-12-17 19:46 . 2012-11-14 01:44 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-12-17 19:46 . 2012-11-14 05:53 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-12-11 22:04 . 2012-12-11 22:04 -------- d-----w- c:\users\rworsman89\AppData\Local\Microsoft Help

2012-12-08 17:41 . 2012-12-29 16:07 -------- d-----w- C:\found.000

2012-12-06 16:39 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A4542B2B-4203-4D01-9C41-29764D4CC8F1}\mpengine.dll

2012-12-06 14:14 . 2012-12-06 14:14 -------- d-----w- c:\users\cccservice\AppData\Roaming\PwrMgr

2012-12-06 14:12 . 2012-12-06 14:12 -------- d-----w- c:\users\cccservice\AppData\Local\Lenovo

2012-12-05 13:59 . 2012-12-05 13:59 191984 ----a-w- c:\windows\system32\javaws.exe

2012-12-05 13:59 . 2012-12-05 13:59 172528 ----a-w- c:\windows\system32\javaw.exe

2012-12-05 13:59 . 2012-12-05 13:59 172528 ----a-w- c:\windows\system32\java.exe

2012-12-05 13:59 . 2012-12-05 13:59 -------- d-----w- c:\program files\Java

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-11 18:40 . 2012-06-13 13:19 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-12-11 18:40 . 2011-06-22 15:24 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-05 13:59 . 2012-06-13 13:21 544240 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-12-05 13:59 . 2011-06-22 15:30 525808 ----a-w- c:\windows\system32\deployJava1.dll

2012-10-04 18:01 . 2012-10-04 18:01 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-10-04 18:00 . 2012-06-13 13:20 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-10-04 18:00 . 2011-12-09 16:48 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-10-04 16:40 . 2012-12-17 19:47 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-10-04 15:44 . 2012-10-04 15:44 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2012-10-04 15:44 . 2012-10-04 15:44 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2012-10-04 15:44 . 2012-10-04 15:44 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2012-10-04 15:44 . 2012-10-04 15:44 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-10-04 15:23 . 2012-10-04 15:23 98304 ----a-w- c:\windows\SysWow64\bsreffs.dll

2012-10-04 15:23 . 2012-10-04 15:23 90112 ----a-w- c:\windows\SysWow64\bsrlback.dll

2012-10-04 15:23 . 2012-10-04 15:23 81920 ----a-w- c:\windows\SysWow64\bsrgvas.dll

2012-10-04 15:23 . 2012-10-04 15:23 692224 ----a-w- c:\windows\SysWow64\bsrmgcv.dll

2012-10-04 15:23 . 2012-10-04 15:23 192512 ----a-w- c:\windows\SysWow64\bsrmgps.dll

2012-10-04 15:23 . 2012-10-04 15:23 585728 ----a-w- c:\windows\SysWow64\bsratswf.dll

2012-10-04 15:23 . 2012-10-04 15:23 147456 ----a-w- c:\windows\SysWow64\bsratwmv.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\rworsman89\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\rworsman89\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\rworsman89\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\rworsman89\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-11-12 39408]

"Akamai NetSession Interface"="c:\users\rworsman89\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-07-27 36800]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-07-27 823224]

"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2011-01-12 161088]

"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-01-12 215360]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-06-13 296056]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]

"Communicator"="c:\program files (x86)\Microsoft Office Communicator\communicator.exe" [2012-07-30 5164632]

"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-04-19 291608]

"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]

"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2012-05-16 5941344]

"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]

.

c:\users\rworsman89\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\rworsman89\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-28 28539392]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMConfigurePrograms"= 1 (0x1)

"ForceStartMenuLogOff"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1029987154-1330733110-326569147-6699\Scripts\Logon\0\0]

"Script"=UserCustomZoneMap.vbs

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1029987154-1330733110-326569147-6699\Scripts\Logon\1\0]

"Script"=replace uniprint printers.vbs

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1029987154-1330733110-326569147-6699\Scripts\Logon\2\0]

"Script"=install.vbs

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1029987154-1330733110-326569147-6699\Scripts\Logon\3\0]

"Script"=Pop-up Blocker Settings.vbs

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1029987154-1330733110-326569147-72359\Scripts\Logon\0\0]

"Script"=UserCustomZoneMap.vbs

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1029987154-1330733110-326569147-72359\Scripts\Logon\1\0]

"Script"=replace uniprint printers.vbs

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1029987154-1330733110-326569147-72359\Scripts\Logon\2\0]

"Script"=install.vbs

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1029987154-1330733110-326569147-72359\Scripts\Logon\3\0]

"Script"=Pop-up Blocker Settings.vbs

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]

R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2012-05-16 320576]

R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2010-04-06 301232]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-11-12 1432400]

R3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2011-11-10 60184]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]

R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-06-13 100904]

R3 NWDellPort;Dell Wireless Mobile Broadband Status Port Driver;c:\windows\system32\drivers\nwdelser.sys [2007-11-02 203392]

R3 NWDellPort2;Dell Wireless Mobile Broadband Status2 Port Driver;c:\windows\system32\drivers\nwdelser2.sys [2007-11-02 203392]

R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFxpx64.sys [2011-01-04 71968]

R3 O2MDRRDR;O2MDRRDR;c:\windows\system32\drivers\O2MDRvstx64.sys [2011-01-03 75112]

R3 O2SDJRDR;O2SDJRDR;c:\windows\system32\drivers\o2sdjw7x64.sys [2011-03-23 83560]

R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2012-05-16 1662560]

R3 prl_mouf;Parallels Mouse Synchronization Device;c:\windows\system32\drivers\prl_mouf.sys [2009-11-02 19272]

R3 prl_pv64;prl_pv64;c:\windows\system32\drivers\prl_pv64.sys [2009-11-02 109896]

R3 prl_tg;prl_tg;c:\windows\system32\drivers\prl_tg.sys [2009-11-02 25288]

R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2012-05-16 1665120]

R3 QCFilterhp;HP USB Composite Device Filter Driver;c:\windows\system32\drivers\qcfilterhp.sys [2008-06-09 6528]

R3 qcusbserhp;HP USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbserhp.sys [2008-06-09 103680]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]

R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 88960]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-08-23 29696]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]

R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-01-24 18216]

R3 wacomhidfilter;Wacom HID Filter;c:\windows\system32\drivers\wacomhidfilter.sys [2008-08-27 12968]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-21 1255736]

S0 aac;Adaptec RAID Miniport Driver;c:\windows\system32\drivers\aac.sys [2007-09-20 58880]

S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [2012-05-16 29512]

S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys [2012-04-19 19224]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-06-13 283744]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-08-18 30056]

S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [2012-08-18 284008]

S2 ccmsetup;ccmsetup;c:\windows\ccmsetup\ccmsetup.exe [2009-09-18 611168]

S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]

S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-06-13 158832]

S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]

S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]

S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-08-18 382312]

S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]

S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-12-29 144960]

S3 5U877;5U877;c:\windows\system32\DRIVERS\5U877.sys [2012-03-28 216704]

S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-04-19 356632]

S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-04-19 789272]

S3 NETwNv64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETwNv64.sys [2011-10-31 8399360]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

*Deregistered* - mfeavfk01

.

Contents of the 'Scheduled Tasks' folder

.

2013-01-01 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-13 18:40]

.

2013-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-04 18:02]

.

2013-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-04 18:02]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\rworsman89\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\rworsman89\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\rworsman89\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\rworsman89\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nwiz"="STALLQUIET" [X]

"RtHDVCpl"="RAVCpl64.exe" [2008-07-16 6440480]

"Skytel"="Skytel.exe" [2008-07-16 1833504]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\system32\blank.htm

uInternet Settings,ProxyOverride = <local>

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

Trusted Zone: wpi.edu\digitool

Trusted Zone: wpi.edu\libguides

Trusted Zone: wpi.edu\my

TCP: DhcpNameServer = 156.154.119.11 156.154.129.11 192.168.1.1

DPF: {D0659405-AD2E-4195-B67E-8B3AC42D763E} - hxxps://qbo.intuit.com/c5/v42.146/qboax11.cab

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

Toolbar-Locked - (no file)

HKLM-Run-Apoint - T.EXE

HKLM-Run-SynTPEnh - H.EXE

HKLM-Run-IgfxTray - DOWS\SYSTEM32\IGFXTRAY.EXE

HKLM-Run-HotKeysCmds - DOWS\SYSTEM32\HKCMD.EXE

HKLM-Run-Persistence - DOWS\SYSTEM32\IGFXPERS.EXE

HKLM-Run-dshat - c:\users\rworsman89\AppData\Roaming\dshat.dll

HKLM-Run-uinca - c:\users\rworsman89\AppData\Roaming\uinca.dll

HKLM-Run-wiefi - c:\users\rworsman89\AppData\Roaming\wiefi.dll

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ccmsetup]

"ImagePath"="\"c:\windows\ccmsetup\ccmsetup.exe\" /runservice /config:MobileClient.tcf"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Juniper Networks\Common Files\dsNcService.exe

c:\program files (x86)\McAfee\Common Framework\FrameworkService.exe

c:\program files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe

c:\program files (x86)\McAfee\VirusScan Enterprise\mfeann.exe

c:\program files (x86)\McAfee\Common Framework\naPrdMgr.exe

c:\progra~1\Lenovo\HOTKEY\TPONSCR.EXE

c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

c:\program files (x86)\Lenovo\System Update\SUService.exe

c:\windows\SysWOW64\rundll32.exe

c:\program files (x86)\McAfee\Common Framework\McTray.exe

c:\progra~2\ThinkPad\UTILIT~1\SCHTASK.exe

c:\program files (x86)\Internet Explorer\iexplore.exe

c:\program files (x86)\Internet Explorer\iexplore.exe

c:\program files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

.

**************************************************************************

.

Completion time: 2013-01-01 15:45:02 - machine was rebooted

ComboFix-quarantined-files.txt 2013-01-01 20:45

.

Pre-Run: 246,617,944,064 bytes free

Post-Run: 246,760,075,264 bytes free

.

- - End Of File - - 01EA35EAC6E2E4C6F405FA6243D0AB17

Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:


ClearJavaCache::

Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

CF3.jpg

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Next,

Run Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page http://www.eset.com/home/products/online-scanner/ to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

If threats were found

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish

close program

copy and paste the report here

Next,

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop.

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Post those logs in next reply.....

Kevin

Link to post
Share on other sites

Ok,

Here are the three logs

Combo Fix

Eset 2 problem

Screen 317

ComboFix 13-01-01.02 - rworsman89 01/01/2013 16:16:29.2.4 - x64

Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3819.2331 [GMT -5:00]

Running from: c:\users\rworsman89\Desktop\ComboFix.exe

Command switches used :: c:\users\rworsman89\Desktop\CFScript.txt

AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-12-01 to 2013-01-01 )))))))))))))))))))))))))))))))

.

