Jump to content

Playtopus .dll error


Recommended Posts

Hi,

I am getting the same error as reported in: http://forums.malwarebytes.org/index.php?showtopic=122457 I had seen that it was resolved via OTL with a custom fix.

 

I ran the quick scan with "scan all users" checked and attached the output files.

 

What would be the custom fix that I can paste in?

 

Greatly appreciate the help and time,

-Aaron

OTL.Txt

Extras.Txt

Link to post
Share on other sites

OTL logfile created on: 7/22/2013 1:17:01 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\lily.cardenas\Downloads
 Enterprise Edition N Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.16 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 46.20% Memory free
6.33 Gb Paging File | 4.38 Gb Available in Paging File | 69.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 168.12 Gb Free Space | 72.22% Space Free | Partition Type: NTFS
 
Computer Name: QMLT-LCARDENAS1 | User Name: lily.cardenas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/07/22 13:16:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\lily.cardenas\Downloads\OTL.exe
PRC - [2013/07/22 13:15:14 | 002,570,592 | ---- | M] (LogMeIn, Inc.) -- C:\Users\lily.cardenas\AppData\Local\LogMeIn Rescue Applet\LMIR0004.tmp\lmi_rescue.exe
PRC - [2013/06/03 14:10:02 | 000,408,592 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\WebEx\Productivity Tools\PTIM.exe
PRC - [2013/06/03 14:10:02 | 000,097,808 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\WebEx\Productivity Tools\ptSrv.exe
PRC - [2013/03/08 18:28:59 | 000,143,928 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
PRC - [2013/03/08 18:28:56 | 001,785,792 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\Smc.exe
PRC - [2012/10/04 09:57:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/04/04 18:04:54 | 000,031,664 | ---- | M] (Stronghold Online Backup) -- C:\Users\lily.cardenas\AppData\Local\Strongvault Online Backup\SMessaging.exe
PRC - [2012/03/29 07:57:14 | 000,498,960 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2012/03/29 07:57:10 | 000,107,792 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2012/03/29 07:57:02 | 003,421,456 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2012/02/26 09:42:28 | 000,632,320 | ---- | M] (FileZilla Project) -- C:\Program Files\FileZilla Server\FileZilla server.exe
PRC - [2012/02/20 04:00:00 | 000,981,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\CCM\CcmExec.exe
PRC - [2012/02/20 04:00:00 | 000,636,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\CCM\SCNotification.exe
PRC - [2012/02/20 04:00:00 | 000,442,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\CCM\RemCtrl\CmRcService.exe
PRC - [2012/02/17 10:37:46 | 015,963,936 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
PRC - [2011/12/16 02:36:20 | 000,018,432 | ---- | M] (Apache Software Foundation) -- C:\InterSystems\Ensemble\httpd\bin\httpd.exe
PRC - [2011/12/15 23:49:56 | 000,014,848 | ---- | M] (InterSystems) -- c:\InterSystems\Ensemble\bin\ctrmd.exe
PRC - [2011/12/15 23:49:06 | 001,032,192 | ---- | M] (InterSystems) -- C:\InterSystems\Ensemble\bin\csystray.exe
PRC - [2011/12/15 23:48:44 | 000,021,504 | ---- | M] (InterSystems) -- c:\InterSystems\Ensemble\bin\cservice.exe
PRC - [2011/12/15 23:22:14 | 003,764,224 | ---- | M] (InterSystems) -- c:\InterSystems\Ensemble\bin\cache.exe
PRC - [2011/12/15 23:22:14 | 000,054,784 | ---- | M] (InterSystems) -- c:\InterSystems\Ensemble\bin\clmanager.exe
PRC - [2011/09/21 18:43:26 | 007,632,288 | ---- | M] (Autonomy Corporation plc) -- C:\Program Files\Iron Mountain\Connected BackupPC\AgentService.exe
PRC - [2011/09/21 18:43:18 | 000,287,744 | ---- | M] (Autonomy Corporation plc) -- C:\Program Files\Iron Mountain\Connected BackupPC\Agent.exe
PRC - [2011/07/25 09:43:18 | 000,686,704 | ---- | M] () -- C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
PRC - [2011/07/20 14:09:46 | 000,505,720 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2011/05/11 00:15:08 | 000,826,272 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
PRC - [2011/05/11 00:15:08 | 000,031,648 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
PRC - [2011/04/13 10:41:22 | 000,057,680 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 04:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 04:17:02 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
PRC - [2010/09/27 13:00:18 | 001,549,088 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
PRC - [2010/09/27 12:58:24 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010/09/15 11:14:36 | 000,057,168 | ---- | M] (UPEK Inc.) -- C:\Program Files\Common Files\SPBA\upeksvr.exe
PRC - [2010/08/13 17:25:08 | 000,223,848 | ---- | M] (O2Micro.) -- C:\Windows\System32\SDIOAssist.exe
PRC - [2010/07/07 12:59:22 | 000,054,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2010/05/31 13:17:06 | 000,054,640 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2010/03/11 00:22:04 | 000,599,408 | ---- | M] (Citrix Systems, Inc.) -- C:\Users\lily.cardenas\AppData\Local\Citrix\ICA Client\wfcrun32.exe
PRC - [2010/03/11 00:21:16 | 000,300,400 | ---- | M] (Citrix Systems, Inc.) -- C:\Users\lily.cardenas\AppData\Local\Citrix\ICA Client\concentr.exe
PRC - [2010/02/10 17:50:50 | 000,072,296 | ---- | M] (O2Micro International) -- C:\Windows\System32\drivers\o2flash.exe
PRC - [2009/11/01 20:30:00 | 002,508,104 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2005/05/12 12:40:38 | 004,167,376 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office Communicator\communicator.exe
PRC - [2004/02/11 09:00:00 | 000,118,784 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2003/04/18 18:06:26 | 000,008,192 | ---- | M] () -- C:\Windows\System32\srvany.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/05/28 16:07:55 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\3c2ed368e1f3889997dfb42a5ca77284\System.Core.ni.dll
MOD - [2013/05/28 13:26:07 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013/05/28 11:19:36 | 001,838,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\2743fdfcb695f6e9b1c3c4a7759ff4e8\Microsoft.VisualBasic.ni.dll
MOD - [2013/05/28 08:31:37 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a9594959e951127f16eb49644ba92f79\PresentationFramework.ni.dll
MOD - [2013/05/28 08:31:26 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7cfbbd029ef945fbcdaedd24b2b67a24\PresentationCore.ni.dll
MOD - [2013/05/28 08:31:24 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\153143f74d840484b510d8cf5187796b\System.Windows.Forms.ni.dll
MOD - [2013/05/28 08:31:21 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\2f9e0112e10f9e70d3430d0be9863976\System.Core.ni.dll
MOD - [2013/05/28 08:31:16 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\af18b8a8f56494da44cc448f3b9704a5\WindowsBase.ni.dll
MOD - [2013/05/28 08:31:15 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\233661f3a2b632e9553915c8639637d0\System.Configuration.ni.dll
MOD - [2013/04/01 17:37:21 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll
MOD - [2013/04/01 17:36:51 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/04/01 17:36:36 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/04/01 17:36:32 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/04/01 17:36:22 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2013/02/25 12:50:28 | 000,900,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SCNotification\1e375a2507addff9ac938576f181a205\SCNotification.ni.exe
MOD - [2013/02/25 12:50:27 | 000,479,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SCClient.Data\6ad0aefb08792c7634ed86bc851a372e\SCClient.Data.ni.dll
MOD - [2013/01/28 11:56:59 | 000,436,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SCClient.Common\1ff44e5f84603f7a536531a6ab165469\SCClient.Common.ni.dll
MOD - [2013/01/28 11:56:57 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\ac9e3eca6c148504588e7c6d09fe83e3\System.Management.ni.dll
MOD - [2013/01/28 11:56:31 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\5ea93652e4752c75bc6fbb195b4eb864\System.Runtime.Remoting.ni.dll
MOD - [2013/01/28 11:56:21 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll
MOD - [2013/01/28 11:19:57 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll
MOD - [2013/01/28 11:19:53 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll
MOD - [2013/01/28 11:19:51 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll
MOD - [2013/01/28 11:19:47 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2012/10/10 05:32:16 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll
MOD - [2011/07/25 09:43:18 | 000,686,704 | ---- | M] () -- C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
MOD - [2010/11/04 17:58:06 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/09/27 13:03:08 | 000,201,512 | ---- | M] () -- C:\Windows\System32\vpnapi.dll
MOD - [2010/03/24 21:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/02/28 02:55:42 | 001,040,736 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
MOD - [2010/01/30 02:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2005/09/21 04:57:56 | 004,325,376 | ---- | M] () -- C:\Program Files\Cisco Systems\VPN Client\qt-mt335.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013/03/08 18:29:00 | 000,288,208 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\snac.exe -- (SNAC)
SRV - [2013/03/08 18:28:59 | 000,143,928 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe -- (SepMasterService)
SRV - [2013/03/08 18:28:56 | 001,785,792 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\Smc.exe -- (SmcService)
SRV - [2013/02/07 16:02:16 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/10 05:32:20 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/29 07:57:36 | 002,324,752 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV - [2012/03/29 07:57:24 | 000,241,936 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2012/03/29 07:57:14 | 000,498,960 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2012/03/29 07:57:10 | 000,107,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2012/02/26 09:42:28 | 000,632,320 | ---- | M] (FileZilla Project) [Auto | Running] -- C:\Program Files\FileZilla Server\FileZilla server.exe -- (FileZilla Server)
SRV - [2012/02/20 04:00:00 | 000,981,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\CCM\CcmExec.exe -- (CcmExec)
SRV - [2012/02/20 04:00:00 | 000,442,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\CCM\RemCtrl\CmRcService.exe -- (CmRcService)
SRV - [2012/02/20 04:00:00 | 000,251,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\CCM\TSManager.exe -- (smstsmgr)
SRV - [2011/12/16 02:36:20 | 000,018,432 | ---- | M] (Apache Software Foundation) [On_Demand | Running] -- C:\InterSystems\Ensemble\httpd\bin\httpd.exe -- (ENSEMBLEhttpd)
SRV - [2011/12/16 00:25:52 | 000,121,344 | ---- | M] (InterSystems) [On_Demand | Stopped] -- C:\Program Files\Common Files\InterSystems\Agent\ISCAgent.exe -- (ISCAgent)
SRV - [2011/12/15 23:48:44 | 000,021,504 | ---- | M] (InterSystems) [Auto | Running] -- c:\InterSystems\Ensemble\bin\cservice.exe -- (Cache_c-_intersystems_ensemble)
SRV - [2011/12/06 17:20:20 | 000,048,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Policy Platform\policyHost.exe -- (lppsvc)
SRV - [2011/12/06 17:20:20 | 000,048,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Policy Platform\policyHost.exe -- (lpasvc)
SRV - [2011/09/21 18:43:26 | 007,632,288 | ---- | M] (Autonomy Corporation plc) [Auto | Running] -- C:\Program Files\Iron Mountain\Connected BackupPC\AgentService.exe -- (AgentService)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/05/11 00:15:08 | 000,826,272 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
SRV - [2011/05/11 00:15:08 | 000,031,648 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
SRV - [2010/09/27 12:58:24 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010/02/10 17:50:50 | 000,072,296 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\System32\drivers\o2flash.exe -- (O2FLASH)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2003/04/18 18:06:26 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Windows\System32\srvany.exe -- (O2SDIOAssist)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - [2013/05/31 12:00:17 | 001,002,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\BASHDefs\20130620.011\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/05/22 13:34:51 | 001,611,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\VirusDefs\20130722.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/05/22 13:34:51 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\VirusDefs\20130722.003\NAVENG.SYS -- (NAVENG)
DRV - [2013/03/09 10:23:14 | 000,111,584 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SysPlant.sys -- (SysPlant)
DRV - [2013/03/08 18:31:11 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/03/08 18:29:04 | 000,927,904 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\SEP\0C0107DF\07DF.105\x86\SymEFA.sys -- (SymEFA)
DRV - [2013/03/08 18:29:04 | 000,585,888 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\SEP\0C0107DF\07DF.105\x86\srtsp.sys -- (SRTSP)
DRV - [2013/03/08 18:29:04 | 000,368,288 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SEP\0C0107DF\07DF.105\x86\SymDS.sys -- (SymDS)
DRV - [2013/03/08 18:29:04 | 000,338,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SEP\0C0107DF\07DF.105\x86\symnets.sys -- (SYMNETS)
DRV - [2013/03/08 18:29:04 | 000,175,264 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SEP\0C0107DF\07DF.105\x86\Ironx86.sys -- (SymIRON)
DRV - [2013/03/08 18:29:04 | 000,032,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SEP\0C0107DF\07DF.105\x86\srtspx.sys -- (SRTSPX)
DRV - [2013/03/08 18:29:01 | 000,075,528 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\Teefer.sys -- (Teefer2)
DRV - [2013/03/08 18:28:57 | 000,028,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\SyDvCtrl32.sys -- (SyDvCtrl)
DRV - [2013/03/08 17:28:02 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\IPSDefs\20130719.012\IDSvix86.sys -- (IDSVix86)
DRV - [2013/02/06 20:23:00 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/02/06 20:23:00 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/12/25 01:36:02 | 000,134,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SEP\0C0107DF\07DF.105\x86\ccSetx86.sys -- (ccSettings_{29AC8EDB-F22A-46D3-9D66-4244585EAD0A})
DRV - [2012/08/10 22:43:26 | 000,358,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1c6232.sys -- (e1cexpress)
DRV - [2012/03/12 14:03:44 | 010,339,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Netwsn00.sys -- (NETwNs32)
DRV - [2012/02/20 04:00:00 | 000,020,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2011/09/21 18:43:26 | 000,045,384 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\System32\drivers\LV_Tracker.sys -- (LV_Tracker)
DRV - [2011/07/22 12:28:26 | 000,044,144 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\accelern.sys -- (Acceler)
DRV - [2011/07/15 21:30:50 | 000,017,904 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\stdcfltn.sys -- (stdcfltn)
DRV - [2011/05/26 09:50:30 | 000,305,488 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2011/05/10 14:05:48 | 000,033,896 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV - [2011/03/23 13:50:58 | 000,063,976 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sdjw7.sys -- (O2SDJRDR)
DRV - [2011/01/04 13:44:06 | 000,060,904 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2mdfw7.sys -- (O2MDFRDR)
DRV - [2010/11/20 05:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 04:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 04:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 04:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 01:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 01:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/09/27 12:56:00 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2010/07/21 13:13:40 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PBADRV.sys -- (PBADRV)
DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 18:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/13 18:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2008/11/16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-13972982-349782009-317593308-49125\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.google.com/
IE - HKU\S-1-5-21-13972982-349782009-317593308-49125\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-13972982-349782009-317593308-49125\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-13972982-349782009-317593308-49125\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-13972982-349782009-317593308-49125\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 35 92 00 86 B0 D8 CD 01  [binary data]
IE - HKU\S-1-5-21-13972982-349782009-317593308-49125\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-13972982-349782009-317593308-49125\..\URLSearchHook: {9e6103de-c946-4f90-b408-16dbb96585ac} - No CLSID value found
IE - HKU\S-1-5-21-13972982-349782009-317593308-49125\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-13972982-349782009-317593308-49125\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-13972982-349782009-317593308-49125\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-13972982-349782009-317593308-49125\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.yd.delta-search.com/?q={searchTerms}&affID=119351&tt=030213_yd&babsrc=SP_ss&mntrId=8809dc7e0000000000008c705a5c0d61
IE - HKU\S-1-5-21-13972982-349782009-317593308-49125\..\SearchScopes\{232356F8-74D0-423D-B76B-C2B304ECDECE}: "URL" = http://search.us.com/serp/1/?guid={1CD044F6-E36A-4AB4-B8A0-1BC95D9E6486}&action=default_search&k={searchTerms}
IE - HKU\S-1-5-21-13972982-349782009-317593308-49125\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://mysearch.avg.com/?cid=&mid=〈=&ds=&pr=&d=&v=&pid=AVG&sg=&sap=hp"
FF - prefs.js..extensions.enabledAddons: links%40playtopus.com:1.0.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\lily.cardenas\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\IPSFFPlgn\ [2013/03/09 10:24:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/07 16:02:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2013/02/04 11:09:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}: C:\Program Files\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
 
