Jump to content

MBAM scan turns up nothing, but odd behavior indicates otherwise


Recommended Posts

Windows 7, Symantec Endpoint (up to date) in addition to MBAM (up to date)

 

SEP -- Finds nothing

MBAM -- Finds nothing

MS Safety Scan - Finds nothing

 

MBAM is continuously blocking the same IP address (IP-BLOCK    217.23.9.122 (Type: outgoing, Port: 49661, Process: firefox.exe) when firefox isn't up.

I'm also unable to run the most recent MS security update: KB284727 -- I keep getting a 80005007 unknown error.

 

Suggestions..?

Thanks,

 

-Aran

 

 

Link to post
Share on other sites

Hello Aran and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please follow the instructions here and then post the log files in your next reply.

http://forums.malwarebytes.org/index.php?showtopic=9573

Link to post
Share on other sites

Hi Borislav. Here are the requested log files:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16686  BrowserJavaVersion: 10.40.2
Run by arg at 8:31:14 on 2013-10-03
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8065.5200 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CREDANT\CREDANT Manager\Credant.Manager.Loader.exe
C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\o2flash.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files\CREDANT\CREDANT Manager\Credant.Manager.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Greenshot\Greenshot.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\Smc.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\UltraMon\UltraMonUiAcc.exe
C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Windows\SysWOW64\atashost.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe
C:\Program Files (x86)\OpenVPN\bin\openvpn.exe
C:\Program Files (x86)\Microsoft Lync\communicator.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Microsoft Lync\UcMapi64.exe
C:\Program Files\Synergy\synergyc.exe
C:\Program Files (x86)\Logitech Touch Mouse Server\iTouch-Server-Win.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
C:\PROGRA~2\WINZIP\winzip32.exe
C:\Program Files (x86)\TextPad 7\TextPad.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.


BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [synergy Client] "C:\Program Files\Synergy\synergyc.exe"  --no-daemon --debug WARNING --name ARG 192.168.1.51:24800
mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
mRun: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\UltraMon.lnk - C:\Windows\Installer\{537056B7-32A4-4408-9B54-0341963C7C9C}\IcoUltraMon.ico
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoReadingPane = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: cbord.com
Trusted Zone: live.com
Trusted Zone: salesforce.com
Trusted Zone: sharepoint.com
Trusted Zone: webex.com
DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - C:\Users\arg\AppData\Local\Temp\f5tmp\urxvpn.cab
DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - C:\Users\arg\AppData\Local\Temp\f5tmp\f5tunsrv.cab
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - C:\Users\arg\AppData\Local\Temp\IXP000.TMP\InstallerControl.cab#-1,-1,-1,-1
DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - C:\Users\arg\AppData\Local\Temp\f5tmp\urxshost.cab

DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - C:\Users\arg\AppData\Local\Temp\f5tmp\urxhost.cab

TCP: NameServer = 10.1.1.85
TCP: Interfaces\{21EF0F4B-D0D6-4AE5-926B-46BFDFBDA3AF} : DHCPNameServer = 10.1.1.85
TCP: Interfaces\{4B4FD816-0B32-42C3-8764-1BAA07E0A3B2} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{4B4FD816-0B32-42C3-8764-1BAA07E0A3B2}\35F6D6D656273456E6475627 : DHCPNameServer = 10.3.11.8 10.3.11.9
TCP: Interfaces\{4B4FD816-0B32-42C3-8764-1BAA07E0A3B2}\3626F62746D2770716 : DHCPNameServer = 10.1.1.85 10.1.1.91
TCP: Interfaces\{C2E84BB2-B7C1-445F-BD17-12AF6F2A56CD} : DHCPNameServer = 192.168.1.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: PCANotify - PCANotify.dll
Notify: SEP - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\WinLogoutNotifier.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [intelPROSet] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PROSet/Wireless
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [DFEPApplication] C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [Greenshot] C:\Program Files\Greenshot\Greenshot.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
Hosts: 10.1.1.12 fileserver01ny.cbord.com fileserver01ny
Hosts: 10.1.1.11 fileserver02ny.cbord.com fileserver02ny
Hosts: 10.1.1.12 cfs.cbord.com
Hosts: 10.1.1.33 citrix.cbord.com citrix
Hosts: 10.1.1.26 ssrs.cbord.com ssrs
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\arg\AppData\Roaming\Mozilla\Firefox\Profiles\x2rzjsox.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google


FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\arg\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 CredFltL;CredFltL;C:\Windows\System32\drivers\CredFltL.sys [2013-1-28 36608]
R0 CredFltU;CredFltU;C:\Windows\System32\drivers\CredFltU.sys [2013-1-28 18688]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-3-24 20024]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2013-3-24 22128]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\SEP\0C01029F\136B.105\x64\SymDS64.sys [2011-6-17 451192]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\SEP\0C01029F\136B.105\x64\SymEFA64.sys [2011-6-17 928888]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2011-4-25 87600]
R1 NEOFLTR_7113_22557;Juniper Networks TDI Filter Driver (NEOFLTR_7113_22557);C:\Windows\System32\drivers\NEOFLTR_7113_22557.SYS [2013-9-23 99192]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\SEP\0C01029F\136B.105\x64\Ironx64.sys [2011-6-17 170104]
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2013-4-3 136784]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2011-12-2 1043872]
R2 Credential Vault Host Storage;Credential Vault Host Storage;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2011-12-2 36768]
R2 CredMgmtAgent;CREDANT Manager Agent;C:\Program Files\CREDANT\CREDANT Manager\Credant.Manager.exe [2013-1-28 1854304]
R2 CredMgmtLoader;CREDANT Manager Loader;C:\Program Files\CREDANT\CREDANT Manager\Credant.Manager.Loader.exe [2013-1-28 17760]
R2 DFEPService;Dell Feature Enhancement Pack Service;C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2012-8-15 2280504]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-13 27136]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-3-24 13632]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-7-27 636952]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2013-3-24 189608]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-3-24 166432]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-9-23 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-9-23 701512]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-12-7 167424]
R2 SepMasterService;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe [2011-6-17 137224]
R2 UltraMonUtility;UltraMon Utility Driver;C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-3-24 365600]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-8-23 3342640]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2013-3-24 292864]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2013-3-24 176096]
R3 cvusbdrv;Dell ControlVault;C:\Windows\System32\drivers\cvusbdrv.sys [2013-3-24 45672]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-3-24 331264]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-3-24 358456]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-3-24 791608]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2012-10-9 25528]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-9-23 25928]
R3 O2SDJRDR;O2SDJRDR;C:\Windows\System32\drivers\o2sdjw7x64.sys [2013-3-24 84712]
R3 ST_ACCEL;STMicroelectronics Accelerometer Service;C:\Windows\System32\drivers\ST_ACCEL.sys [2013-3-24 68208]
R3 urvpndrv;F5 Networks VPN Adapter;C:\Windows\System32\drivers\covpnv64.sys [2012-4-6 45776]
R3 usb3Hub;USB-IF USB 3.0 Hub;C:\Windows\System32\drivers\usb3Hub.sys [2012-10-9 47072]
R3 XHCIPort;USB-IF xHCI USB Host Controller;C:\Windows\System32\drivers\xHCIPort.sys [2012-10-9 188896]
S1 BHDrvx64;BHDrvx64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20130924.011\BHDrvx64.sys [2013-10-2 1393240]
S1 SYMNETS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\SEP\0C01029F\136B.105\x64\symnets.sys [2011-6-17 386168]