.

2013-01-01 21:20 . 2013-01-01 21:20 -------- d-----w- c:\users\xprofilex\AppData\Local\temp

2013-01-01 21:20 . 2013-01-01 21:20 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-01-01 21:20 . 2013-01-01 21:20 -------- d-----w- c:\users\prr\AppData\Local\temp

2013-01-01 21:20 . 2013-01-01 21:20 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-01-01 21:20 . 2013-01-01 21:20 -------- d-----w- c:\users\cccservice\AppData\Local\temp

2012-12-31 20:00 . 2012-12-31 20:01 -------- d-----w- c:\users\rworsman89\AppData\Roaming\Autodesk Navisworks Freedom 2013

2012-12-31 20:00 . 2012-12-31 20:01 -------- d-----w- c:\programdata\Autodesk Navisworks Freedom 2013

2012-12-31 19:20 . 2012-12-31 19:20 -------- d-----w- c:\users\rworsman89\AppData\Roaming\Malwarebytes

2012-12-31 19:20 . 2012-12-31 19:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-12-31 19:20 . 2012-12-31 19:20 -------- d-----w- c:\programdata\Malwarebytes

2012-12-31 19:20 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-21 19:30 . 2009-07-14 01:41 258048 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpfppw73.dll

2012-12-21 18:04 . 2013-01-01 20:27 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-12-21 18:04 . 2013-01-01 21:15 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2

2012-12-21 18:03 . 2012-12-21 18:03 -------- d-----w- c:\users\rworsman89\AppData\Local\Programs

2012-12-17 19:51 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys

2012-12-17 19:50 . 2012-11-05 21:35 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-17 19:50 . 2012-11-05 20:41 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-17 19:50 . 2012-11-05 20:32 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-17 19:50 . 2012-11-05 20:32 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-17 19:49 . 2012-10-04 17:43 16384 ----a-w- c:\windows\system32\ntvdm64.dll

2012-12-17 19:49 . 2012-10-04 14:46 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2012-12-17 19:47 . 2012-10-04 17:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2012-12-17 19:46 . 2012-11-14 05:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-12-17 19:46 . 2012-11-14 01:44 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-12-17 19:46 . 2012-11-14 05:53 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-12-11 22:04 . 2012-12-11 22:04 -------- d-----w- c:\users\rworsman89\AppData\Local\Microsoft Help

2012-12-08 17:41 . 2012-12-29 16:07 -------- d-----w- C:\found.000

2012-12-06 16:39 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A4542B2B-4203-4D01-9C41-29764D4CC8F1}\mpengine.dll

2012-12-06 14:14 . 2012-12-06 14:14 -------- d-----w- c:\users\cccservice\AppData\Roaming\PwrMgr

2012-12-06 14:12 . 2012-12-06 14:12 -------- d-----w- c:\users\cccservice\AppData\Local\Lenovo

2012-12-05 13:59 . 2012-12-05 13:59 191984 ----a-w- c:\windows\system32\javaws.exe

2012-12-05 13:59 . 2012-12-05 13:59 172528 ----a-w- c:\windows\system32\javaw.exe

2012-12-05 13:59 . 2012-12-05 13:59 172528 ----a-w- c:\windows\system32\java.exe

2012-12-05 13:59 . 2012-12-05 13:59 -------- d-----w- c:\program files\Java

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-01-01 21:20 . 2013-01-01 21:20 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A4542B2B-4203-4D01-9C41-29764D4CC8F1}\offreg.dll

2012-12-11 18:40 . 2012-06-13 13:19 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-12-11 18:40 . 2011-06-22 15:24 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-05 13:59 . 2012-06-13 13:21 544240 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-12-05 13:59 . 2011-06-22 15:30 525808 ----a-w- c:\windows\system32\deployJava1.dll

2012-10-04 18:01 . 2012-10-04 18:01 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-10-04 18:00 . 2012-06-13 13:20 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-10-04 18:00 . 2011-12-09 16:48 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-10-04 16:40 . 2012-12-17 19:47 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-10-04 15:44 . 2012-10-04 15:44 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2012-10-04 15:44 . 2012-10-04 15:44 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2012-10-04 15:44 . 2012-10-04 15:44 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2012-10-04 15:44 . 2012-10-04 15:44 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-10-04 15:23 . 2012-10-04 15:23 98304 ----a-w- c:\windows\SysWow64\bsreffs.dll

2012-10-04 15:23 . 2012-10-04 15:23 90112 ----a-w- c:\windows\SysWow64\bsrlback.dll

2012-10-04 15:23 . 2012-10-04 15:23 81920 ----a-w- c:\windows\SysWow64\bsrgvas.dll

2012-10-04 15:23 . 2012-10-04 15:23 692224 ----a-w- c:\windows\SysWow64\bsrmgcv.dll

2012-10-04 15:23 . 2012-10-04 15:23 192512 ----a-w- c:\windows\SysWow64\bsrmgps.dll

2012-10-04 15:23 . 2012-10-04 15:23 585728 ----a-w- c:\windows\SysWow64\bsratswf.dll

2012-10-04 15:23 . 2012-10-04 15:23 147456 ----a-w- c:\windows\SysWow64\bsratwmv.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\rworsman89\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\rworsman89\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\rworsman89\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\rworsman89\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-11-12 39408]

"Akamai NetSession Interface"="c:\users\rworsman89\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-07-27 36800]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-07-27 823224]

"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2011-01-12 161088]

"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-01-12 215360]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-06-13 296056]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]

"Communicator"="c:\program files (x86)\Microsoft Office Communicator\communicator.exe" [2012-07-30 5164632]

"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-04-19 291608]

"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]

"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2012-05-16 5941344]

.

c:\users\rworsman89\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\rworsman89\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-28 28539392]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMConfigurePrograms"= 1 (0x1)

"ForceStartMenuLogOff"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1029987154-1330733110-326569147-6699\Scripts\Logon\0\0]

"Script"=UserCustomZoneMap.vbs

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1029987154-1330733110-326569147-6699\Scripts\Logon\1\0]

"Script"=replace uniprint printers.vbs

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1029987154-1330733110-326569147-6699\Scripts\Logon\2\0]

"Script"=install.vbs

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1029987154-1330733110-326569147-6699\Scripts\Logon\3\0]

"Script"=Pop-up Blocker Settings.vbs

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1029987154-1330733110-326569147-72359\Scripts\Logon\0\0]

"Script"=UserCustomZoneMap.vbs

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1029987154-1330733110-326569147-72359\Scripts\Logon\1\0]

"Script"=replace uniprint printers.vbs

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1029987154-1330733110-326569147-72359\Scripts\Logon\2\0]

"Script"=install.vbs

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1029987154-1330733110-326569147-72359\Scripts\Logon\3\0]

"Script"=Pop-up Blocker Settings.vbs

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]

R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2010-04-06 301232]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-11-12 1432400]

R3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2011-11-10 60184]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]

R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-06-13 100904]

R3 NWDellPort;Dell Wireless Mobile Broadband Status Port Driver;c:\windows\system32\drivers\nwdelser.sys [2007-11-02 203392]

R3 NWDellPort2;Dell Wireless Mobile Broadband Status2 Port Driver;c:\windows\system32\drivers\nwdelser2.sys [2007-11-02 203392]

R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFxpx64.sys [2011-01-04 71968]

R3 O2MDRRDR;O2MDRRDR;c:\windows\system32\drivers\O2MDRvstx64.sys [2011-01-03 75112]

R3 O2SDJRDR;O2SDJRDR;c:\windows\system32\drivers\o2sdjw7x64.sys [2011-03-23 83560]

R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2012-05-16 1662560]

R3 prl_mouf;Parallels Mouse Synchronization Device;c:\windows\system32\drivers\prl_mouf.sys [2009-11-02 19272]

R3 prl_pv64;prl_pv64;c:\windows\system32\drivers\prl_pv64.sys [2009-11-02 109896]

R3 prl_tg;prl_tg;c:\windows\system32\drivers\prl_tg.sys [2009-11-02 25288]

R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2012-05-16 1665120]

R3 QCFilterhp;HP USB Composite Device Filter Driver;c:\windows\system32\drivers\qcfilterhp.sys [2008-06-09 6528]

R3 qcusbserhp;HP USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbserhp.sys [2008-06-09 103680]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]

R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 88960]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-08-23 29696]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]

R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-01-24 18216]

R3 wacomhidfilter;Wacom HID Filter;c:\windows\system32\drivers\wacomhidfilter.sys [2008-08-27 12968]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-21 1255736]

S0 aac;Adaptec RAID Miniport Driver;c:\windows\system32\drivers\aac.sys [2007-09-20 58880]

S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [2012-05-16 29512]

S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys [2012-04-19 19224]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-06-13 283744]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-08-18 30056]

S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [2012-08-18 284008]

S2 ccmsetup;ccmsetup;c:\windows\ccmsetup\ccmsetup.exe [2009-09-18 611168]

S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]

S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-06-13 158832]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-08-18 382312]

S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]

S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-12-29 144960]

S3 5U877;5U877;c:\windows\system32\DRIVERS\5U877.sys [2012-03-28 216704]

S3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2012-05-16 320576]

S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-04-19 356632]

S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-04-19 789272]

S3 NETwNv64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETwNv64.sys [2011-10-31 8399360]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

*Deregistered* - mfeavfk01

.

Contents of the 'Scheduled Tasks' folder

.

2013-01-01 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-13 18:40]

.

2013-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-04 18:02]

.

2013-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-04 18:02]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\rworsman89\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\rworsman89\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\rworsman89\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\rworsman89\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nwiz"="STALLQUIET" [X]

"Apoint"="T.EXE" [bU]

"SynTPEnh"="H.EXE" [bU]

"IgfxTray"="DOWS\SYSTEM32\IGFXTRAY.EXE" [bU]

"HotKeysCmds"="DOWS\SYSTEM32\HKCMD.EXE" [bU]

"Persistence"="DOWS\SYSTEM32\IGFXPERS.EXE" [bU]

"RtHDVCpl"="RAVCpl64.exe" [2008-07-16 6440480]

"Skytel"="Skytel.exe" [2008-07-16 1833504]

"dshat"="c:\users\rworsman89\AppData\Roaming\dshat.dll" [bU]

"uinca"="c:\users\rworsman89\AppData\Roaming\uinca.dll" [bU]

"wiefi"="c:\users\rworsman89\AppData\Roaming\wiefi.dll" [bU]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\system32\blank.htm

uInternet Settings,ProxyOverride = <local>

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

Trusted Zone: wpi.edu\digitool

Trusted Zone: wpi.edu\libguides

Trusted Zone: wpi.edu\my

TCP: DhcpNameServer = 156.154.119.11 156.154.129.11 192.168.1.1

DPF: {D0659405-AD2E-4195-B67E-8B3AC42D763E} - hxxps://qbo.intuit.com/c5/v42.146/qboax11.cab

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ccmsetup]

"ImagePath"="\"c:\windows\ccmsetup\ccmsetup.exe\" /runservice /config:MobileClient.tcf"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-01-01 16:21:21

ComboFix-quarantined-files.txt 2013-01-01 21:21

ComboFix2.txt 2013-01-01 20:45

.