[2013/03/29 13:40:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lily.cardenas\AppData\Roaming\mozilla\Extensions
[2013/07/18 15:34:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lily.cardenas\AppData\Roaming\mozilla\Firefox\Profiles\3y7o8ojz.default\Extensions
[2013/07/18 15:26:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\USERS\LILY.CARDENAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Y7O8OJZ.DEFAULT\EXTENSIONS\LINKS@PLAYTOPUS.COM
[2013/02/07 16:02:16 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/01/16 15:10:30 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/01/16 15:10:30 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Symantec Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Fast Free Converter 3.0) - {DDA5D4B3-468F-4D62-9092-75142C6169B1} - C:\PROGRA~1\FASTFR~1\FASTFR~1\FASTFR~1.DLL File not found
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-13972982-349782009-317593308-49125\..\Toolbar\WebBrowser: (no name) - {848AB00E-7679-432F-A9FC-831A79E6B28B} - No CLSID value found.
O4 - HKLM..\Run: [AgentUiRunKey] C:\Program Files\Iron Mountain\Connected BackupPC\Agent.exe (Autonomy Corporation plc)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [bCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [FileZilla Server Interface] C:\Program Files\FileZilla Server\FileZilla Server Interface.exe (FileZilla Project)
O4 - HKLM..\Run: [FreeFallProtection] C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4 - HKLM..\Run: [intelPROSet] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [sMessaging] C:\Users\lily.cardenas\AppData\Local\Strongvault Online Backup\SMessaging.exe (Stronghold Online Backup)
O4 - HKU\S-1-5-21-13972982-349782009-317593308-49125..\Run: [COMMUNICATOR] C:\Program Files\Microsoft Office Communicator\Communicator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-13972982-349782009-317593308-49125..\Run: [ConnectionCenter] C:\Users\lily.cardenas\AppData\Local\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKU\S-1-5-21-13972982-349782009-317593308-49125..\Run: [PTIM.exe] C:\Program Files\WebEx\Productivity Tools\PTIM.exe (Cisco WebEx LLC)
O4 - HKU\S-1-5-21-13972982-349782009-317593308-49125..\Run: [searchProtect] C:\Users\lily.cardenas\AppData\Roaming\SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-13972982-349782009-317593308-49125..\RunOnce: [*LogMeInRescue_1458014931] C:\Users\lily.cardenas\AppData\Local\LogMeIn Rescue Applet\LMIR0004.tmp\lmi_rescue.exe (LogMeIn, Inc.)
O4 - HKU\S-1-5-21-13972982-349782009-317593308-49125..\RunOnce: [722_12393101231] C:\Users\lily.cardenas\AppData\Local\LogMeIn Rescue Applet\LMIR0003.tmp_r.bat ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\New Windows present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\S-1-5-21-13972982-349782009-317593308-49125\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-13972982-349782009-317593308-49125\..Trusted Domains: dell.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-13972982-349782009-317593308-49125\..Trusted Domains: qmdc-ev1-srv ([]* in Local intranet)
O15 - HKU\S-1-5-21-13972982-349782009-317593308-49125\..Trusted Domains: quadramed.com ([]* in Local intranet)
O15 - HKU\S-1-5-21-13972982-349782009-317593308-49125\..Trusted Domains: quadramed.com ([ev1] * in Local intranet)
O15 - HKU\S-1-5-21-13972982-349782009-317593308-49125\..Trusted Domains: quadramed.com ([qmdc-ev1-srv] * in Local intranet)
O15 - HKU\S-1-5-21-13972982-349782009-317593308-49125\..Trusted Domains: quadramed.com ([qmvm-sccm] http in Trusted sites)
O15 - HKU\S-1-5-21-13972982-349782009-317593308-49125\..Trusted Domains: sacred-heart.org ([shremote] https in Trusted sites)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP1-13926/webex/ieatgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = quadramed.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A31D66C-96C2-4E8F-8FD6-1C3C9ACC5B29}: Domain = quadramed.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A31D66C-96C2-4E8F-8FD6-1C3C9ACC5B29}: NameServer = 192.168.210.31,192.168.210.111
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{518B65C7-716B-48A1-91A3-6A43AF29C8B9}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SEP: DllName - (C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\WinLogoutNotifier.dll) -  File not found
O20 - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0720eda5-6a26-11e2-b369-d4bed93b54bc}\Shell - "" = AutoRun
O33 - MountPoints2\{0720eda5-6a26-11e2-b369-d4bed93b54bc}\Shell\AutoRun\command - "" = E:\MotoCastSetup.exe -a
O33 - MountPoints2\{24cd6ed6-efb8-11e2-b23a-d4bed93b54bc}\Shell - "" = AutoRun
O33 - MountPoints2\{24cd6ed6-efb8-11e2-b23a-d4bed93b54bc}\Shell\AutoRun\command - "" = E:\MotoCastSetup.exe -a
O33 - MountPoints2\{5fac7487-e24e-11e2-a5e3-d4bed93b54bc}\Shell - "" = AutoRun
O33 - MountPoints2\{5fac7487-e24e-11e2-a5e3-d4bed93b54bc}\Shell\AutoRun\command - "" = E:\MotoCastSetup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/07/19 15:48:42 | 000,000,000 | ---D | C] -- C:\Users\lily.cardenas\AppData\Roaming\Barracuda
[2013/07/19 15:48:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Barracuda
[2013/07/19 15:48:38 | 000,038,352 | ---- | C] (Barracuda Networks) -- C:\Windows\System32\drivers\bmrtswissarmy.sys
[2013/07/19 15:48:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Barracuda
[2013/07/19 15:48:30 | 000,000,000 | ---D | C] -- C:\Program Files\Barracuda
[2013/07/15 21:50:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Nikon
[2013/07/15 20:59:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Panorama Maker 6
[2013/07/15 20:58:57 | 000,000,000 | ---D | C] -- C:\Program Files\ArcSoft
[2013/07/15 20:58:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ArcSoft
[2013/07/15 20:55:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nikon Message Center 2
[2013/07/15 20:55:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2013/07/15 20:54:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Solid Colors
[2013/07/15 20:54:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ViewNX 2
[2013/07/15 20:54:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nikon
[2013/07/15 20:54:16 | 000,000,000 | ---D | C] -- C:\Program Files\Nikon
[2013/07/15 20:54:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Specifications
[2013/07/15 20:54:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Sci-Fi
[2013/07/15 20:52:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Ultima_T15
[2013/07/15 20:52:26 | 000,000,000 | ---D | C] -- C:\ProgramData\EnterNHelp
[2013/07/15 20:52:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Applause and Laugher
[2013/07/15 20:48:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Link to Nikon
[2013/07/09 13:37:59 | 000,000,000 | ---D | C] -- C:\Users\lily.cardenas\Desktop\phone
[2013/06/27 20:20:11 | 000,000,000 | ---D | C] -- C:\Users\lily.cardenas\Desktop\settingupreports
[2013/06/27 11:59:56 | 000,000,000 | ---D | C] -- C:\Users\lily.cardenas\Desktop\dll error reports
[2013/06/27 10:26:33 | 000,000,000 | ---D | C] -- C:\Users\lily.cardenas\Desktop\pics
[2013/06/25 11:20:34 | 000,000,000 | ---D | C] -- C:\Users\lily.cardenas\AppData\Roaming\1O1L1I1PtF1F1C1N
[2013/06/25 11:20:21 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
[1 C:\Users\lily.cardenas\*.tmp files -> C:\Users\lily.cardenas\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/07/22 12:45:14 | 000,011,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/22 12:45:14 | 000,011,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/22 12:41:44 | 000,007,999 | ---- | M] () -- C:\Windows\UEDIT32.INI
[2013/07/22 12:40:24 | 000,000,566 | ---- | M] () -- C:\Windows\SMSCFG.ini
[2013/07/22 12:38:16 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\FreeFileViewerUpdateChecker.job
[2013/07/22 12:37:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/22 12:37:29 | 2548,772,864 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/22 12:23:01 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-13972982-349782009-317593308-49125UA.job
[2013/07/22 12:03:03 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\Playtopus Updater.job
[2013/07/21 15:21:18 | 000,002,044 | -H-- | M] () -- C:\Users\lily.cardenas\Documents\Default.rdp
[2013/07/18 15:26:23 | 000,000,000 | ---- | M] () -- C:\end
[2013/07/18 11:54:01 | 000,664,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/07/18 11:54:01 | 000,122,450 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/07/17 21:23:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-13972982-349782009-317593308-49125Core.job
[2013/07/15 20:59:11 | 000,001,996 | ---- | M] () -- C:\Users\Public\Desktop\Panorama Maker 6.lnk
[2013/07/15 20:54:48 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Scripts Menu
[2013/07/15 20:54:48 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLes.DAT
[2013/07/15 20:54:22 | 000,002,049 | ---- | M] () -- C:\Users\Public\Desktop\ViewNX 2.lnk
[2013/07/15 20:54:05 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Services
[2013/07/15 20:54:05 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLev.DAT
[2013/07/15 20:54:04 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Screen Savers
[2013/07/15 20:54:04 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLet.DAT
[2013/07/15 20:53:35 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLeo.DAT
[2013/07/15 20:52:27 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Sports
[2013/07/10 15:02:32 | 000,293,193 | ---- | M] () -- C:\Users\lily.cardenas\Desktop\zillman.zip
[2013/07/05 15:36:43 | 000,362,035 | ---- | M] () -- C:\Users\lily.cardenas\Desktop\Reports.zip
[2013/07/02 14:36:38 | 000,102,843 | ---- | M] () -- C:\Users\lily.cardenas\Desktop\SmartIX_v2010_1.pdf
[2013/07/01 18:38:06 | 1150,279,680 | ---- | M] () -- C:\Users\lily.cardenas\Desktop\Bogus_tables.mdb
[1 C:\Users\lily.cardenas\*.tmp files -> C:\Users\lily.cardenas\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/07/15 20:59:10 | 000,001,996 | ---- | C] () -- C:\Users\Public\Desktop\Panorama Maker 6.lnk
[2013/07/15 20:54:48 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Scripts Menu
[2013/07/15 20:54:48 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2013/07/15 20:54:21 | 000,002,049 | ---- | C] () -- C:\Users\Public\Desktop\ViewNX 2.lnk
[2013/07/15 20:54:05 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Services
[2013/07/15 20:54:05 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2013/07/15 20:54:04 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Screen Savers
[2013/07/15 20:54:04 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2013/07/15 20:52:26 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Sports
[2013/07/15 20:52:26 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLeo.DAT
[2013/07/10 15:02:32 | 000,293,193 | ---- | C] () -- C:\Users\lily.cardenas\Desktop\zillman.zip
[2013/07/05 15:36:43 | 000,362,035 | ---- | C] () -- C:\Users\lily.cardenas\Desktop\Reports.zip
[2013/07/02 14:36:38 | 000,102,843 | ---- | C] () -- C:\Users\lily.cardenas\Desktop\SmartIX_v2010_1.pdf
[2013/04/01 11:35:17 | 000,004,096 | -H-- | C] () -- C:\Users\lily.cardenas\AppData\Local\keyfile3.drm
[2013/03/24 11:36:21 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2013/03/24 11:36:08 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2013/03/11 09:47:07 | 002,371,584 | ---- | C] () -- C:\Users\lily.cardenas\NTUSER$SAVED
[2013/03/04 16:30:51 | 000,000,467 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2013/01/23 16:04:34 | 000,597,104 | ---- | C] () -- C:\Windows\System32\RssHookDLL.dll
[2013/01/22 16:48:54 | 000,007,999 | ---- | C] () -- C:\Windows\UEDIT32.INI
[2013/01/22 16:24:47 | 000,088,688 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2013/01/15 13:44:58 | 000,002,138 | RHS- | C] () -- C:\Users\lily.cardenas\ntuser.pol
[2012/12/11 16:08:52 | 000,017,850 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/12/11 14:22:57 | 000,004,764 | ---- | C] () -- C:\Windows\System32\CcmFramework.ini
[2012/12/11 14:21:44 | 000,000,566 | ---- | C] () -- C:\Windows\SMSCFG.ini
[2012/12/11 12:15:30 | 000,080,368 | ---- | C] () -- C:\Windows\System32\pbadrvdll.dll
[2012/12/11 12:15:21 | 000,205,192 | ---- | C] () -- C:\Windows\System32\bipbsp.dll
[2012/12/11 12:15:20 | 000,308,624 | ---- | C] () -- C:\Windows\System32\brcmbsp.dll
[2012/12/11 12:05:18 | 000,032,256 | ---- | C] () -- C:\Windows\System32\instsrv.exe
[2012/12/11 12:05:18 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2012/10/10 05:32:16 | 000,272,928 | ---- | C] () -- C:\Windows\System32\igvpkrng600.bin
[2012/10/10 05:32:16 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2012/10/10 05:32:16 | 000,000,259 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2012/10/10 05:32:12 | 000,064,512 | ---- | C] () -- C:\Windows\System32\igdde32.dll
[2012/10/10 05:32:10 | 000,009,728 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012/10/10 05:32:08 | 000,963,452 | ---- | C] () -- C:\Windows\System32\igcodeckrng600.bin
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:09:29 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"" = \\?\globalroot\Device\HarddiskVolume2\Users\LILY~1.CAR\AppData\Local\Temp\sbjbnfq\swvrfxx\wow.dll
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012/12/20 17:16:20 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Webex
[2012/12/20 17:16:20 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Webex
[2012/12/11 13:20:45 | 000,000,000 | ---D | M] -- C:\Users\image_user\AppData\Roaming\Webex
[2012/12/20 17:16:20 | 000,000,000 | ---D | M] -- C:\Users\lc_admin\AppData\Roaming\Webex
[2013/06/25 11:20:34 | 000,000,000 | ---D | M] -- C:\Users\lily.cardenas\AppData\Roaming\1O1L1I1PtF1F1C1N
[2013/02/04 11:09:36 | 000,000,000 | ---D | M] -- C:\Users\lily.cardenas\AppData\Roaming\Babylon
[2013/07/19 15:48:42 | 000,000,000 | ---D | M] -- C:\Users\lily.cardenas\AppData\Roaming\Barracuda
[2013/01/24 13:52:34 | 000,000,000 | ---D | M] -- C:\Users\lily.cardenas\AppData\Roaming\Canon
[2013/02/04 11:09:49 | 000,000,000 | ---D | M] -- C:\Users\lily.cardenas\AppData\Roaming\CRDeltaTB
[2013/02/06 14:39:19 | 000,000,000 | ---D | M] -- C:\Users\lily.cardenas\AppData\Roaming\DameWare Development
[2013/05/08 10:38:57 | 000,000,000 | ---D | M] -- C:\Users\lily.cardenas\AppData\Roaming\Downloaded Installations
[2013/03/26 11:00:16 | 000,000,000 | ---D | M] -- C:\Users\lily.cardenas\AppData\Roaming\DWRCC
[2013/04/01 13:43:05 | 000,000,000 | ---D | M] -- C:\Users\lily.cardenas\AppData\Roaming\FreeFileViewer
[2013/02/04 12:12:09 | 000,000,000 | ---D | M] -- C:\Users\lily.cardenas\AppData\Roaming\HoolappForAndroid
[2013/05/22 11:47:32 | 000,000,000 | ---D | M] -- C:\Users\lily.cardenas\AppData\Roaming\ICAClient
[2013/05/06 20:07:42 | 000,000,000 | ---D | M] -- C:\Users\lily.cardenas\AppData\Roaming\IDM
[2013/02/04 11:09:49 | 000,000,000 | ---D | M] -- C:\Users\lily.cardenas\AppData\Roaming\Strongvault
[2013/01/17 14:29:06 | 000,000,000 | ---D | M] -- C:\Users\lily.cardenas\AppData\Roaming\TeamViewer
[2013/07/09 16:32:35 | 000,000,000 | ---D | M] -- C:\Users\lily.cardenas\AppData\Roaming\Webex
[2012/12/20 17:16:20 | 000,000,000 | ---D | M] -- C:\Users\thomas.stone\AppData\Roaming\Webex
 