Pre-Run: 246,977,978,368 bytes free

Post-Run: 246,904,352,768 bytes free

.

- - End Of File - - 9FB0A0DF2959B01F8CE7C2B42BF6C3EC

C:\Qoobox\Quarantine\C\Users\rworsman89\AppData\Roaming\dshat.dll.vir a variant of Win32/Medfos.HM trojan

C:\Users\rworsman89\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdjbnddbclciabnckgeahmneohjlahdm\1.0_0\manager.js JS/Redirector.NCG trojan

Results of screen317's Security Check version 0.99.56

Windows 7 Service Pack 1 x64 (UAC is disabled!)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Disabled!

McAfee VirusScan Enterprise

Antivirus up to date! (On Access scanning disabled!)

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.70.0.1100

Java 6 Update 37

Java 7 Update 7

Java version out of Date!

Google Chrome 22.0.1229.79

Google Chrome 22.0.1229.94

Google Chrome 23.0.1271.64

Google Chrome 23.0.1271.91

Google Chrome 23.0.1271.95

Google Chrome 23.0.1271.97

````````Process Check: objlist.exe by Laurent````````

Spybot Teatimer.exe is disabled!

McAfee VirusScan Enterprise VsTskMgr.exe

McAfee VirusScan Enterprise mfeann.exe

McAfee VirusScan Enterprise SHSTAT.EXE

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

Link to post
Share on other sites

If your security alerts to OTM either accept the alert so that OTM can complte or turn your security off....

Download OTM from either of the following links and save to your Desktop:

http://oldtimer.geekstogo.com/OTM.exe.

http://www.itxassociates.com/OT-Tools/OTM.com

http://www.itxassociates.com/OT-Tools/OTM.exe

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion....

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Files
    ipconfig /flushdns /c
    C:\Users\rworsman89\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdjbnddbclciabnckgeahmneohjlahdm\1.0_0\manager.js
    :Commands
    [EmptyTemp]


  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

Next,

Download http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner by Xplode onto your Desktop.

  • Please close all open programs and internet browsers.
  • Double click on Adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Post those two logs, also let me know if there are any remaining issues or concerns...

Kevin..

Link to post
Share on other sites

below are the results from those two scans.

upon reboot I had 3 errors pop up:

There was a problem starting

C:\users\rworsman89\appdata\roaming\wiefi.dll

C:\users\rworsman89\appdata\roaming\uinca.dll

C:\users\rworsman89\appdata\roaming\dshat.dll

the specified module could not be found.

what should I do about these?

I am still not able to open the corrupted xlsx file.

All processes killed

Error: Unable to interpret <:Filesipconfig /flushdns /cC:\Users\rworsman89\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdjbnddbclciabnckgeahmneohjlahdm\1.0_0\manager.js:Commands[EmptyTemp]> in the current context!

OTM by OldTimer - Version 3.1.21.0 log created on 01012013_184603

# AdwCleaner v2.104 - Logfile created 01/01/2013 at 18:51:08

# Updated 29/12/2012 by Xplode

# Operating system : Windows 7 Enterprise Service Pack 1 (64 bits)

# User : rworsman89 - CEE-NB25

# Boot Mode : Normal

# Running from : C:\Users\rworsman89\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\rworsman89\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [767 octets] - [01/01/2013 18:51:08]

########## EOF - C:\AdwCleaner[s1].txt - [826 octets] ##########

Link to post
Share on other sites

That log from OTM is indicating a false run, it appears that all instructions were on the same line, not as a list.

Can you run OTM one more time, I`ve also included reg fixes for the errors you mention.. as follows:

Download OTM from either of the following links and save to your Desktop (not required if still on Desktop):

http://oldtimer.geekstogo.com/OTM.exe.

http://www.itxassociates.com/OT-Tools/OTM.com

http://www.itxassociates.com/OT-Tools/OTM.exe

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion....

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "dshat"=-
    "uinca"=-
    "wiefi"=-
    :Services
    :Files
    ipconfig /flushdns /c
    C:\Users\rworsman89\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdjbnddbclciabnckgeahmneohjlahdm\1.0_0\manager.js
    :Commands
    [EmptyTemp]

  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

Regarding the corrupt file, at present i`m removing the malware that was onboard. If there are corrupt files they maybe lost unless you have a backup?

Kevn

Link to post
Share on other sites

Download OTL from any of the following links and save to your desktop.

http://itxassociates.com/OT-Tools/OTL.com

http://oldtimer.geekstogo.com/OTL.exe

http://www.itxassociates.com/OT-Tools/OTL.scr

Double click the icon to start the tool. (Note: If you are running on Vista or Windows 7 accept UAC alert)

  • When the window appears, underneath Output at the top, make sure Standard output is selected.
  • Select Scan all users
  • Under the Extra Registry section, check Use SafeList
  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  • Click Run Scan and let the program run uninterrupted.
  • When the scan is complete, two text files will be created on your Desktop.
  • OTL.Txt <- this one will be opened
  • Extras.txt <- this one will be minimized

Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTL.Txt and the Extras.txt in your next reply.

Link to post
Share on other sites

Here are the two logs from OTL

otl.txt then extras.txt

OTL logfile created on: 1/1/2013 8:31:29 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\rworsman89\Desktop

64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.73 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 62.17% Memory free

7.46 Gb Paging File | 5.83 Gb Available in Paging File | 78.21% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 297.89 Gb Total Space | 230.08 Gb Free Space | 77.24% Space Free | Partition Type: NTFS

Computer Name: CEE-NB25 | User Name: rworsman89 | NOT logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/01 20:30:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\rworsman89\Desktop\OTL.exe

PRC - [2012/08/18 12:43:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

PRC - [2012/07/11 20:04:02 | 000,683,696 | ---- | M] (Juniper Networks) -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe

PRC - [2012/05/11 16:02:38 | 000,034,104 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe

PRC - [2011/12/29 18:20:40 | 000,144,960 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe

PRC - [2011/09/12 19:08:00 | 000,033,648 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe

PRC - [2011/07/12 15:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe

PRC - [2011/01/12 15:05:00 | 000,185,664 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe

PRC - [2011/01/12 15:05:00 | 000,161,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe

PRC - [2011/01/12 15:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe

PRC - [2011/01/12 15:05:00 | 000,075,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\McTray.exe

PRC - [2011/01/12 07:08:00 | 000,215,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe

PRC - [2011/01/12 07:08:00 | 000,209,760 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe

PRC - [2009/09/18 06:00:00 | 000,611,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\ccmsetup\ccmsetup.exe

========== Modules (No Company Name) ==========

MOD - [2012/09/10 23:32:32 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll

MOD - [2007/04/18 18:30:46 | 000,471,040 | ---- | M] () -- C:\Program Files (x86)\McAfee\Common Framework\ccme_base.dll

MOD - [2007/04/18 18:30:46 | 000,393,216 | ---- | M] () -- C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll

========== Services (SafeList) ==========

SRV:64bit: - [2012/11/12 12:38:18 | 001,432,400 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)

SRV:64bit: - [2012/06/13 08:11:45 | 000,158,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)

SRV:64bit: - [2012/06/13 08:11:43 | 000,199,008 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)

SRV:64bit: - [2012/04/11 15:27:06 | 000,047,440 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)

SRV:64bit: - [2011/12/29 18:20:40 | 000,144,960 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)

SRV:64bit: - [2011/07/12 15:53:58 | 000,133,992 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)

SRV:64bit: - [2011/07/12 15:53:40 | 000,145,256 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)

SRV:64bit: - [2011/07/12 15:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2012/12/11 13:40:27 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/08/18 12:43:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2012/08/18 01:48:18 | 000,382,312 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2012/08/06 13:18:29 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)

SRV - [2012/07/27 12:51:28 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012/07/11 20:04:02 | 000,683,696 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)

SRV - [2012/05/16 05:32:00 | 001,665,120 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe -- (PwmEWSvc)

SRV - [2012/05/16 05:32:00 | 001,662,560 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)

SRV - [2012/05/16 05:32:00 | 000,320,576 | ---- | M] (Lenovo.) [On_Demand | Running] -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc)

SRV - [2012/05/11 16:02:38 | 000,034,104 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)

SRV - [2011/01/12 15:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)

SRV - [2011/01/12 07:08:00 | 000,209,760 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)

SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/09/18 06:00:00 | 000,611,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\windows\ccmsetup\ccmsetup.exe -- (ccmsetup)

SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/23 09:12:16 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)

DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2012/08/18 12:43:00 | 000,284,008 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nvkflt.sys -- (nvkflt)

DRV:64bit: - [2012/08/18 12:43:00 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)

DRV:64bit: - [2012/08/06 13:18:21 | 014,759,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2012/07/11 19:31:50 | 000,032,768 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dsNcAdpt.sys -- (dsNcAdpt)

DRV:64bit: - [2012/06/13 08:11:45 | 000,283,744 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)

DRV:64bit: - [2012/06/13 08:11:44 | 000,642,952 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)

DRV:64bit: - [2012/06/13 08:11:44 | 000,228,752 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)

DRV:64bit: - [2012/06/13 08:11:44 | 000,100,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)

DRV:64bit: - [2012/06/13 08:11:43 | 000,158,712 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)

DRV:64bit: - [2012/05/30 12:42:10 | 000,569,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2012/05/16 05:32:00 | 000,029,512 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DZHDD64.SYS -- (DzHDD64)

DRV:64bit: - [2012/05/16 05:32:00 | 000,019,784 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)

DRV:64bit: - [2012/04/19 15:32:08 | 000,789,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)

DRV:64bit: - [2012/04/19 15:32:06 | 000,356,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)

DRV:64bit: - [2012/04/19 15:32:06 | 000,019,224 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)

DRV:64bit: - [2012/04/11 15:27:04 | 000,042,280 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)

DRV:64bit: - [2012/03/28 12:16:48 | 000,216,704 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)

DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/12/26 20:10:44 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)

DRV:64bit: - [2011/11/10 02:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2011/11/10 02:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)

DRV:64bit: - [2011/10/31 15:45:16 | 008,399,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNv64.sys -- (NETwNv64)

DRV:64bit: - [2011/03/23 12:51:32 | 000,083,560 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys -- (O2SDJRDR)

DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/01/17 07:36:10 | 000,315,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)

DRV:64bit: - [2011/01/04 01:58:06 | 000,071,968 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\o2mdfxpx64.sys -- (O2MDFRDR)

DRV:64bit: - [2011/01/03 13:18:54 | 000,075,112 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\O2MDRvstx64.sys -- (O2MDRRDR)

DRV:64bit: - [2010/11/20 22:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)

DRV:64bit: - [2010/11/20 22:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)

DRV:64bit: - [2010/11/20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)

DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/10/15 07:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)

DRV:64bit: - [2010/09/15 10:03:02 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)

DRV:64bit: - [2010/09/07 15:08:55 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2010/04/05 23:37:42 | 000,301,232 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress)

DRV:64bit: - [2010/02/26 22:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)

DRV:64bit: - [2010/01/24 13:32:24 | 000,018,216 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)

DRV:64bit: - [2009/11/02 18:45:10 | 000,025,288 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\prl_tg.sys -- (prl_tg)

DRV:64bit: - [2009/11/02 18:45:06 | 000,109,896 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\prl_pv64.sys -- (prl_pv64)

DRV:64bit: - [2009/11/02 18:45:04 | 000,019,272 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\prl_mouf.sys -- (prl_mouf)

DRV:64bit: - [2009/09/21 14:29:22 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)

DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV:64bit: - [2009/07/13 18:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)

DRV:64bit: - [2009/06/22 15:01:26 | 000,497,152 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2008/08/27 09:27:14 | 000,012,968 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacomhidfilter.sys -- (wacomhidfilter)

DRV:64bit: - [2008/06/24 08:50:00 | 000,065,024 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)

DRV:64bit: - [2008/06/09 03:06:42 | 000,103,680 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qcusbserhp.sys -- (qcusbserhp)

DRV:64bit: - [2008/06/09 03:06:40 | 000,006,528 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qcfilterhp.sys -- (QCFilterhp)

DRV:64bit: - [2008/04/07 13:14:02 | 000,028,520 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)

DRV:64bit: - [2008/04/07 13:13:58 | 000,040,296 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)

DRV:64bit: - [2008/01/18 09:49:50 | 000,308,736 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2007/11/19 16:01:08 | 000,237,568 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NWADIenum.sys -- (NWADI)

DRV:64bit: - [2007/11/02 14:41:04 | 000,203,392 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwdelser2.sys -- (NWDellPort2)

DRV:64bit: - [2007/11/02 14:41:04 | 000,203,392 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwdelser.sys -- (NWDellPort)

DRV:64bit: - [2007/10/22 15:16:30 | 000,191,536 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)

DRV:64bit: - [2007/09/20 12:52:28 | 000,058,880 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aac.sys -- (aac)

DRV:64bit: - [2007/03/26 14:48:24 | 000,055,808 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)

DRV:64bit: - [2007/02/27 16:10:38 | 000,053,760 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)

DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1029987154-1330733110-326569147-72359\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-1029987154-1330733110-326569147-72359\..\SearchScopes,DefaultScope = {F16D66E7-4999-4304-AF09-94A4DAD67AAE}

IE - HKU\S-1-5-21-1029987154-1330733110-326569147-72359\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-1029987154-1330733110-326569147-72359\..\SearchScopes\{F16D66E7-4999-4304-AF09-94A4DAD67AAE}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7MXGB_enUS510

IE - HKU\S-1-5-21-1029987154-1330733110-326569147-72359\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1029987154-1330733110-326569147-72359\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-21-2099159730-725536037-1439141394-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve

IE - HKU\S-1-5-21-2099159730-725536037-1439141394-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.wpi.edu/

IE - HKU\S-1-5-21-2099159730-725536037-1439141394-1007\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2099159730-725536037-1439141394-1007\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-2099159730-725536037-1439141394-1007\..\SearchScopes\{F16D66E7-4999-4304-AF09-94A4DAD67AAE}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

IE - HKU\S-1-5-21-2099159730-725536037-1439141394-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\windows\system32\npdeployJava1.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/10/03 12:35:37 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/06/13 08:41:00 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/13 08:23:16 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - homepage:

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},

CHR - homepage:

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Java Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll

CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll

CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\windows\SysWOW64\Adobe\Director\np32dsw.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll

CHR - Extension: YouTube = C:\Users\rworsman89\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\

CHR - Extension: ChromeUpdateManager = C:\Users\rworsman89\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdjbnddbclciabnckgeahmneohjlahdm\1.0_0\

CHR - Extension: Google Search = C:\Users\rworsman89\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\

CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\rworsman89\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

CHR - Extension: Gmail = C:\Users\rworsman89\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/01/01 15:42:09 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120613091231.dll (McAfee, Inc.)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120613091231.dll (McAfee, Inc.)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3:64bit: - HKU\S-1-5-21-1029987154-1330733110-326569147-72359\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKU\S-1-5-21-1029987154-1330733110-326569147-72359\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKU\S-1-5-21-2099159730-725536037-1439141394-1007\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [Apoint] T.EXE File not found

O4:64bit: - HKLM..\Run: [dshat] rundll32.exe "C:\Users\rworsman89\AppData\Roaming\dshat.dll",TextureKey File not found

O4:64bit: - HKLM..\Run: [HotKeysCmds] DOWS\SYSTEM32\HKCMD.EXE File not found

O4:64bit: - HKLM..\Run: [igfxTray] DOWS\SYSTEM32\IGFXTRAY.EXE File not found

O4:64bit: - HKLM..\Run: [nwiz] STALLQUIET File not found

O4:64bit: - HKLM..\Run: [Persistence] DOWS\SYSTEM32\IGFXPERS.EXE File not found

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\windows\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [synTPEnh] H.EXE File not found

O4:64bit: - HKLM..\Run: [uinca] "C:\Windows\System32\rundll32.exe" "C:\Users\rworsman89\AppData\Roaming\uinca.dll",SimpleParseStringFlags File not found

O4:64bit: - HKLM..\Run: [wiefi] "C:\Windows\System32\rundll32.exe" "C:\Users\rworsman89\AppData\Roaming\wiefi.dll",Iter_Next File not found

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [Communicator] C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)

O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)

O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)

O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.)

O4 - HKLM..\Run: [shStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [uSB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)

O4 - HKU\S-1-5-21-1029987154-1330733110-326569147-72359..\Run: [Akamai NetSession Interface] C:\Users\rworsman89\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)

O4 - HKU\S-1-5-21-2099159730-725536037-1439141394-1007..\Run: [Microsoft] rundll32 "C:\Users\rworsman89\AppData\Local\Temp\Microsoft\jzobd.dll",h264OutVideoInitW File not found

O4 - Startup: C:\Users\rworsman89\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\rworsman89\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1029987154-1330733110-326569147-72359\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present

O7 - HKU\S-1-5-21-1029987154-1330733110-326569147-72359\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1029987154-1330733110-326569147-72359\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1029987154-1330733110-326569147-72359\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1

O7 - HKU\S-1-5-21-1029987154-1330733110-326569147-72359\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1

O7 - HKU\S-1-5-21-1029987154-1330733110-326569147-72359\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Intellimenus = 1

O7 - HKU\S-1-5-21-1029987154-1330733110-326569147-72359\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-2099159730-725536037-1439141394-1007\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present

O7 - HKU\S-1-5-21-2099159730-725536037-1439141394-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2099159730-725536037-1439141394-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-2099159730-725536037-1439141394-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1

O13 - gopher Prefix: missing

O15:64bit: - ..Trusted Domains: wpi.edu ([*.sharepoint] https in Local intranet)

O15:64bit: - ..Trusted Domains: wpi.edu ([admin] file in Local intranet)

O15:64bit: - ..Trusted Domains: wpi.edu ([digitool] http in Trusted sites)

O15:64bit: - ..Trusted Domains: wpi.edu ([imc1] file in Local intranet)

O15:64bit: - ..Trusted Domains: wpi.edu ([libguides] http in Trusted sites)

O15:64bit: - ..Trusted Domains: wpi.edu ([my] http in Trusted sites)

O15:64bit: - ..Trusted Domains: wpi.edu ([my] https in Trusted sites)

O15:64bit: - ..Trusted Domains: wpi.edu ([tsweb] https in Local intranet)

O15 - HKU\S-1-5-21-1029987154-1330733110-326569147-72359\..Trusted Domains: wpi.edu ([*.sharepoint] https in Local intranet)

O15 - HKU\S-1-5-21-1029987154-1330733110-326569147-72359\..Trusted Domains: wpi.edu ([admin] file in Local intranet)

O15 - HKU\S-1-5-21-1029987154-1330733110-326569147-72359\..Trusted Domains: wpi.edu ([digitool] http in Trusted sites)

O15 - HKU\S-1-5-21-1029987154-1330733110-326569147-72359\..Trusted Domains: wpi.edu ([imc1] file in Local intranet)

O15 - HKU\S-1-5-21-1029987154-1330733110-326569147-72359\..Trusted Domains: wpi.edu ([libguides] http in Trusted sites)

O15 - HKU\S-1-5-21-1029987154-1330733110-326569147-72359\..Trusted Domains: wpi.edu ([my] http in Trusted sites)

O15 - HKU\S-1-5-21-1029987154-1330733110-326569147-72359\..Trusted Domains: wpi.edu ([my] https in Trusted sites)

O15 - HKU\S-1-5-21-1029987154-1330733110-326569147-72359\..Trusted Domains: wpi.edu ([mysite] https in Local intranet)

O15 - HKU\S-1-5-21-1029987154-1330733110-326569147-72359\..Trusted Domains: wpi.edu ([sharepoint] https in Local intranet)

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)

O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} http://site.ebrary.com/lib/anysite/support/plugins/ebraryRdr.cab (Infotl Control)

O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alternatiff.com/distribution/alternatiff-ax-w32-2.0.1.cab (AlternaTIFF ActiveX)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.7.2)

O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)

O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 10.7.2)

O16 - DPF: {D0659405-AD2E-4195-B67E-8B3AC42D763E} https://qbo.intuit.com/c5/v42.146/qboax11.cab (QuickBooks Online Edition Utilities Class v11)

O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 156.154.119.11 156.154.129.11 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = admin.wpi.edu