========== Purity Check ==========
 
 

< End of report >
 

Link to post
Share on other sites

OTL Extras logfile created on: 7/22/2013 1:17:01 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\lily.cardenas\Downloads
 Enterprise Edition N Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.16 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 46.20% Memory free
6.33 Gb Paging File | 4.38 Gb Available in Paging File | 69.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 168.12 Gb Free Space | 72.22% Space Free | Partition Type: NTFS
 
Computer Name: QMLT-LCARDENAS1 | User Name: lily.cardenas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = UltraEdit.html] -- C:\Program Files\UltraEdit\UEDIT32.EXE (IDM Computer Solutions, Inc.)
.ini [@ = UltraEdit.ini] -- C:\Program Files\UltraEdit\UEDIT32.EXE (IDM Computer Solutions, Inc.)
.js [@ = UltraEdit.js] -- C:\Program Files\UltraEdit\UEDIT32.EXE (IDM Computer Solutions, Inc.)
.txt [@ = UltraEdit.txt] -- C:\Program Files\UltraEdit\UEDIT32.EXE (IDM Computer Solutions, Inc.)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{207AC9D6-A910-4B1B-8894-CEF884AC5144}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{077B5252-8ED0-4EBC-A6E3-A7D567B7F1F5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{69B31DE9-9F3D-47A3-B571-F81264C3377A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{6A45EEB6-CBE5-4D32-9553-828BFC63A46C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{8FF0053C-DB40-4FB8-8613-6240745CFEFF}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{F4A093AA-6DC7-4C21-8613-9017A602C2EC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{023D64D7-E7B4-47C7-BE6E-B7C2E8960D08}" = Citrix online plug-in (Web)
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0CB3B7EE-52C7-4136-AF40-605567D90318}" = O2Micro Flash Memory Card Windows Driver
"{0F1CDEE6-0A36-4FC2-938E-6C5F33445E65}" = Ensemble instance [ENSEMBLE]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series" = Canon MX340 series MP Drivers
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{17BC5B75-6692-40E6-A347-849F595BC802}" = WebEx Productivity Tools
"{1CE60928-8325-49A8-8B06-633E48DD2B67}" = Cisco Systems VPN Client 5.0.07.0410
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2EECD5EF-5095-467C-B80C-4AB3096EFD60}" = SPBA 5.9
"{393E4C89-67E9-43BF-AD29-94D19F7624F7}" = Connected Backup/PC Agent
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{48535366-87B8-452D-9247-B0016F1D04D2}" = Delta
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}" = Dell Data Protection | Access | Drivers
"{4E60E212-3177-4B16-BCB3-616CCC52357D}" = Upek Touchchip Fingerprint Reader
"{4EE4C49A-BE74-4A04-946A-B1E1248707BD}" = Configuration Manager Client
"{52698550-7954-4776-AE83-6D7BC55794CF}" = Microsoft Policy Platform
"{54EB8041-1115-4406-AA4B-44D236E84B3B}" = Intel® PROSet/Wireless WiFi Software
"{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}" = Nikon Movie Editor
"{5E33D30D-D896-4D92-B033-5F45819B2937}" = Strongvault Online Backup
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{731FF1CF-152D-4856-BB95-9F838669E59E}" = DameWare Mini Remote Control
"{7FA89EC8-023D-4AEA-94E2-32820FBBDC44}" = Dell ControlVault Host Components Installer
"{8144262B-25B4-44F6-8204-FCC8EF50179F}" = Citrix online plug-in (DV)
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DAED4FC-2B0E-4F3F-8141-F2ABF02CCFCB}" = BioAPI Framework
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{BD3068DE-D53B-4CE8-B2BC-32E1323441CD}" = PC-CCID
"{BE5AD430-9E0C-4243-AB3F-593835869855}" = Microsoft Office Communicator 2005
"{C335C87B-2D3E-4CCC-BB4B-CE60617B1A51}" = Symantec Endpoint Protection
"{DABFD34E-BE68-4BC6-9254-5D7A7FF76B99}" = ArcSoft Panorama Maker 6
"{E39FF2F6-AE40-4B2F-AC51-5F3EB4971E93}" = Symantec Enterprise Vault HTTP-only Outlook Add-In
"{E64C137C-D0B7-467A-B47F-460AAB30F0A3}" = ViewNX 2
"{EA74A293-3FAC-4D1B-AE3A-3BD47FADDC20}" = Citrix online plug-in (HDX)
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"7-Zip" = 7-Zip 4.65
"9512AA21B791B05A54E27065C45BBC417AB282DF" = Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6)
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Barracuda Malware Removal Tool_is1" = Barracuda Malware Removal Tool
"Canon MX340 series User Registration" = Canon MX340 series User Registration
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CutePDF Writer Installation" = CutePDF Writer 3.0
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"FileZilla Server" = FileZilla Server
"FreeFileViewer_is1" = Free File Viewer 2012
"InstallShield_{0CB3B7EE-52C7-4136-AF40-605567D90318}" = O2Micro Flash Memory Card Windows Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MOOS Project Viewer" = MOOS Project Viewer
"Mozilla Firefox 18.0.2 (x86 en-US)" = Mozilla Firefox 18.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 3.1" = Canon MP Navigator EX 3.1
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"ProInst" = Intel PROSet Wireless
"Speed Dial Utility" = Canon Speed Dial Utility
"Trusted Software Assistant_is1" = File Type Assistant
"UltraEdit-32" = UltraEdit-32 Uninstall
"WinZip" = WinZip
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-13972982-349782009-317593308-49125\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"7-Zip Free Download Packages" = 7-Zip Free Download Packages
"9204f5692a8faf3b" = Dell System Detect
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"GoToMeeting" = GoToMeeting 5.1.0.880
"optimizer_ie" = Widevine Media Optimizer IE 6.0.0
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 5/21/2013 4:51:27 PM | Computer Name = QMLT-LCARDENAS1.quadramed.com | Source = Windows Search Service | ID = 7010
Description =
 
Error - 5/21/2013 4:51:29 PM | Computer Name = QMLT-LCARDENAS1.quadramed.com | Source = Windows Search Service | ID = 3028
Description =
 
Error - 5/21/2013 4:51:29 PM | Computer Name = QMLT-LCARDENAS1.quadramed.com | Source = Windows Search Service | ID = 3058
Description =
 
Error - 5/21/2013 4:51:29 PM | Computer Name = QMLT-LCARDENAS1.quadramed.com | Source = Windows Search Service | ID = 7010
Description =
 
Error - 5/21/2013 4:53:06 PM | Computer Name = QMLT-LCARDENAS1.quadramed.com | Source = Windows Search Service | ID = 3028
Description =
 
Error - 5/21/2013 4:53:06 PM | Computer Name = QMLT-LCARDENAS1.quadramed.com | Source = Windows Search Service | ID = 3058
Description =
 
Error - 5/21/2013 4:53:06 PM | Computer Name = QMLT-LCARDENAS1.quadramed.com | Source = Windows Search Service | ID = 7010
Description =
 
Error - 5/21/2013 5:23:05 PM | Computer Name = QMLT-LCARDENAS1.quadramed.com | Source = Windows Search Service | ID = 3028
Description =
 
Error - 5/21/2013 5:23:05 PM | Computer Name = QMLT-LCARDENAS1.quadramed.com | Source = Windows Search Service | ID = 3058
Description =
 
Error - 5/21/2013 5:23:05 PM | Computer Name = QMLT-LCARDENAS1.quadramed.com | Source = Windows Search Service | ID = 7010
Description =
 
[ Symantec Endpoint Protection Client Events ]
Error - 6/5/2013 10:22:22 AM | Computer Name = QMLT-LCARDENAS1.quadramed.com | Source = Symantec Endpoint Protection Client | ID = 16711731
Description =       Security Risk Found!Adware.GoonSquad in File: c:\programdata\browserprotect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\browserprotect.dll
 by: Scheduled scan.  Action: Quarantine failed : Delete failed.  Action Description:
 Reboot Processing
 
Error - 6/5/2013 10:22:22 AM | Computer Name = QMLT-LCARDENAS1.quadramed.com | Source = Symantec Endpoint Protection Client | ID = 16711731
Description =       Security Risk Found!Adware.GoonSquad in File: C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BROWSERPROTECT.DLL
 by: Auto-Protect scan.  Action: Quarantine failed : Delete failed.  Action Description:
 Reboot Processing
 
Error - 6/5/2013 2:16:15 PM | Computer Name = QMLT-LCARDENAS1.quadramed.com | Source = Symantec Endpoint Protection Client | ID = 16711731
Description =       Security Risk Found!Adware.GoonSquad in File: C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe
 by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description:
 The file was quarantined successfully.
 
Error - 6/7/2013 2:46:10 AM | Computer Name = QMLT-LCARDENAS1.quadramed.com | Source = Symantec Endpoint Protection Client | ID = 16711731
Description =       Security Risk Found!Suspicious.Cloud.5.A in File: C:\Users\lily.cardenas\AppData\Local\Temp\notepad.exe
 by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description:
 The file was quarantined successfully.
 
Error - 6/14/2013 2:53:41 AM | Computer Name = QMLT-LCARDENAS1.quadramed.com | Source = Symantec Endpoint Protection Client | ID = 16711731
Description =       Security Risk Found!Adware.GoonSquad in File: C:\ProgramData\BROWSERPROTECT\2.6.1095.52\{C16C1CCB-7046-4E5C-A2F3-533AD2FEC8E8}\FIREFOXEXTENSION\components\BrowserProtect-18.0.dll
 by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description:
 The file was quarantined successfully.
 
Error - 6/16/2013 12:38:41 AM | Computer Name = QMLT-LCARDENAS1.quadramed.com | Source = Symantec Endpoint Protection Client | ID = 16711731
Description =       Security Risk Found!Trojan.Gen.2 in File: C:\$Recycle.Bin\S-1-5-21-13972982-349782009-317593308-49125\$d9a5a91f2788529a38369ad4be083966\n
 by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description:
 The file was quarantined successfully.
 
Error - 6/25/2013 12:26:23 PM | Computer Name = QMLT-LCARDENAS1.quadramed.com | Source = Symantec Endpoint Protection Client | ID = 16711731
Description =       Security Risk Found!Tracking Cookies in File: Cookie:lily.cardenas@adlegend.com/
 by: Manual scan.  Action: Delete succeeded.  Action Description: The file was deleted
 successfully.
 
Error - 7/15/2013 10:22:53 PM | Computer Name = QMLT-LCARDENAS1.quadramed.com | Source = Symantec Endpoint Protection Client | ID = 16711731
Description =       Security Risk Found!Trojan.Gen.2 in File: D:\photoshop cs\Photoshop\Crack\keygen.exe
 by: Auto-Protect scan.  Action: Clean failed : Quarantine failed : Access denied.
  Action Description: The file was left unchanged.
 