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B690CFFB-F4EA-42D8-A5D3-76FD86DC3001}: DhcpNameServer = 156.154.119.11 156.154.129.11 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DFDD00D3-3CDC-4BFF-BBB5-7FF6AA2D6877}: DhcpNameServer = 130.215.32.18 130.215.39.18 130.215.5.18

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)

O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2012/11/27 15:42:27 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/01 20:29:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\rworsman89\Desktop\OTL.exe

[2013/01/01 18:49:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2013/01/01 18:46:03 | 000,000,000 | ---D | C] -- C:\_OTM

[2013/01/01 18:43:43 | 000,522,240 | ---- | C] (OldTimer Tools) -- C:\Users\rworsman89\Desktop\OTM.exe

[2013/01/01 15:45:26 | 000,000,000 | ---D | C] -- C:\windows\temp

[2013/01/01 15:30:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe

[2013/01/01 15:30:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe

[2013/01/01 15:30:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe

[2013/01/01 15:30:21 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013/01/01 15:29:51 | 000,000,000 | ---D | C] -- C:\windows\erdnt

[2013/01/01 15:29:29 | 005,017,261 | R--- | C] (Swearware) -- C:\Users\rworsman89\Desktop\ComboFix.exe

[2013/01/01 14:13:30 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools

[2012/12/31 15:00:58 | 000,000,000 | ---D | C] -- C:\Users\rworsman89\AppData\Roaming\Autodesk Navisworks Freedom 2013

[2012/12/31 15:00:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk Navisworks Freedom 2013

[2012/12/31 14:20:17 | 000,000,000 | ---D | C] -- C:\Users\rworsman89\AppData\Roaming\Malwarebytes

[2012/12/31 14:20:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/12/31 14:20:09 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

[2012/12/31 14:20:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/12/31 14:20:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/12/31 14:19:14 | 000,000,000 | ---D | C] -- C:\Users\rworsman89\Desktop\rkill

[2012/12/31 13:22:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Win7 Defender

[2012/12/21 13:04:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2012/12/21 13:03:09 | 000,000,000 | ---D | C] -- C:\Users\rworsman89\AppData\Local\Programs

[2012/12/17 14:51:22 | 000,000,000 | ---D | C] -- C:\Config.Msi

[2012/12/17 14:50:28 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll

[2012/12/17 14:50:28 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll

[2012/12/17 14:50:28 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll

[2012/12/17 14:50:27 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll

[2012/12/17 14:49:27 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll

[2012/12/17 14:49:27 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll

[2012/12/17 14:48:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll

[2012/12/17 14:48:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

[2012/12/17 14:48:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

[2012/12/17 14:48:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll

[2012/12/17 14:48:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

[2012/12/17 14:48:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll

[2012/12/17 14:48:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

[2012/12/17 14:48:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll

[2012/12/17 14:48:08 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

[2012/12/17 14:48:08 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll

[2012/12/17 14:48:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll

[2012/12/17 14:48:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

[2012/12/17 14:48:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

[2012/12/17 14:48:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll

[2012/12/17 14:48:06 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

[2012/12/17 14:48:06 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll

[2012/12/17 14:48:05 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

[2012/12/17 14:48:05 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll

[2012/12/17 14:48:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

[2012/12/17 14:48:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll

[2012/12/17 14:48:04 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

[2012/12/17 14:48:04 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll

[2012/12/17 14:48:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

[2012/12/17 14:48:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll

[2012/12/17 14:48:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll

[2012/12/17 14:48:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

[2012/12/17 14:48:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll

[2012/12/17 14:48:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

[2012/12/17 14:48:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll

[2012/12/17 14:48:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll

[2012/12/17 14:48:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

[2012/12/17 14:48:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll

[2012/12/17 14:48:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll

[2012/12/17 14:48:00 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

[2012/12/17 14:48:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

[2012/12/17 14:48:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll

[2012/12/17 14:47:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

[2012/12/17 14:47:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll

[2012/12/17 14:47:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

[2012/12/17 14:47:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll

[2012/12/17 14:47:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

[2012/12/17 14:47:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

[2012/12/17 14:47:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll

[2012/12/17 14:47:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

[2012/12/17 14:47:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

[2012/12/17 14:47:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll

[2012/12/17 14:47:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll

[2012/12/17 14:47:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

[2012/12/17 14:47:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll

[2012/12/17 14:47:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

[2012/12/17 14:47:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

[2012/12/17 14:47:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll

[2012/12/17 14:47:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

[2012/12/17 14:47:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll

[2012/12/17 14:47:53 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

[2012/12/17 14:47:53 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll

[2012/12/17 14:47:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe

[2012/12/17 14:47:52 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe

[2012/12/17 14:47:52 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll

[2012/12/17 14:47:52 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll

[2012/12/17 14:47:51 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll

[2012/12/17 14:47:50 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll

[2012/12/17 14:47:50 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe

[2012/12/17 14:47:50 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe

[2012/12/17 14:47:49 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll

[2012/12/17 14:47:48 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll

[2012/12/17 14:47:48 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll

[2012/12/17 14:47:24 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpnet.dll

[2012/12/17 14:47:24 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpnet.dll

[2012/12/17 14:46:00 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll

[2012/12/17 14:46:00 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll

[2012/12/17 14:45:58 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll

[2012/12/17 14:45:58 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll

[2012/12/17 14:45:57 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll

[2012/12/17 14:45:57 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll

[2012/12/17 14:45:57 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe

[2012/12/17 14:45:57 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe

[2012/12/17 14:45:55 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll

[2012/12/17 14:45:55 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl

[2012/12/17 14:45:55 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl

[2012/12/17 14:45:55 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll

[2012/12/17 14:45:52 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll

[2012/12/17 14:45:51 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll

[2012/12/17 14:45:51 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll

[2012/12/11 17:04:23 | 000,000,000 | ---D | C] -- C:\Users\rworsman89\AppData\Local\Microsoft Help

[2012/12/08 12:41:47 | 000,000,000 | ---D | C] -- C:\found.000

[2012/12/06 09:18:05 | 000,000,000 | ---D | C] -- C:\windows\pss

[2012/12/05 08:59:25 | 000,191,984 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysNative\javaws.exe

[2012/12/05 08:59:25 | 000,172,528 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysNative\javaw.exe

[2012/12/05 08:59:25 | 000,172,528 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysNative\java.exe

[2012/12/05 08:59:10 | 000,000,000 | ---D | C] -- C:\Program Files\Java

========== Files - Modified Within 30 Days ==========

[2013/01/01 20:30:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\rworsman89\Desktop\OTL.exe

[2013/01/01 20:12:00 | 000,000,906 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/01/01 19:40:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job

[2013/01/01 19:01:43 | 000,783,270 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2013/01/01 19:01:43 | 000,663,434 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2013/01/01 19:01:43 | 000,122,270 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2013/01/01 18:56:04 | 000,000,902 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/01/01 18:54:33 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2013/01/01 18:54:30 | 3003,465,728 | -HS- | M] () -- C:\hiberfil.sys

[2013/01/01 18:53:54 | 000,019,328 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/01/01 18:53:54 | 000,019,328 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/01/01 18:50:37 | 000,551,997 | ---- | M] () -- C:\Users\rworsman89\Desktop\adwcleaner.exe

[2013/01/01 18:43:43 | 000,522,240 | ---- | M] (OldTimer Tools) -- C:\Users\rworsman89\Desktop\OTM.exe

[2013/01/01 17:22:29 | 000,856,731 | ---- | M] () -- C:\Users\rworsman89\Desktop\SecurityCheck.exe

[2013/01/01 15:42:09 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts

[2013/01/01 15:35:08 | 000,006,525 | ---- | M] () -- C:\Users\rworsman89\AppData\Local\129509f8-18c4-463d-a14d-379ddd69d2a4.crx

[2013/01/01 15:29:38 | 005,017,261 | R--- | M] (Swearware) -- C:\Users\rworsman89\Desktop\ComboFix.exe

[2013/01/01 13:30:25 | 000,002,192 | -H-- | M] () -- C:\Users\rworsman89\Documents\Default.rdp

[2013/01/01 11:24:37 | 000,001,023 | ---- | M] () -- C:\Users\rworsman89\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2013/01/01 11:24:32 | 000,001,001 | ---- | M] () -- C:\Users\rworsman89\Desktop\Dropbox.lnk

[2012/12/31 14:20:10 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/12/17 14:54:46 | 000,421,144 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

[2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

[2012/12/11 13:40:26 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe

[2012/12/11 13:40:26 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

[2012/12/10 12:47:22 | 000,043,649 | RHS- | M] () -- C:\ProgramData\ntuser.pol

[2012/12/10 12:40:51 | 000,005,458 | RHS- | M] () -- C:\Users\rworsman89\ntuser.pol

[2012/12/05 08:59:18 | 000,191,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysNative\javaws.exe

[2012/12/05 08:59:18 | 000,172,528 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysNative\javaw.exe

[2012/12/05 08:59:18 | 000,172,528 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysNative\java.exe

[2012/12/05 08:59:17 | 000,544,240 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysNative\npdeployJava1.dll

[2012/12/05 08:59:17 | 000,525,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysNative\deployJava1.dll

========== Files Created - No Company Name ==========

[2013/01/01 18:50:36 | 000,551,997 | ---- | C] () -- C:\Users\rworsman89\Desktop\adwcleaner.exe

[2013/01/01 17:22:26 | 000,856,731 | ---- | C] () -- C:\Users\rworsman89\Desktop\SecurityCheck.exe

[2013/01/01 15:30:50 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe

[2013/01/01 15:30:49 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe

[2013/01/01 15:30:49 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe

[2013/01/01 15:30:49 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe

[2013/01/01 15:30:49 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe

[2012/12/31 14:20:10 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/12/31 13:20:54 | 000,006,525 | ---- | C] () -- C:\Users\rworsman89\AppData\Local\129509f8-18c4-463d-a14d-379ddd69d2a4.crx

[2012/12/07 09:40:02 | 143,754,240 | ---- | C] () -- C:\Users\rworsman89\Desktop\Work Email.pst

[2012/12/07 09:40:02 | 002,955,340 | ---- | C] () -- C:\Users\rworsman89\Desktop\03300-Pour Sequence CJ Plan - 7-25-12.pdf

[2012/10/29 16:53:56 | 000,007,597 | ---- | C] () -- C:\Users\rworsman89\AppData\Local\Resmon.ResmonCfg

[2012/10/04 10:23:32 | 000,098,304 | ---- | C] () -- C:\windows\SysWow64\bsreffs.dll

[2012/10/04 10:23:32 | 000,090,112 | ---- | C] () -- C:\windows\SysWow64\bsrlback.dll

[2012/10/04 10:23:31 | 000,692,224 | ---- | C] () -- C:\windows\SysWow64\bsrmgcv.dll

[2012/10/04 10:23:31 | 000,192,512 | ---- | C] () -- C:\windows\SysWow64\bsrmgps.dll

[2012/10/04 10:23:31 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\bsrgvas.dll

[2012/10/04 10:23:07 | 000,585,728 | ---- | C] () -- C:\windows\SysWow64\bsratswf.dll

[2012/10/04 10:23:07 | 000,147,456 | ---- | C] () -- C:\windows\SysWow64\bsratwmv.dll

[2012/10/03 12:33:19 | 000,005,458 | RHS- | C] () -- C:\Users\rworsman89\ntuser.pol

[2012/08/06 14:30:59 | 000,755,572 | ---- | C] () -- C:\windows\SysWow64\igkrng700.bin

[2012/08/06 14:30:57 | 000,559,972 | ---- | C] () -- C:\windows\SysWow64\igfcg700m.bin

[2012/08/06 14:30:56 | 000,058,880 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll

[2012/08/06 14:30:55 | 013,026,816 | ---- | C] () -- C:\windows\SysWow64\ig7icd32.dll

[2011/12/09 12:01:10 | 000,777,118 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

[2011/06/22 11:01:24 | 000,645,632 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll

[2011/06/22 11:01:24 | 000,240,640 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll

[2011/06/22 10:50:18 | 000,000,160 | ---- | C] () -- C:\windows\ODBC.INI

[2011/06/22 10:50:17 | 000,000,242 | ---- | C] () -- C:\windows\ODBCINST.INI

[2011/06/21 12:34:18 | 000,043,649 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2011/05/06 11:25:39 | 000,960,940 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin

[2011/05/06 11:25:37 | 000,207,376 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin

[2011/03/26 00:16:12 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/12/06 09:14:21 | 000,000,000 | ---D | M] -- C:\Users\cccservice\AppData\Roaming\PwrMgr

[2012/05/02 10:52:05 | 000,000,000 | ---D | M] -- C:\Users\cccservice\AppData\Roaming\SoftGrid Client

[2011/12/15 11:41:08 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\SoftGrid Client

[2011/12/15 11:41:08 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\SoftGrid Client

[2012/10/03 07:33:14 | 000,000,000 | ---D | M] -- C:\Users\prr\AppData\Roaming\PwrMgr

[2011/12/15 11:41:08 | 000,000,000 | ---D | M] -- C:\Users\prr\AppData\Roaming\SoftGrid Client

[2012/12/31 15:01:02 | 000,000,000 | ---D | M] -- C:\Users\rworsman89\AppData\Roaming\Autodesk

[2012/11/27 16:10:29 | 000,000,000 | ---D | M] -- C:\Users\rworsman89\AppData\Roaming\Autodesk Navisworks Exporters 2013

[2012/12/31 15:01:54 | 000,000,000 | ---D | M] -- C:\Users\rworsman89\AppData\Roaming\Autodesk Navisworks Freedom 2013

[2012/11/28 15:38:41 | 000,000,000 | ---D | M] -- C:\Users\rworsman89\AppData\Roaming\Autodesk Navisworks Manage 2013

[2013/01/01 18:57:29 | 000,000,000 | ---D | M] -- C:\Users\rworsman89\AppData\Roaming\Dropbox

[2012/10/14 16:05:15 | 000,000,000 | ---D | M] -- C:\Users\rworsman89\AppData\Roaming\Juniper Networks

[2012/10/03 12:36:26 | 000,000,000 | ---D | M] -- C:\Users\rworsman89\AppData\Roaming\PwrMgr

[2011/12/15 11:41:08 | 000,000,000 | ---D | M] -- C:\Users\rworsman89\AppData\Roaming\SoftGrid Client

[2011/12/15 11:41:08 | 000,000,000 | ---D | M] -- C:\Users\UpdatusUser\AppData\Roaming\SoftGrid Client

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

I had to use two posts due to length

OTL Extras logfile created on: 1/1/2013 8:31:29 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\rworsman89\Desktop

64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.73 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 62.17% Memory free

7.46 Gb Paging File | 5.83 Gb Available in Paging File | 78.21% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 297.89 Gb Total Space | 230.08 Gb Free Space | 77.24% Space Free | Partition Type: NTFS

Computer Name: CEE-NB25 | User Name: rworsman89 | NOT logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

"DoNotAllowExceptions" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications]

"Enabled" = 1

"AllowUserPrefMerge" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List]

"%WINDIR%\System32\msra.exe" = %WINDIR%\System32\msra.exe -- (Microsoft Corporation)

"%WINDIR%\System32\raserver.exe" = %WINDIR%\System32\raserver.exe -- (Microsoft Corporation)

"%WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe:*:Enabled:Remote Assistance – Windows Messenger and Voice" = %WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe:*:Enabled:Remote Assistance – Windows Messenger and Voice

"%WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe:130.215.0.0/16:Enabled:Offer Remote Assistance" = %WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe:130.215.0.0/16:Enabled:Offer Remote Assistance

"%WINDIR%\SYSTEM32\Sessmgr.exe:*:Enabled:Remote Assistance" = %WINDIR%\SYSTEM32\Sessmgr.exe:*:Enabled:Remote Assistance

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]

"Enabled" = 1

"AllowUserPrefMerge" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]

"135:TCP:130.215.0.0/24:enabled:RemoteAssistance" = 135:TCP:130.215.0.0/24:enabled:RemoteAssistance

"135:TCP:130.215.0.0/16:Enabled:Offer Remote Assistance" = 135:TCP:130.215.0.0/16:Enabled:Offer Remote Assistance

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings]

"AllowOutboundDestinationUnreachable" = 1

"AllowOutboundSourceQuench" = 1

"AllowRedirect" = 0

"AllowInboundEchoRequest" = 1

"AllowInboundRouterRequest" = 0

"AllowOutboundTimeExceeded" = 1

"AllowOutboundParameterProblem" = 1

"AllowInboundTimestampRequest" = 0

"AllowInboundMaskRequest" = 0

"AllowOutboundPacketTooBig" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging]

"LogDroppedPackets" = 1

"LogSuccessfulConnections" = 1

"LogFilePath" = %systemroot%\firewall.log

"LogFileSize" = 20480

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings]

"Enabled" = 1

"RemoteAddresses" = 130.215.33.0/24,130.215.34.0/24,130.215.24.0/21

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]

"Enabled" = 1

"RemoteAddresses" = 130.215.0.0/16

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop]

"Enabled" = 1

"RemoteAddresses" = *

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\UPnPFramework]

"Enabled" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications]

"Enabled" = 1

"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List]

"%WINDIR%\System32\msra.exe" = %WINDIR%\System32\msra.exe -- (Microsoft Corporation)

"%WINDIR%\System32\raserver.exe" = %WINDIR%\System32\raserver.exe -- (Microsoft Corporation)

"%WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe:*:Enabled:Remote Assistance – Windows Messenger and Voice" = %WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe:*:Enabled:Remote Assistance – Windows Messenger and Voice

"%WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe:130.215.0.0/16:Enabled:Offer Remote Assistance" = %WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe:130.215.0.0/16:Enabled:Offer Remote Assistance

"%WINDIR%\SYSTEM32\Sessmgr.exe:*:Enabled:Remote Assistance" = %WINDIR%\SYSTEM32\Sessmgr.exe:*:Enabled:Remote Assistance

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]

"Enabled" = 1

"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]

"135:TCP:130.215.0.0/24:enabled:RemoteAssistance" = 135:TCP:130.215.0.0/24:enabled:RemoteAssistance

"135:TCP:130.215.0.0/16:Enabled:Offer Remote Assistance" = 135:TCP:130.215.0.0/16:Enabled:Offer Remote Assistance

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings]

"AllowOutboundDestinationUnreachable" = 1

"AllowOutboundSourceQuench" = 1

"AllowRedirect" = 0

"AllowInboundEchoRequest" = 1

"AllowInboundRouterRequest" = 0

"AllowOutboundTimeExceeded" = 1

"AllowOutboundParameterProblem" = 1

"AllowInboundTimestampRequest" = 0

"AllowInboundMaskRequest" = 0

"AllowOutboundPacketTooBig" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging]

"LogDroppedPackets" = 1

"LogSuccessfulConnections" = 1

"LogFilePath" = %systemroot%\firewall.log

"LogFileSize" = 20480

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings]

"Enabled" = 1

"RemoteAddresses" = 130.215.33.0/24,130.215.34.0/24,130.215.24.0/21

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]

"Enabled" = 1

"RemoteAddresses" = 130.215.0.0/16

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop]

"Enabled" = 1

"RemoteAddresses" = *

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\UPnPFramework]

"Enabled" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |

"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |

"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |

"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |

"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |

"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |

"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{73BDF463-E131-4C88-AC87-FF8A3404E3C5}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |

"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |

"{7FC9D1C0-DF3A-44A2-9E3B-95A2D271FB9E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{9CB204F6-B27E-4922-B86C-A5164D64FE46}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |

"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |

"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |

"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{E3239A12-AD2B-49D9-84A6-59A769EC48A5}" = lport=49276 | protocol=6 | dir=in | name=akamai netsession interface |

"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |

"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |

"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0369F866-2CE0-4EB9-B426-88FA122C6E82}" = Lenovo Patch Utility 64 bit

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{09CC5F92-F043-4D1D-B34D-3C8801714C4F}" = Autodesk Navisworks Manage 2013 - 2012 DWG File Reader

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)

"{26A24AE4-039D-4CA4-87B4-2F86416037FF}" = Java 6 Update 37 (64-bit)

"{2831C6AC-3184-4AC4-95CE-CF69BDE3686A}" = Autodesk Navisworks Manage 2013 - 2008 DWG File Reader

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{53F40535-8350-49CF-B9FF-6045EA7A0007}" = Autodesk Navisworks Manage 2013 - 2009 DWG File Reader

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{7346B4A0-1300-0510-0409-705C0D862004}" = Revit 2013

"{7346B4A0-1300-0511-0409-705C0D862004}" = Revit 2013 Language Pack - English

"{7BAF0D12-35AD-4C7E-9A42-18F2E92D3000}" = Autodesk Navisworks Manage 2013 - 2011 DWG File Reader

"{83DA65A2-B384-47EB-ADB0-454DC8F26960}" = Autodesk Navisworks Manage 2013 - 2010 DWG File Reader

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010

"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