Error - 7/16/2013 7:03:03 PM | Computer Name = QMLT-LCARDENAS1.quadramed.com | Source = Symantec Endpoint Protection Client | ID = 16711731
Description =       Application HeuristicSONAR.Tidserv!gen1 in File: c:\users\lily.cardenas\appdata\local\temp\notepad.exe
 by: SONAR scan.  Action: Quarantine succeeded.  Action Description: The file was
 quarantined successfully.
 
Error - 7/16/2013 7:06:39 PM | Computer Name = QMLT-LCARDENAS1.quadramed.com | Source = Symantec Endpoint Protection Client | ID = 16711731
Description =       Security Risk Found!Tracking Cookies in File: Cookie:lily.cardenas@ad.yieldmanager.com/
 by: Manual scan.  Action: Delete succeeded.  Action Description: The file was deleted
 successfully.
 
[ System Events ]
Error - 4/25/2013 2:44:27 PM | Computer Name = QMLT-LCARDENAS1.quadramed.com | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly.  It has done this
 2 time(s).  The following corrective action will be taken in 30000 milliseconds:
 Restart the service.
 
Error - 4/25/2013 2:44:55 PM | Computer Name = QMLT-LCARDENAS1.quadramed.com | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
%%-2147218174.
 
Error - 4/25/2013 2:44:55 PM | Computer Name = QMLT-LCARDENAS1.quadramed.com | Source = Service Control Manager | ID = 7034
Description = The Windows Search service terminated unexpectedly.  It has done this
 3 time(s).
 
Error - 4/25/2013 2:44:58 PM | Computer Name = QMLT-LCARDENAS1.quadramed.com | Source = TermService | ID = 1067
Description =
 
Error - 4/25/2013 2:44:58 PM | Computer Name = QMLT-LCARDENAS1.quadramed.com | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
%%-2147218174.
 
Error - 4/25/2013 2:44:58 PM | Computer Name = QMLT-LCARDENAS1.quadramed.com | Source = Service Control Manager | ID = 7034
Description = The Windows Search service terminated unexpectedly.  It has done this
 4 time(s).
 
Error - 4/25/2013 2:45:19 PM | Computer Name = QMLT-LCARDENAS1.quadramed.com | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
%%-2147218174.
 
Error - 4/25/2013 2:45:19 PM | Computer Name = QMLT-LCARDENAS1.quadramed.com | Source = Service Control Manager | ID = 7034
Description = The Windows Search service terminated unexpectedly.  It has done this
 5 time(s).
 
Error - 4/25/2013 2:45:50 PM | Computer Name = QMLT-LCARDENAS1.quadramed.com | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
%%-2147218174.
 
Error - 4/25/2013 2:45:50 PM | Computer Name = QMLT-LCARDENAS1.quadramed.com | Source = Service Control Manager | ID = 7034
Description = The Windows Search service terminated unexpectedly.  It has done this
 6 time(s).
 
 
< End of report >
 

Link to post
Share on other sites

Sorry for multiplie posts!

Step 1

Please uninstall this application: BrowserProtect

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
Step 4

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    IE - HKU\S-1-5-21-13972982-349782009-317593308-49125\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

    IE - HKU\S-1-5-21-13972982-349782009-317593308-49125\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

    IE - HKU\S-1-5-21-13972982-349782009-317593308-49125\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.yd.delta-search.com/?q={searchTerms}&affID=119351&tt=030213_yd&babsrc=SP_ss&mntrId=8809dc7e0000000000008c705a5c0d61

    IE - HKU\S-1-5-21-13972982-349782009-317593308-49125\..\SearchScopes\{232356F8-74D0-423D-B76B-C2B304ECDECE}: "URL" = http://search.us.com/serp/1/?guid={1CD044F6-E36A-4AB4-B8A0-1BC95D9E6486}&action=default_search&k={searchTerms}

    FF - prefs.js..extensions.enabledAddons: links%40playtopus.com:1.0.0

    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}: C:\Program Files\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi

    File not found (No name found) -- C:\USERS\LILY.CARDENAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Y7O8OJZ.DEFAULT\EXTENSIONS\LINKS@PLAYTOPUS.COM

    O3 - HKU\S-1-5-21-13972982-349782009-317593308-49125\..\Toolbar\WebBrowser: (no name) - {848AB00E-7679-432F-A9FC-831A79E6B28B} - No CLSID value found.

    O4 - HKU\S-1-5-21-13972982-349782009-317593308-49125..\Run: [searchProtect] C:\Users\lily.cardenas\AppData\Roaming\SearchProtect\bin\cltmng.exe File not found

    [2013/02/04 11:09:36 | 000,000,000 | ---D | M] -- C:\Users\lily.cardenas\AppData\Roaming\Babylon

    :files

    C:\Program Files\Wajam

    C:\Users\lily.cardenas\AppData\Roaming\SearchProtect

    ipconfig /flushdns /c

    :Commands

    [emptytemp]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.
Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • AdwCleaner log
  • OTL Fix log
Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.2 (07.22.2013:2)
OS: Windows 7 Enterprise N x86
Ran by lily.cardenas on Tue 07/23/2013 at 13:40:14.84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngr
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr_toolbar



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}
Successfully deleted the following from C:\Users\lily.cardenas\AppData\Roaming\mozilla\firefox\profiles\3y7o8ojz.default\prefs.js



Emptied folder: C:\Users\lily.cardenas\AppData\Roaming\mozilla\firefox\profiles\3y7o8ojz.default\minidumps [2 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 07/23/2013 at 13:43:54.55
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Link to post
Share on other sites

# AdwCleaner v2.306 - Logfile created 07/23/2013 at 13:46:50
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Enterprise N Service Pack 1 (32 bits)
# User : lily.cardenas - QMLT-LCARDENAS1
# Boot Mode : Normal
# Running from : C:\Users\lily.cardenas\Downloads\AdwCleaner.exe
# Option [Delete]


***** [services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\lily.cardenas\AppData\Local\Giant Savings Extension

***** [Registry] *****

Key Deleted : HKCU\Software\53eded0e06feb14
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\SocialBit
Key Deleted : HKLM\SOFTWARE\53eded0e06feb14
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16490

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.2 (en-US)

File : C:\Users\lily.cardenas\AppData\Roaming\Mozilla\Firefox\Profiles\3y7o8ojz.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [2441 octets] - [23/07/2013 13:46:50]

########## EOF - C:\AdwCleaner[s1].txt - [2501 octets] ##########
 

Link to post
Share on other sites

All processes killed
========== OTL ==========
HKEY_USERS\S-1-5-21-13972982-349782009-317593308-49125\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-21-13972982-349782009-317593308-49125\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-13972982-349782009-317593308-49125\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-13972982-349782009-317593308-49125\Software\Microsoft\Internet Explorer\SearchScopes\{232356F8-74D0-423D-B76B-C2B304ECDECE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{232356F8-74D0-423D-B76B-C2B304ECDECE}\ not found.
Prefs.js: links%40playtopus.com:1.0.0 removed from extensions.enabledAddons
Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}\ not found.
File C:\Program Files\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi not found.
Registry value HKEY_USERS\S-1-5-21-13972982-349782009-317593308-49125\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{848AB00E-7679-432F-A9FC-831A79E6B28B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{848AB00E-7679-432F-A9FC-831A79E6B28B}\ not found.
Registry value HKEY_USERS\S-1-5-21-13972982-349782009-317593308-49125\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect not found.
Folder C:\Users\lily.cardenas\AppData\Roaming\Babylon\ not found.
========== FILES ==========
File\Folder C:\Program Files\Wajam not found.
File\Folder C:\Users\lily.cardenas\AppData\Roaming\SearchProtect not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\lily.cardenas\Downloads\cmd.bat deleted successfully.
C:\Users\lily.cardenas\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: image_user
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: lc_admin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: lily.cardenas
->Temp folder emptied: 20156775 bytes
->Temporary Internet Files folder emptied: 152503986 bytes
->Java cache emptied: 500444 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 2927 bytes
 
User: Public
 
User: thomas.stone
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1020801 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 166.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 07232013_135926

Files\Folders moved on Reboot...
C:\Users\lily.cardenas\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\lily.cardenas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 

Link to post
Share on other sites

Here is the OTL file:

 

OTL logfile created on: 7/26/2013 4:05:16 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\lily.cardenas\Downloads
 Enterprise Edition N Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.16 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 34.17% Memory free
6.33 Gb Paging File | 4.05 Gb Available in Paging File | 64.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 170.61 Gb Free Space | 73.29% Space Free | Partition Type: NTFS
 