"{907A3175-B78E-0409-A98B-0A97BDE8A59C}" = Autodesk Navisworks 2013 64 bit Exporter Plug-ins English Language Pack

"{9D991146-50D6-49C6-9F77-016DDA29A980}" = Autodesk Navisworks Manage 2013 - 2013 DWG File Reader

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 305.93

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 305.93

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 305.93

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.49

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{CFB325F3-4F9D-0000-B3A3-D591AF2BBFE0}" = Autodesk Navisworks Manage 2013

"{CFB325F3-4F9D-0409-B3A3-D591AF2BBFE0}" = Autodesk Navisworks Manage 2013 English Language Pack

"{DE7FFE23-D092-5379-B83C-0E27FF07E329}" = Autodesk Navisworks 2013 64 bit Exporter Plug-ins

"{E4320C84-D80B-0000-9AEB-2DA707F4236E}" = Autodesk Navisworks Freedom 2013

"{E4320C84-D80B-0409-9AEB-2DA707F4236E}" = Autodesk Navisworks Freedom 2013 English Language Pack

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Autodesk Navisworks 2013 64 bit Exporter Plug-ins" = Autodesk Navisworks 2013 64 bit Exporter Plug-ins

"Autodesk Navisworks 2013 64 bit Exporter Plug-ins English Language Pack" = Autodesk Navisworks 2013 64 bit Exporter Plug-ins English Language Pack

"Autodesk Navisworks Freedom 2013" = Autodesk Navisworks Freedom 2013

"Autodesk Navisworks Freedom 2013 English Language Pack" = Autodesk Navisworks Freedom 2013 English Language Pack

"Autodesk Navisworks Manage 2013" = Autodesk Navisworks Manage 2013

"Autodesk Navisworks Manage 2013 English Language Pack" = Autodesk Navisworks Manage 2013 English Language Pack

"Autodesk Revit 2013" = Autodesk Revit 2013

"Juniper_Setup_Client Activex Control" = Juniper Networks, Inc. Setup Client 64-bit Activex Control

"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"OnScreenDisplay" = On Screen Display

"Power Management Driver" = Lenovo Power Management Driver

"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}" = Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729

"{0D1CBBB9-F4A8-45B6-95E7-202BA61D7AF4}" = Microsoft Office Communicator 2007 R2

"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime

"{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}" = Autodesk Material Library 2013

"{12867B14-03B1-5FEA-B987-9508DBB92A51}" = Autodesk Navisworks 2013 32 bit Exporter Plug-ins

"{14866AAD-1F23-39AC-A62B-7091ED1ADE64}" = Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729

"{153DB567-6FF3-49AD-AC4F-86F8A3CCFDFB}" = Autodesk Design Review 2013

"{1611A5CF-50B8-4669-98BF-087A28A8CB49}" = Microsoft Conferencing Add-in for Microsoft Office Outlook

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{23E5032B-56CA-4C19-A72E-B50161DB82CA}" = Previous Versions Client

"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver

"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update

"{26A24AE4-039D-4CA4-87B4-2F83216037FF}" = Java 6 Update 37

"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7

"{27C6C0A2-2EC9-4FEA-BE2B-659EAAC2C68C}" = Autodesk Material Library Low Resolution Image Library 2013

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{2AAB21C2-4CDA-4189-A0EC-5ED666113F84}" = McAfee Agent

"{342C9BB8-65A0-46DE-AB7A-8031E151AF69}" = Microsoft Application Virtualization Desktop Client

"{49222832-2DD4-4C35-8E80-DE37359AD032}" = Oracle 11G Instant Client

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}" = Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729

"{58760EEC-8B6A-43F4-81AA-696E381DFADD}" = Autodesk Material Library Medium Resolution Image Library 2013

"{606E12B9-641F-4644-A22A-FF38AE980AFD}" = Autodesk Material Library Base Resolution Image Library 2013

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX

"{6DA2B636-698A-3294-BF4A-B5E11B238CDD}" = Microsoft Visual C++ 2008 x64 MFC Runtime 9.0.30729

"{6E6E7725-C7BC-4C39-8B3F-14B67331A120}" = Lenovo Patch Utility

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{8754105B-2BEF-0409-83F9-573C69BB204F}" = Autodesk Navisworks 2013 32 bit Exporter Plug-ins English Language Pack

"{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}" = Microsoft Visual C++ 2008 x64 OpenMP Runtime 9.0.30729

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{E1E75B27-F1F7-46F6-8760-B51026801165}" =

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPRO_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIO_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPRO_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIO_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PRJPRO_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.VISIO_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PRJPRO_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIO_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PRJPRO_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0409-1000-0000000FF1CE}_Office14.VISIO_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PRJPRO_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.VISIO_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010

"{90140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPRO_{0B58CA00-AB7E-42F4-A564-0B7E12DD0F98}" =

"{90140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPRO_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)

"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010

"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010

"{90140000-0054-0409-0000-0000000FF1CE}_Office14.VISIO_{CDC4310F-8189-485F-B47D-D972217CE173}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)

"{90140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010

"{90140000-0057-0000-0000-0000000FF1CE}_Office14.VISIO_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)

"{90140000-0057-0000-0000-0000000FF1CE}_Office14.VISIO_{FFE737B3-C8B9-43B7-9F8A-7EEB9DE06472}" =

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PRJPRO_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.VISIO_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2010

"{90140000-00B4-0409-0000-0000000FF1CE}_Office14.PRJPRO_{18A0C151-8F8A-4B68-A960-60C464B94329}" = Microsoft Project 2010 Service Pack 1 (SP1)

"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010

"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PRJPRO_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.VISIO_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PRJPRO_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0116-0409-1000-0000000FF1CE}_Office14.VISIO_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{91221AAC-F2A0-4028-8016-C7DAF63CB6CC}" = FARO LS 1.1.408.2

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A78800AF-1779-4AE8-8EBE-16E1BE727C71}" = Integrated Camera Driver Installer Package Ver.1.2.1.18

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-1033-0000-7760-000000000005}" = Adobe Acrobat X Pro

"{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}" = Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729

"{BD8F171C-9EEC-4E19-BEB2-E7BD31F11AE8}" = DG2002

"{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}" = Microsoft Visual C++ 2008 x64 ATL Runtime 9.0.30729

"{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}" = McAfee VirusScan Enterprise

"{D35A8247-0E94-4DE5-BC97-804B449A7122}" = Microsoft Office Live Meeting 2007

"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = Power Manager

"{E569E45F-7BA6-4C7F-B6BA-3FFCBE92FC22}" = Microsoft Application Virtualization Desktop Client

"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support

"{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}" = Microsoft WSE 3.0

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}" = Microsoft Visual C++ 2008 x64 CRT Runtime 9.0.30729

"AC3Filter_is1" = AC3Filter 1.63b

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"Autodesk Design Review 2013" = Autodesk Design Review 2013

"Autodesk Navisworks 2013 32 bit Exporter Plug-ins" = Autodesk Navisworks 2013 32 bit Exporter Plug-ins

"Autodesk Navisworks 2013 32 bit Exporter Plug-ins English Language Pack" = Autodesk Navisworks 2013 32 bit Exporter Plug-ins English Language Pack

"BSRScreenRecorder5" = BSR Screen Recorder 6

"EverFE2.25_is1" = EverFE version 2.25

"FARO LS_is1" = FARO LS 4.8.2.25521

"Google Chrome" = Google Chrome

"Juniper Network Connect 7.2.0" = Juniper Networks Network Connect 7.2.0

"Juniper_Setup_Client Activex Control" = Juniper Networks, Inc. Setup Client Activex Control

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100

"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"Office14.PRJPRO" = Microsoft Project Professional 2010

"Office14.PROPLUS" = Microsoft Office Professional Plus 2010

"Office14.VISIO" = Microsoft Visio Premium 2010

"PuTTY_is1" = PuTTY version 0.62

"ReadPlease 2003_is1" = ReadPlease 2003/ReadPlease PLUS 2003

"RealPlayer 15.0" = RealPlayer

"winscp3_is1" = WinSCP 4.3.7

"Xvid Video Codec 1.3.2" = Xvid Video Codec

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1029987154-1330733110-326569147-72359\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Akamai" = Akamai NetSession Interface

"Dropbox" = Dropbox

"GoToMeeting" = GoToMeeting 5.1.0.880

"Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 11/15/2012 10:05:27 AM | Computer Name = cee-nb25.admin.wpi.edu | Source = WinMgmt | ID = 10

Description =

Error - 11/15/2012 5:30:00 PM | Computer Name = cee-nb25.admin.wpi.edu | Source = Application Error | ID = 1000

Description = Faulting application name: Revit.exe, version: 2013.0.2012.221, time

stamp: 0x4f445896 Faulting module name: og1100asu.dll, version: 10.0.0.0, time stamp:

0x4dfa3413 Exception code: 0xc0000005 Fault offset: 0x00000000000a2467 Faulting process

id: 0xd94 Faulting application start time: 0x01cdc3782d355532 Faulting application

path: C:\PROGRA~1\Autodesk\REVIT2~1\Program\Revit.exe Faulting module path: C:\PROGRA~1\Autodesk\REVIT2~1\Program\og1100asu.dll

Report

Id: 9b6b7c9e-2f6b-11e2-85b9-3c970e342843

Error - 11/15/2012 5:30:55 PM | Computer Name = cee-nb25.admin.wpi.edu | Source = Application Error | ID = 1000

Description = Faulting application name: Revit.exe, version: 2013.0.2012.221, time

stamp: 0x4f445896 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17932,

time stamp: 0x503285c2 Exception code: 0xe0434352 Fault offset: 0x000000000000caed

Faulting

process id: 0xb7c Faulting application start time: 0x01cdc378660162bc Faulting application

path: C:\PROGRA~1\Autodesk\REVIT2~1\Program\Revit.exe Faulting module path: C:\windows\system32\KERNELBASE.dll

Report

Id: bc995a4c-2f6b-11e2-85b9-3c970e342843

Error - 11/15/2012 9:58:53 PM | Computer Name = cee-nb25.admin.wpi.edu | Source = WinMgmt | ID = 10

Description =

Error - 11/16/2012 10:39:23 AM | Computer Name = cee-nb25.admin.wpi.edu | Source = WinMgmt | ID = 10

Description =

Error - 11/17/2012 9:12:15 AM | Computer Name = cee-nb25.admin.wpi.edu | Source = WinMgmt | ID = 10

Description =

Error - 11/18/2012 9:03:22 PM | Computer Name = cee-nb25.admin.wpi.edu | Source = WinMgmt | ID = 10

Description =

Error - 11/19/2012 11:14:05 AM | Computer Name = cee-nb25.admin.wpi.edu | Source = WinMgmt | ID = 10

Description =

Error - 11/19/2012 6:57:54 PM | Computer Name = cee-nb25.admin.wpi.edu | Source = WinMgmt | ID = 10

Description =

Error - 11/20/2012 12:15:56 PM | Computer Name = cee-nb25.admin.wpi.edu | Source = WinMgmt | ID = 10

Description =

[ Media Center Events ]

Error - 10/29/2012 7:54:25 PM | Computer Name = cee-nb25.admin.wpi.edu | Source = MCUpdate | ID = 0

Description = 7:54:23 PM - Error connecting to the internet. 7:54:23 PM - Unable

to contact server..

[ System Events ]

Error - 12/7/2012 9:28:24 AM | Computer Name = cee-nb25.admin.wpi.edu | Source = Microsoft-Windows-GroupPolicy | ID = 1055

Description = The processing of Group Policy failed. Windows could not resolve the

computer name. This could be caused by one of more of the following: a) Name Resolution

failure on the current domain controller. b) Active Directory Replication Latency

(an account created on another domain controller has not replicated to the current

domain controller).

Error - 12/7/2012 1:57:32 PM | Computer Name = cee-nb25.admin.wpi.edu | Source = NETLOGON | ID = 5719

Description = This computer was not able to set up a secure session with a domain

controller

in domain ADMIN due to the following: %%1311 This may lead to authentication problems.

Make sure that this computer is connected to the network. If the problem persists,

please

contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller

for the specified domain, it sets up the secure session to the primary domain controller

emulator in the specified domain. Otherwise, this computer sets up the secure session

to any domain controller in the specified domain.

Error - 12/7/2012 2:29:12 PM | Computer Name = cee-nb25.admin.wpi.edu | Source = Ntfs | ID = 262199

Description = The file system structure on the disk is corrupt and unusable. Please

run the chkdsk utility on the volume Windows.

Error - 12/7/2012 2:29:12 PM | Computer Name = cee-nb25.admin.wpi.edu | Source = Ntfs | ID = 262199

Description = The file system structure on the disk is corrupt and unusable. Please

run the chkdsk utility on the volume Windows.

Error - 12/7/2012 2:29:12 PM | Computer Name = cee-nb25.admin.wpi.edu | Source = Ntfs | ID = 262199

Description = The file system structure on the disk is corrupt and unusable. Please

run the chkdsk utility on the volume Windows.

Error - 12/8/2012 1:43:44 PM | Computer Name = cee-nb25.admin.wpi.edu | Source = hpdskflt | ID = 263145

Description =

Error - 12/8/2012 1:44:06 PM | Computer Name = cee-nb25.admin.wpi.edu | Source = NETLOGON | ID = 5719

Description = This computer was not able to set up a secure session with a domain

controller

in domain ADMIN due to the following: %%1311 This may lead to authentication problems.

Make sure that this computer is connected to the network. If the problem persists,

please

contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller

for the specified domain, it sets up the secure session to the primary domain controller

emulator in the specified domain. Otherwise, this computer sets up the secure session

to any domain controller in the specified domain.

Error - 12/8/2012 1:44:08 PM | Computer Name = cee-nb25.admin.wpi.edu | Source = Microsoft-Windows-GroupPolicy | ID = 1055

Description = The processing of Group Policy failed. Windows could not resolve the

computer name. This could be caused by one of more of the following: a) Name Resolution

failure on the current domain controller. b) Active Directory Replication Latency

(an account created on another domain controller has not replicated to the current

domain controller).

Error - 12/8/2012 1:46:49 PM | Computer Name = cee-nb25.admin.wpi.edu | Source = BROWSER | ID = 8032

Description =

Error - 12/9/2012 1:43:22 PM | Computer Name = cee-nb25.admin.wpi.edu | Source = hpdskflt | ID = 263145

Description =

< End of report >

Link to post
Share on other sites

Re-Run otlDesktopIcon.png by double left click, Vista and Widows 7 users accept UAC alert.

  • Under the customFix.png box at the bottom, paste in the following

    :OTL
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [Apoint] T.EXE File not found
    O4:64bit: - HKLM..\Run: [dshat] rundll32.exe "C:\Users\rworsman89\AppData\Roaming\dshat.dll",TextureKey File not found
    O4:64bit: - HKLM..\Run: [HotKeysCmds] DOWS\SYSTEM32\HKCMD.EXE File not found
    O4:64bit: - HKLM..\Run: [igfxTray] DOWS\SYSTEM32\IGFXTRAY.EXE File not found
    O4:64bit: - HKLM..\Run: [nwiz] STALLQUIET File not found
    O4:64bit: - HKLM..\Run: [Persistence] DOWS\SYSTEM32\IGFXPERS.EXE File not found
    O4:64bit: - HKLM..\Run: [synTPEnh] H.EXE File not found
    O4:64bit: - HKLM..\Run: [uinca] "C:\Windows\System32\rundll32.exe" "C:\Users\rworsman89\AppData\Roaming\uinca.dll",SimpleParseStringFlags File not found
    O4:64bit: - HKLM..\Run: [wiefi] "C:\Windows\System32\rundll32.exe" "C:\Users\rworsman89\AppData\Roaming\wiefi.dll",Iter_Next File not found
    O4 - HKLM..\Run: [] File not found
    O4 - HKU\S-1-5-21-2099159730-725536037-1439141394-1007..\Run: [Microsoft] rundll32 "C:\Users\rworsman89\AppData\Local\Temp\Microsoft\jzobd.dll",h264OutVideoInitW File not found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    :Files
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Win7 Defender
    C:\Users\rworsman89\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdjbnddbclciabnckgeahmneohjlahdm\1.0_0\manager.js
    :Commands
    [emptytemp]
    [CREATERESTOREPOINT]

  • Then click runFixbutton.png button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad), click File > Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Post that log. give update on remaining issues/concerns...

Link to post
Share on other sites

Kevin,

I have run the OTL scan and here is the resultant output.

All processes killed

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Apoint deleted successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\dshat deleted successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HotKeysCmds deleted successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\IgfxTray deleted successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\nwiz deleted successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Persistence deleted successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SynTPEnh deleted successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\uinca deleted successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\wiefi deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_USERS\S-1-5-21-2099159730-725536037-1439141394-1007\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.

File Protocol\Handler\ms-help - No CLSID value found not found.

64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

File ptytemp] not found.

File EATERESTOREPOINT] not found.

OTL by OldTimer - Version 3.2.69.0 log created on 01022013_064017

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Link to post
Share on other sites

OK, good to hear rundll errors have ceased. It is possible to retrieve a Shadow Copy of the file you have lost, I can not guarantee this but is worth a try.. I have no formal instructions for this but i`m sure you`ll be able to work it out..

Go here http://www.shadowexplorer.com/ d/l and install "Shadow Explorer" with that will allow you to browse the Shadow Copies created by the Windows Vista/7 Volume Shadow Copy Service.

There is no guarantee that there will be a copy available but is well worth a try... When you run the program it will open and look just like your own system. Initiall expand C:\ then navigate as you normally would to the missing file. That file should be available in the righthand pane. Right click on the file (if found) and choose Export follow the prompts and export the file to anywhere you wish, maybe the desktop? When done close out Shadow Explorer, then see if the Shadow copy file will open..

Have a look at the link I gave for the d/l, read the instructions, see if you can follow what is required. Let me know if that helps...

Link to post
Share on other sites

Ok do the following:

Remove Combofix now that we're done with it

  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    CF_Uninstall-1.jpg
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

The above procedure will delete the following:

  • ComboFix and its associated files and folders.
  • VundoFix backups, if present
  • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Reset System Restore.

It is very important that you get a successful uninstall because of the extra functions done at the same time, let me know if this does not happen.

Next,

Uninstall adwcleaner.exe

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall
  • Click Yes at Would you like to Uninstall Adwcleaner

Next,

Remove ESET online scanner (Only If installed):

  • Click Start, type Uninstall a Program into the Search programs and files box, and then press ENTER.
  • Click to select ESET Online Scanner from the listing of installed products, and then click Uninstall/Change from the bar that displays the available tasks. Uninstall ESETonline Scanner, only re-boot if prompted.

Next,

  • Download OTC by OldTimer from here http://oldtimer.geekstogo.com/OTC.exe or here http://www.itxassociates.com/OT-Tools/OTC.exe and save to your Desktop.
  • Double click OTC_Icon.jpg icon to start the program.
    If you are using Vista or Windows 7 accept UAC
  • Then Click the big CleanUp.jpg button.
  • You will get a prompt saying "Begining Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
  • This will remove tools we have used and itself.

Any tools/logs remaining on the Desktop can be deleted.

Next,

Your Java javaicon.gif maybe out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:

Go to http://java.com/en/ and click on "Do I have Java"

It will check your current version and then offer to update to the latest version

Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them.

Next,

Download tfc_icon.png TFC to your desktop, from either of the following links

http://oldtimer.geekstogo.com/TFC.exe

http://itxassociates.com/OT-Tools/TFC.exe

  • Save any open work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program. Vista or Windows 7 users accept the UAC alert.
  • If prompted, click "Yes" to reboot.

TFC will automatically close any open programs, including your Desktop. Let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. TFC may re-boot your system, if not Re-boot it yourself to complete cleaning process <---- Very Important

Keep TFC it is an excellent, run weekly utility to keep your system optimized, it empties all user temp folders, Java cache etc etc. Always remember to re-boot after a run, even if not prompted

Let me know if those steps complete, also if any remaining issues or concerns...

Kevin...

Link to post
Share on other sites

No need to Uninstall, just delete it, also any logs that were created... If no more problems here are some tips to reduce the potential for malware infection in the future:

Make proper use of your antivirus and firewall

Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.

You should keep your antivirus and firewall guard enabled at all times, NEVER turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Install and use WinPatrol from here http://www.winpatrol.com/download.html This will inform you of any attempted unauthorized changes to your system.

WinPatrol features explained here http://www.winpatrol.com/features.html

Go here http://www.filehippo.com/updatechecker/ run the FileHippo Update Checker, update all applications as suggested by the Update Checker. Ignore any Beta updates. (Use stand alone version, not a full install)

If Java or Adobe are updated please check under Start > Control Panel > Add/Remove Programs, ensure any old versions are removed. <--- Very important

Use a safer web browser

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives:

FireFox http://www.mozilla.com/en-US/,

Opera http://www.opera.com/, and

Chrome http://www.google.com/chrome.

All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here http://www.bleepingcomputer.com/tutorials/tutorial102.html which will help you to make IE MUCH safer.

These browser add-ons will help to make your browser safer:

Web of Trust warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones:

Available for Firefox and Internet Explorer.

Green to go,

Yellow for caution, and

Red to stop.

Available for Firefox only. NoScript helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing.

These are just a couple of the most popular add-ons, if you're interested in more, take a look at this article:

http://browsers.about.com/od/addonsplugi2/tp/browser_security_privacy.htm

Here a couple of links by two security experts that will give some excellent tips and advice.

So how did I get infected in the first place by Tony Klein

How to prevent Malware by Miekiemoes

Finally this link http://www.geekstogo.com/forum/topic/38-free-antivirus-and-antispyware-software will give a comprehensive upto date list of free Security programs. To include - Antivirus, Antispyware, Firewall, Antimalware, Online scanners and rescue CD`s.

Don`t forget, the best form of defense is common sense. If you don`t recognize it, don`t open it. If something looks to good to be true, then it aint.

If no remaining issues is it ok to close out your thread...

Take care,

Kevin

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.