Computer Name: QMLT-LCARDENAS1 | User Name: lily.cardenas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/07/26 16:05:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\lily.cardenas\Downloads\OTL.exe
PRC - [2013/07/26 15:57:52 | 002,570,592 | ---- | M] (LogMeIn, Inc.) -- C:\Users\lily.cardenas\AppData\Local\LogMeIn Rescue Applet\LMIR0003.tmp\lmi_rescue.exe
PRC - [2013/07/25 12:18:59 | 000,175,992 | ---- | M] () -- C:\Users\lily.cardenas\AppData\Local\Temp\SLinkSW\RssControl0.exe
PRC - [2013/06/03 14:10:02 | 000,408,592 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\WebEx\Productivity Tools\PTIM.exe
PRC - [2013/06/03 14:10:02 | 000,370,704 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\WebEx\Productivity Tools\ptoneclk.exe
PRC - [2013/06/03 14:10:02 | 000,097,808 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\WebEx\Productivity Tools\ptSrv.exe
PRC - [2013/03/08 18:28:59 | 000,143,928 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
PRC - [2013/03/08 18:28:56 | 001,785,792 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\Smc.exe
PRC - [2012/10/04 09:57:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/29 07:57:36 | 002,324,752 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
PRC - [2012/03/29 07:57:14 | 000,498,960 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2012/03/29 07:57:10 | 000,107,792 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2012/03/29 07:57:02 | 003,421,456 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2012/02/26 09:42:28 | 000,632,320 | ---- | M] (FileZilla Project) -- C:\Program Files\FileZilla Server\FileZilla server.exe
PRC - [2012/02/20 04:00:00 | 000,981,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\CCM\CcmExec.exe
PRC - [2012/02/20 04:00:00 | 000,636,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\CCM\SCNotification.exe
PRC - [2012/02/20 04:00:00 | 000,442,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\CCM\RemCtrl\CmRcService.exe
PRC - [2012/02/17 10:37:46 | 015,963,936 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
PRC - [2011/12/16 02:36:20 | 000,018,432 | ---- | M] (Apache Software Foundation) -- C:\InterSystems\Ensemble\httpd\bin\httpd.exe
PRC - [2011/12/15 23:49:56 | 000,014,848 | ---- | M] (InterSystems) -- c:\InterSystems\Ensemble\bin\ctrmd.exe
PRC - [2011/12/15 23:49:06 | 001,032,192 | ---- | M] (InterSystems) -- C:\InterSystems\Ensemble\bin\csystray.exe
PRC - [2011/12/15 23:48:44 | 000,021,504 | ---- | M] (InterSystems) -- c:\InterSystems\Ensemble\bin\cservice.exe
PRC - [2011/12/15 23:22:14 | 003,764,224 | ---- | M] (InterSystems) -- c:\InterSystems\Ensemble\bin\cache.exe
PRC - [2011/12/15 23:22:14 | 000,054,784 | ---- | M] (InterSystems) -- c:\InterSystems\Ensemble\bin\clmanager.exe
PRC - [2011/09/21 18:43:26 | 007,632,288 | ---- | M] (Autonomy Corporation plc) -- C:\Program Files\Iron Mountain\Connected BackupPC\AgentService.exe
PRC - [2011/09/21 18:43:18 | 000,287,744 | ---- | M] (Autonomy Corporation plc) -- C:\Program Files\Iron Mountain\Connected BackupPC\Agent.exe
PRC - [2011/07/25 09:43:18 | 000,686,704 | ---- | M] () -- C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
PRC - [2011/07/20 14:09:46 | 000,505,720 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2011/05/11 00:15:08 | 000,826,272 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
PRC - [2011/05/11 00:15:08 | 000,031,648 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
PRC - [2011/04/13 10:41:22 | 000,057,680 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 04:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 04:17:02 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
PRC - [2010/09/27 13:00:18 | 001,549,088 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
PRC - [2010/09/27 12:58:24 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010/09/15 11:14:36 | 000,057,168 | ---- | M] (UPEK Inc.) -- C:\Program Files\Common Files\SPBA\upeksvr.exe
PRC - [2010/08/13 17:25:08 | 000,223,848 | ---- | M] (O2Micro.) -- C:\Windows\System32\SDIOAssist.exe
PRC - [2010/07/07 12:59:22 | 000,054,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2010/05/31 13:17:06 | 000,054,640 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2010/03/27 08:38:44 | 001,422,168 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
PRC - [2010/03/11 00:22:04 | 000,599,408 | ---- | M] (Citrix Systems, Inc.) -- C:\Users\lily.cardenas\AppData\Local\Citrix\ICA Client\wfcrun32.exe
PRC - [2010/03/11 00:21:16 | 000,300,400 | ---- | M] (Citrix Systems, Inc.) -- C:\Users\lily.cardenas\AppData\Local\Citrix\ICA Client\concentr.exe
PRC - [2010/02/10 17:50:50 | 000,072,296 | ---- | M] (O2Micro International) -- C:\Windows\System32\drivers\o2flash.exe
PRC - [2009/11/01 20:30:00 | 002,508,104 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/07/13 20:14:26 | 006,376,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mspaint.exe
PRC - [2005/05/12 12:40:38 | 004,167,376 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office Communicator\communicator.exe
PRC - [2004/02/11 09:00:00 | 000,118,784 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2003/04/18 18:06:26 | 000,008,192 | ---- | M] () -- C:\Windows\System32\srvany.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/07/25 12:18:59 | 000,597,104 | ---- | M] () -- C:\Windows\System32\RssHookDLL.dll
MOD - [2013/07/25 12:18:59 | 000,175,992 | ---- | M] () -- C:\Users\lily.cardenas\AppData\Local\Temp\SLinkSW\RssControl0.exe
MOD - [2013/05/28 11:19:36 | 001,838,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\2743fdfcb695f6e9b1c3c4a7759ff4e8\Microsoft.VisualBasic.ni.dll
MOD - [2013/05/28 08:31:37 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a9594959e951127f16eb49644ba92f79\PresentationFramework.ni.dll
MOD - [2013/05/28 08:31:26 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7cfbbd029ef945fbcdaedd24b2b67a24\PresentationCore.ni.dll
MOD - [2013/05/28 08:31:24 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\153143f74d840484b510d8cf5187796b\System.Windows.Forms.ni.dll
MOD - [2013/05/28 08:31:21 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\2f9e0112e10f9e70d3430d0be9863976\System.Core.ni.dll
MOD - [2013/05/28 08:31:16 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\af18b8a8f56494da44cc448f3b9704a5\WindowsBase.ni.dll
MOD - [2013/05/28 08:31:15 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\233661f3a2b632e9553915c8639637d0\System.Configuration.ni.dll
MOD - [2013/02/25 12:50:28 | 000,900,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SCNotification\1e375a2507addff9ac938576f181a205\SCNotification.ni.exe
MOD - [2013/02/25 12:50:27 | 000,479,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SCClient.Data\6ad0aefb08792c7634ed86bc851a372e\SCClient.Data.ni.dll
MOD - [2013/01/28 11:56:59 | 000,436,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SCClient.Common\1ff44e5f84603f7a536531a6ab165469\SCClient.Common.ni.dll
MOD - [2013/01/28 11:56:57 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\ac9e3eca6c148504588e7c6d09fe83e3\System.Management.ni.dll
MOD - [2013/01/28 11:56:31 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\5ea93652e4752c75bc6fbb195b4eb864\System.Runtime.Remoting.ni.dll
MOD - [2013/01/28 11:56:21 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll
MOD - [2013/01/28 11:19:57 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll
MOD - [2013/01/28 11:19:53 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll
MOD - [2013/01/28 11:19:51 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll
MOD - [2013/01/28 11:19:47 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2012/10/10 05:32:16 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll
MOD - [2011/07/25 09:43:18 | 000,686,704 | ---- | M] () -- C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
MOD - [2010/09/27 13:03:08 | 000,201,512 | ---- | M] () -- C:\Windows\System32\vpnapi.dll
MOD - [2010/03/24 21:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/02/28 02:55:42 | 001,040,736 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
MOD - [2010/01/30 02:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2005/09/21 04:57:56 | 004,325,376 | ---- | M] () -- C:\Program Files\Cisco Systems\VPN Client\qt-mt335.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013/03/08 18:29:00 | 000,288,208 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\snac.exe -- (SNAC)
SRV - [2013/03/08 18:28:59 | 000,143,928 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe -- (SepMasterService)
SRV - [2013/03/08 18:28:56 | 001,785,792 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\Smc.exe -- (SmcService)
SRV - [2013/02/07 16:02:16 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/10 05:32:20 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/29 07:57:36 | 002,324,752 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV - [2012/03/29 07:57:24 | 000,241,936 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2012/03/29 07:57:14 | 000,498,960 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2012/03/29 07:57:10 | 000,107,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2012/02/26 09:42:28 | 000,632,320 | ---- | M] (FileZilla Project) [Auto | Running] -- C:\Program Files\FileZilla Server\FileZilla server.exe -- (FileZilla Server)
SRV - [2012/02/20 04:00:00 | 000,981,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\CCM\CcmExec.exe -- (CcmExec)
SRV - [2012/02/20 04:00:00 | 000,442,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\CCM\RemCtrl\CmRcService.exe -- (CmRcService)
SRV - [2012/02/20 04:00:00 | 000,251,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\CCM\TSManager.exe -- (smstsmgr)
SRV - [2011/12/16 02:36:20 | 000,018,432 | ---- | M] (Apache Software Foundation) [On_Demand | Running] -- C:\InterSystems\Ensemble\httpd\bin\httpd.exe -- (ENSEMBLEhttpd)
SRV - [2011/12/16 00:25:52 | 000,121,344 | ---- | M] (InterSystems) [On_Demand | Stopped] -- C:\Program Files\Common Files\InterSystems\Agent\ISCAgent.exe -- (ISCAgent)
SRV - [2011/12/15 23:48:44 | 000,021,504 | ---- | M] (InterSystems) [Auto | Running] -- c:\InterSystems\Ensemble\bin\cservice.exe -- (Cache_c-_intersystems_ensemble)
SRV - [2011/12/06 17:20:20 | 000,048,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Policy Platform\policyHost.exe -- (lppsvc)
SRV - [2011/12/06 17:20:20 | 000,048,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Policy Platform\policyHost.exe -- (lpasvc)
SRV - [2011/09/21 18:43:26 | 007,632,288 | ---- | M] (Autonomy Corporation plc) [Auto | Running] -- C:\Program Files\Iron Mountain\Connected BackupPC\AgentService.exe -- (AgentService)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/05/11 00:15:08 | 000,826,272 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
SRV - [2011/05/11 00:15:08 | 000,031,648 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
SRV - [2010/09/27 12:58:24 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010/02/10 17:50:50 | 000,072,296 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\System32\drivers\o2flash.exe -- (O2FLASH)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2003/04/18 18:06:26 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Windows\System32\srvany.exe -- (O2SDIOAssist)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - [2013/05/31 12:00:17 | 001,002,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\BASHDefs\20130716.011\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/05/22 13:34:51 | 001,611,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\VirusDefs\20130726.004\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/05/22 13:34:51 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\VirusDefs\20130726.004\NAVENG.SYS -- (NAVENG)
DRV - [2013/03/09 10:23:14 | 000,111,584 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SysPlant.sys -- (SysPlant)
DRV - [2013/03/08 18:31:11 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/03/08 18:29:04 | 000,927,904 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\SEP\0C0107DF\07DF.105\x86\SymEFA.sys -- (SymEFA)
DRV - [2013/03/08 18:29:04 | 000,585,888 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\SEP\0C0107DF\07DF.105\x86\srtsp.sys -- (SRTSP)
DRV - [2013/03/08 18:29:04 | 000,368,288 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SEP\0C0107DF\07DF.105\x86\SymDS.sys -- (SymDS)
DRV - [2013/03/08 18:29:04 | 000,338,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SEP\0C0107DF\07DF.105\x86\symnets.sys -- (SYMNETS)
DRV - [2013/03/08 18:29:04 | 000,175,264 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SEP\0C0107DF\07DF.105\x86\Ironx86.sys -- (SymIRON)
DRV - [2013/03/08 18:29:04 | 000,032,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SEP\0C0107DF\07DF.105\x86\srtspx.sys -- (SRTSPX)
DRV - [2013/03/08 18:29:01 | 000,075,528 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\Teefer.sys -- (Teefer2)
DRV - [2013/03/08 18:28:57 | 000,028,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\SyDvCtrl32.sys -- (SyDvCtrl)
DRV - [2013/03/08 17:28:02 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\IPSDefs\20130725.011\IDSvix86.sys -- (IDSVix86)
DRV - [2013/02/06 20:23:00 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/02/06 20:23:00 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/12/25 01:36:02 | 000,134,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SEP\0C0107DF\07DF.105\x86\ccSetx86.sys -- (ccSettings_{29AC8EDB-F22A-46D3-9D66-4244585EAD0A})
DRV - [2012/08/10 22:43:26 | 000,358,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1c6232.sys -- (e1cexpress)
DRV - [2012/03/12 14:03:44 | 010,339,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Netwsn00.sys -- (NETwNs32)
DRV - [2012/02/20 04:00:00 | 000,020,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2011/09/21 18:43:26 | 000,045,384 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\System32\drivers\LV_Tracker.sys -- (LV_Tracker)
DRV - [2011/07/22 12:28:26 | 000,044,144 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\accelern.sys -- (Acceler)
DRV - [2011/07/15 21:30:50 | 000,017,904 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\stdcfltn.sys -- (stdcfltn)
DRV - [2011/05/26 09:50:30 | 000,305,488 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2011/05/10 14:05:48 | 000,033,896 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV - [2011/03/23 13:50:58 | 000,063,976 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sdjw7.sys -- (O2SDJRDR)
DRV - [2011/01/04 13:44:06 | 000,060,904 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2mdfw7.sys -- (O2MDFRDR)
DRV - [2010/11/20 05:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 04:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 04:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 04:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 01:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 01:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/09/27 12:56:00 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2010/07/21 13:13:40 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PBADRV.sys -- (PBADRV)
DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 18:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/13 18:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2008/11/16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-13972982-349782009-317593308-49125\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-13972982-349782009-317593308-49125\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-13972982-349782009-317593308-49125\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-13972982-349782009-317593308-49125\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 35 92 00 86 B0 D8 CD 01  [binary data]
IE - HKU\S-1-5-21-13972982-349782009-317593308-49125\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-13972982-349782009-317593308-49125\..\URLSearchHook: {9e6103de-c946-4f90-b408-16dbb96585ac} - No CLSID value found
IE - HKU\S-1-5-21-13972982-349782009-317593308-49125\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-13972982-349782009-317593308-49125\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-13972982-349782009-317593308-49125\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-13972982-349782009-317593308-49125\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\lily.cardenas\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\IPSFFPlgn\ [2013/03/09 10:24:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/07 16:02:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2013/03/29 13:40:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lily.cardenas\AppData\Roaming\mozilla\Extensions
[2013/07/18 15:34:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lily.cardenas\AppData\Roaming\mozilla\Firefox\Profiles\3y7o8ojz.default\Extensions
[2013/07/18 15:26:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\USERS\LILY.CARDENAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Y7O8OJZ.DEFAULT\EXTENSIONS\LINKS@PLAYTOPUS.COM
[2013/02/07 16:02:16 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/01/16 15:10:30 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/01/16 15:10:30 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Symantec Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Fast Free Converter 3.0) - {DDA5D4B3-468F-4D62-9092-75142C6169B1} - C:\PROGRA~1\FASTFR~1\FASTFR~1\FASTFR~1.DLL File not found
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
O4 - HKLM..\Run: [AgentUiRunKey] C:\Program Files\Iron Mountain\Connected BackupPC\Agent.exe (Autonomy Corporation plc)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [bCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [FileZilla Server Interface] C:\Program Files\FileZilla Server\FileZilla Server Interface.exe (FileZilla Project)
O4 - HKLM..\Run: [FreeFallProtection] C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4 - HKLM..\Run: [intelPROSet] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKU\S-1-5-21-13972982-349782009-317593308-49125..\Run: [COMMUNICATOR] C:\Program Files\Microsoft Office Communicator\Communicator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-13972982-349782009-317593308-49125..\Run: [ConnectionCenter] C:\Users\lily.cardenas\AppData\Local\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKU\S-1-5-21-13972982-349782009-317593308-49125..\Run: [PTIM.exe] C:\Program Files\WebEx\Productivity Tools\PTIM.exe (Cisco WebEx LLC)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-13972982-349782009-317593308-49125..\RunOnce: [*LogMeInRescue_1442093423] C:\Users\lily.cardenas\AppData\Local\LogMeIn Rescue Applet\LMIR0003.tmp\lmi_rescue.exe (LogMeIn, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\New Windows present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\S-1-5-21-13972982-349782009-317593308-49125\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-13972982-349782009-317593308-49125\..Trusted Domains: dell.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-13972982-349782009-317593308-49125\..Trusted Domains: qmdc-ev1-srv ([]* in Local intranet)
O15 - HKU\S-1-5-21-13972982-349782009-317593308-49125\..Trusted Domains: quadramed.com ([]* in Local intranet)
O15 - HKU\S-1-5-21-13972982-349782009-317593308-49125\..Trusted Domains: quadramed.com ([ev1] * in Local intranet)
O15 - HKU\S-1-5-21-13972982-349782009-317593308-49125\..Trusted Domains: quadramed.com ([qmdc-ev1-srv] * in Local intranet)
O15 - HKU\S-1-5-21-13972982-349782009-317593308-49125\..Trusted Domains: quadramed.com ([qmvm-sccm] http in Trusted sites)
O15 - HKU\S-1-5-21-13972982-349782009-317593308-49125\..Trusted Domains: sacred-heart.org ([shremote] https in Trusted sites)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP1-13926/webex/ieatgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = quadramed.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A31D66C-96C2-4E8F-8FD6-1C3C9ACC5B29}: Domain = quadramed.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A31D66C-96C2-4E8F-8FD6-1C3C9ACC5B29}: NameServer = 192.168.210.31,192.168.210.111
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{518B65C7-716B-48A1-91A3-6A43AF29C8B9}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SEP: DllName - (C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\WinLogoutNotifier.dll) -  File not found
O20 - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0720eda5-6a26-11e2-b369-d4bed93b54bc}\Shell - "" = AutoRun
O33 - MountPoints2\{0720eda5-6a26-11e2-b369-d4bed93b54bc}\Shell\AutoRun\command - "" = E:\MotoCastSetup.exe -a
O33 - MountPoints2\{24cd6ed6-efb8-11e2-b23a-d4bed93b54bc}\Shell - "" = AutoRun
O33 - MountPoints2\{24cd6ed6-efb8-11e2-b23a-d4bed93b54bc}\Shell\AutoRun\command - "" = E:\MotoCastSetup.exe -a
O33 - MountPoints2\{5fac7487-e24e-11e2-a5e3-d4bed93b54bc}\Shell - "" = AutoRun
O33 - MountPoints2\{5fac7487-e24e-11e2-a5e3-d4bed93b54bc}\Shell\AutoRun\command - "" = E:\MotoCastSetup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/07/23 13:59:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/07/23 13:36:50 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/07/19 15:48:42 | 000,000,000 | ---D | C] -- C:\Users\lily.cardenas\AppData\Roaming\Barracuda
[2013/07/19 15:48:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Barracuda
[2013/07/19 15:48:38 | 000,038,352 | ---- | C] (Barracuda Networks) -- C:\Windows\System32\drivers\bmrtswissarmy.sys
[2013/07/19 15:48:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Barracuda
[2013/07/19 15:48:30 | 000,000,000 | ---D | C] -- C:\Program Files\Barracuda
[2013/07/17 11:04:27 | 000,000,000 | ---D | C] -- C:\Users\lily.cardenas\Desktop\zillman
[2013/07/15 21:50:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Nikon
[2013/07/15 20:59:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Panorama Maker 6
[2013/07/15 20:58:57 | 000,000,000 | ---D | C] -- C:\Program Files\ArcSoft
[2013/07/15 20:58:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ArcSoft
[2013/07/15 20:55:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nikon Message Center 2
[2013/07/15 20:55:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2013/07/15 20:54:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Solid Colors
[2013/07/15 20:54:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ViewNX 2
[2013/07/15 20:54:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nikon
[2013/07/15 20:54:16 | 000,000,000 | ---D | C] -- C:\Program Files\Nikon
[2013/07/15 20:54:13 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ATL71.DLL
[2013/07/15 20:54:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Specifications
[2013/07/15 20:54:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Sci-Fi
[2013/07/15 20:52:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Ultima_T15
[2013/07/15 20:52:26 | 000,000,000 | ---D | C] -- C:\ProgramData\EnterNHelp
[2013/07/15 20:52:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Applause and Laugher
[2013/07/15 20:48:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Link to Nikon
[2013/07/09 13:37:59 | 000,000,000 | ---D | C] -- C:\Users\lily.cardenas\Desktop\phone
[2013/06/27 20:20:11 | 000,000,000 | ---D | C] -- C:\Users\lily.cardenas\Desktop\settingupreports
[2013/06/27 11:59:56 | 000,000,000 | ---D | C] -- C:\Users\lily.cardenas\Desktop\dll error reports
[2013/06/27 10:26:33 | 000,000,000 | ---D | C] -- C:\Users\lily.cardenas\Desktop\pics
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Users\lily.cardenas\*.tmp files -> C:\Users\lily.cardenas\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/07/26 15:42:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-56795529-3700558200-20912094-1002UA.job
[2013/07/26 15:23:02 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-13972982-349782009-317593308-49125UA.job
[2013/07/26 14:11:26 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\Playtopus Updater.job
[2013/07/26 13:57:33 | 000,011,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/26 13:57:33 | 000,011,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/26 09:34:42 | 000,000,566 | ---- | M] () -- C:\Windows\SMSCFG.ini
[2013/07/26 09:32:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/26 09:32:04 | 2548,772,864 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/25 22:42:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-56795529-3700558200-20912094-1002Core.job
[2013/07/25 22:12:20 | 000,002,044 | -H-- | M] () -- C:\Users\lily.cardenas\Documents\Default.rdp
[2013/07/25 21:23:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-13972982-349782009-317593308-49125Core.job
[2013/07/25 12:18:59 | 000,597,104 | ---- | M] () -- C:\Windows\System32\RssHookDLL.dll
[2013/07/25 12:01:16 | 000,008,058 | ---- | M] () -- C:\Windows\UEDIT32.INI
[2013/07/25 12:01:16 | 000,000,256 | -H-- | M] () -- C:\Windows\uedit32.cfg
[2013/07/18 11:54:01 | 000,664,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/07/18 11:54:01 | 000,122,450 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/07/15 20:59:11 | 000,001,996 | ---- | M] () -- C:\Users\Public\Desktop\Panorama Maker 6.lnk
[2013/07/15 20:54:48 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Scripts Menu
[2013/07/15 20:54:48 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLes.DAT
[2013/07/15 20:54:22 | 000,002,049 | ---- | M] () -- C:\Users\Public\Desktop\ViewNX 2.lnk
[2013/07/15 20:54:05 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Services
[2013/07/15 20:54:05 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLev.DAT
[2013/07/15 20:54:04 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Screen Savers
[2013/07/15 20:54:04 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLet.DAT
[2013/07/15 20:53:48 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ATL71.DLL
[2013/07/15 20:53:35 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLeo.DAT
[2013/07/15 20:52:27 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Sports
[2013/07/10 15:02:32 | 000,293,193 | ---- | M] () -- C:\Users\lily.cardenas\Desktop\zillman.zip
[2013/07/05 15:36:43 | 000,362,035 | ---- | M] () -- C:\Users\lily.cardenas\Desktop\Reports.zip
[2013/07/02 14:36:38 | 000,102,843 | ---- | M] () -- C:\Users\lily.cardenas\Desktop\SmartIX_v2010_1.pdf
[2013/07/01 18:38:06 | 1150,279,680 | ---- | M] () -- C:\Users\lily.cardenas\Desktop\Bogus_tables.mdb
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Users\lily.cardenas\*.tmp files -> C:\Users\lily.cardenas\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/07/25 22:37:35 | 000,000,920 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-56795529-3700558200-20912094-1002UA.job
[2013/07/25 22:37:34 | 000,000,868 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-56795529-3700558200-20912094-1002Core.job
[2013/07/15 20:59:10 | 000,001,996 | ---- | C] () -- C:\Users\Public\Desktop\Panorama Maker 6.lnk
[2013/07/15 20:54:48 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Scripts Menu
[2013/07/15 20:54:48 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2013/07/15 20:54:21 | 000,002,049 | ---- | C] () -- C:\Users\Public\Desktop\ViewNX 2.lnk
[2013/07/15 20:54:05 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Services
[2013/07/15 20:54:05 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2013/07/15 20:54:04 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Screen Savers
[2013/07/15 20:54:04 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2013/07/15 20:52:26 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Sports
[2013/07/15 20:52:26 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLeo.DAT
[2013/07/10 15:02:32 | 000,293,193 | ---- | C] () -- C:\Users\lily.cardenas\Desktop\zillman.zip
[2013/07/05 15:36:43 | 000,362,035 | ---- | C] () -- C:\Users\lily.cardenas\Desktop\Reports.zip
[2013/07/02 14:36:38 | 000,102,843 | ---- | C] () -- C:\Users\lily.cardenas\Desktop\SmartIX_v2010_1.pdf
[2013/04/01 11:35:17 | 000,004,096 | -H-- | C] () -- C:\Users\lily.cardenas\AppData\Local\keyfile3.drm
[2013/03/24 11:36:21 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2013/03/24 11:36:08 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2013/03/11 09:47:07 | 002,371,584 | ---- | C] () -- C:\Users\lily.cardenas\NTUSER$SAVED
[2013/03/04 16:30:51 | 000,000,467 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2013/01/23 16:04:34 | 000,597,104 | ---- | C] () -- C:\Windows\System32\RssHookDLL.dll
[2013/01/22 16:48:54 | 000,008,058 | ---- | C] () -- C:\Windows\UEDIT32.INI
[2013/01/22 16:24:47 | 000,088,688 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2013/01/15 13:44:58 | 000,002,138 | RHS- | C] () -- C:\Users\lily.cardenas\ntuser.pol
[2012/12/11 16:08:52 | 000,017,850 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/12/11 14:22:57 | 000,004,764 | ---- | C] () -- C:\Windows\System32\CcmFramework.ini
[2012/12/11 14:21:44 | 000,000,566 | ---- | C] () -- C:\Windows\SMSCFG.ini
[2012/12/11 12:15:30 | 000,080,368 | ---- | C] () -- C:\Windows\System32\pbadrvdll.dll
[2012/12/11 12:15:21 | 000,205,192 | ---- | C] () -- C:\Windows\System32\bipbsp.dll
[2012/12/11 12:15:20 | 000,308,624 | ---- | C] () -- C:\Windows\System32\brcmbsp.dll
[2012/12/11 12:05:18 | 000,032,256 | ---- | C] () -- C:\Windows\System32\instsrv.exe
[2012/12/11 12:05:18 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2012/10/10 05:32:16 | 000,272,928 | ---- | C] () -- C:\Windows\System32\igvpkrng600.bin
[2012/10/10 05:32:16 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2012/10/10 05:32:16 | 000,000,259 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2012/10/10 05:32:12 | 000,064,512 | ---- | C] () -- C:\Windows\System32\igdde32.dll
[2012/10/10 05:32:10 | 000,009,728 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012/10/10 05:32:08 | 000,963,452 | ---- | C] () -- C:\Windows\System32\igcodeckrng600.bin
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:09:29 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"" = \\?\globalroot\Device\HarddiskVolume2\Users\LILY~1.CAR\AppData\Local\Temp\sbjbnfq\swvrfxx\wow.dll
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
 

 

Thanks again!

Link to post
Share on other sites

Step 1

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    image000q.png

  • Put a checkmark beside loaded modules.

    2012081514h0118.png

  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.

    2012081517h0349.png

  • Click the Start Scan button.

    19695967.jpg

  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    67776163.jpg

  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.

    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    62117367.jpg

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • Step 2

    Please download Malwarebytes Anti-Rootkit from here

    • Unzip the contents to a folder in a convenient location.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt
    In your next reply, post the following log files:
    • TDSSKiller log
    • Malwarebytes' Anti-Rootkit log
Link to post
Share on other sites

15:42:35.0355 6548  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:42:35.0964 6548  ============================================================
15:42:35.0964 6548  Current date / time: 2013/07/29 15:42:35.0964
15:42:35.0964 6548  SystemInfo:
15:42:35.0964 6548  
15:42:35.0964 6548  OS Version: 6.1.7601 ServicePack: 1.0
15:42:35.0964 6548  Product type: Workstation
15:42:35.0964 6548  ComputerName: QMLT-LCARDENAS1
15:42:35.0964 6548  UserName: lily.cardenas
15:42:35.0964 6548  Windows directory: C:\Windows
15:42:35.0964 6548  System windows directory: C:\Windows
15:42:35.0964 6548  Processor architecture: Intel x86
15:42:35.0964 6548  Number of processors: 4
15:42:35.0964 6548  Page size: 0x1000
15:42:35.0964 6548  Boot type: Normal boot
15:42:35.0964 6548  ============================================================
15:42:37.0430 6548  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:42:37.0430 6548  ============================================================
15:42:37.0430 6548  \Device\Harddisk0\DR0:
15:42:37.0430 6548  MBR partitions:
15:42:37.0430 6548  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:42:37.0430 6548  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D193000
15:42:37.0430 6548  ============================================================
15:42:37.0461 6548  C: <-> \Device\Harddisk0\DR0\Partition2
15:42:37.0461 6548  ============================================================
15:42:37.0461 6548  Initialize success
15:42:37.0461 6548  ============================================================
15:43:33.0823 6896  Deinitialize success
 

Link to post
Share on other sites

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.07.29.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
lily.cardenas :: QMLT-LCARDENAS1 [administrator]

7/29/2013 3:53:12 PM
mbar-log-2013-07-29 (15-53-12).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 318137
Time elapsed: 19 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 3
c:\$Recycle.Bin\S-1-5-21-13972982-349782009-317593308-49125\$d9a5a91f2788529a38369ad4be083966\U (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-13972982-349782009-317593308-49125\$d9a5a91f2788529a38369ad4be083966\L (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-13972982-349782009-317593308-49125\$d9a5a91f2788529a38369ad4be083966 (Trojan.Siredef.C) -> Delete on reboot.

Files Detected: 1
c:\$Recycle.Bin\S-1-5-21-13972982-349782009-317593308-49125\$d9a5a91f2788529a38369ad4be083966\@ (Trojan.Siredef.C) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

Link to post
Share on other sites

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.793000 GHz
Memory total: 3398365184, free: 1554034688

Downloaded database version: v2013.07.29.05
Downloaded database version: v2013.07.15.01
Initializing...
------------ Kernel report ------------
     07/29/2013 15:53:08
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\01836378.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\Drivers\SEP\0C0107DF\07DF.105\x86\SYMDS.SYS
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\Drivers\SEP\0C0107DF\07DF.105\x86\SYMEFA.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\stdcfltn.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\PBADRV.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\Drivers\SEP\0C0107DF\07DF.105\x86\ccSetx86.sys
\SystemRoot\system32\Drivers\SEP\0C0107DF\07DF.105\x86\Ironx86.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\Teefer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\Drivers\SysPlant.sys
\SystemRoot\system32\Drivers\SEP\0C0107DF\07DF.105\x86\SYMNETS.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT.SYS
\SystemRoot\system32\Drivers\SEP\0C0107DF\07DF.105\x86\SRTSPX.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\BASHDefs\20130716.011\BHDrvx86.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd32.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\e1c6232.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Netwsn00.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\o2sdjw7.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\O2MDFw7.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\Apfiltr.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\tpm.sys
\SystemRoot\system32\DRIVERS\accelern.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\dne2000.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\drivers\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\VSTAZL3.SYS
\SystemRoot\system32\DRIVERS\VSTDPV3.SYS
\SystemRoot\system32\DRIVERS\VSTCNXT3.SYS
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\drivers\usbccgp.sys
\SystemRoot\system32\drivers\USBD.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\cvusbdrv.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\LV_Tracker.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\parvdm.sys
\??\C:\Windows\system32\Drivers\CVPNDRVA.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\Drivers\SEP\0C0107DF\07DF.105\x86\SRTSP.SYS
\??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\VirusDefs\20130729.003\NAVEX15.SYS
\??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\VirusDefs\20130729.003\NAVENG.SYS
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\WinUSB.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\System32\DRIVERS\scfilter.sys
\SystemRoot\System32\drivers\rdpdr.sys
\SystemRoot\system32\drivers\tdtcp.sys
\SystemRoot\System32\DRIVERS\tssecsrv.sys
\SystemRoot\System32\Drivers\RDPWD.SYS
\??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\IPSDefs\20130726.011\IDSvix86.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\CCM\prepdrv.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\sysferThunk.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\msctf.dll
\Windows\System32\imagehlp.dll
\Windows\System32\sechost.dll
\Windows\System32\urlmon.dll
\Windows\System32\gdi32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\wininet.dll
\Windows\System32\ole32.dll
\Windows\System32\lpk.dll
\Windows\System32\usp10.dll
\Windows\System32\kernel32.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff865ca680
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xffffffff8609f030
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff865ca680, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff865ca360, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff865ca680, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff865cabd8, DeviceName: Unknown, DriverName: \Driver\stdcfltn\
DevicePointer: 0xffffffff8609f030, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 8F607A5A

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 488189952

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488377168-488397168)...
Done!
Infected: c:\$Recycle.Bin\S-1-5-21-13972982-349782009-317593308-49125\$d9a5a91f2788529a38369ad4be083966\@ --> [Trojan.Siredef.C]
Infected: c:\$Recycle.Bin\S-1-5-21-13972982-349782009-317593308-49125\$d9a5a91f2788529a38369ad4be083966\U --> [Trojan.Siredef.C]
Infected: c:\$Recycle.Bin\S-1-5-21-13972982-349782009-317593308-49125\$d9a5a91f2788529a38369ad4be083966\L --> [Trojan.Siredef.C]
Infected: c:\$Recycle.Bin\S-1-5-21-13972982-349782009-317593308-49125\$d9a5a91f2788529a38369ad4be083966 --> [Trojan.Siredef.C]
Scan finished
Creating System Restore point...
Cleaning up...
Executing an action fixdamage.exe...
Success!
Queuing an action fixdamage.exe
Removal successful. No system shutdown is required.
=======================================


Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished
 

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.