S1 Uim_VIM;UIM Virtual Image Plugin;C:\Windows\System32\drivers\uim_vimx64.sys [2013-2-18 390352]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 f5ipfw;F5 Networks StoneWall Filter;C:\Windows\System32\drivers\urfltv64.sys [2013-6-13 18992]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2013-5-18 33736]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2012-12-7 36928]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2012-10-9 35256]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-8-23 272688]
S3 netvsc;netvsc;C:\Windows\System32\drivers\netvsc60.sys [2010-11-21 168448]
S3 O2MDFRDR;O2MDFRDR;C:\Windows\System32\drivers\o2mdfw7x64.sys [2013-3-24 72808]
S3 O2MDRRDR;O2MDRRDR;C:\Windows\System32\drivers\O2MDRw7x64.sys [2013-3-24 74984]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2013-5-18 24176]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-4-3 19456]
S3 RecFltr;Reclusa Keyboard;C:\Windows\System32\drivers\RecFltr.sys [2007-1-18 45440]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 SynthVid;SynthVid;C:\Windows\System32\drivers\VMBusVideoM.sys [2010-11-21 22528]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-4-3 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-4-3 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-4-3 1255736]
S3 wbfcvusbdrv;WBF Control Vault;C:\Windows\System32\drivers\wbfcvusbdrv.sys [2011-12-2 15976]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\TextPad.exe="C:\Program Files (x86)\TextPad 7\TextPad.exe" -s "%1" [userChoice]
.
=============== Created Last 30 ================
.
2013-10-01 16:30:48    589896    ----a-w-    C:\Windows\System32\dsNcSmartCardProv.dll
2013-10-01 16:30:48    421448    ----a-w-    C:\Windows\System32\dsNcCredProv.dll
2013-09-24 02:35:39    --------    d-----w-    C:\Program Files (x86)\Windows Resource Kits
2013-09-24 02:31:07    --------    d-----w-    C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-24 02:08:40    --------    d-----w-    C:\Users\arg\AppData\Roaming\Greenshot
2013-09-24 02:08:40    --------    d-----w-    C:\Users\arg\AppData\Local\Greenshot
2013-09-24 02:08:36    --------    d-----w-    C:\Program Files\Greenshot
2013-09-24 01:24:27    33240    ----a-w-    C:\Windows\System32\drivers\GEARAspiWDM.sys
2013-09-24 01:24:20    --------    d-----w-    C:\Program Files\iPod
2013-09-24 01:24:19    --------    d-----w-    C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-24 01:24:19    --------    d-----w-    C:\Program Files\iTunes
2013-09-23 19:24:52    --------    d-sh--w-    C:\$$PendingFiles
2013-09-23 18:53:56    155584    ----a-w-    C:\Windows\System32\drivers\ataport.sys
2013-09-23 16:29:13    --------    d-----w-    C:\Users\arg\AppData\Roaming\Malwarebytes
2013-09-23 16:29:10    38224    ----a-w-    C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2013-09-23 16:29:09    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-09-23 16:29:09    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-09-23 16:29:09    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-23 15:50:10    99192    ----a-w-    C:\Windows\System32\drivers\NEOFLTR_7113_22557.SYS
2013-09-23 15:49:48    --------    d-----w-    C:\Program Files (x86)\Juniper Networks
2013-09-23 15:45:37    --------    d-----w-    C:\Users\arg\AppData\Roaming\Juniper Networks
2013-09-23 14:57:56    --------    d-----w-    C:\Users\arg\AppData\Local\ElevatedDiagnostics
2013-09-23 14:28:36    --------    d-----w-    C:\Program Files (x86)\WinMerge
2013-09-22 08:08:54    --------    d-----w-    C:\Windows\CheckSur
2013-09-19 14:59:46    983400    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2013-09-19 14:59:46    265064    ----a-w-    C:\Windows\System32\drivers\dxgmms1.sys
2013-09-19 14:59:46    144384    ----a-w-    C:\Windows\System32\cdd.dll
2013-09-19 14:59:23    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-09-19 14:59:23    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-09-19 14:59:23    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-09-19 14:59:23    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-09-19 14:59:21    224256    ----a-w-    C:\Windows\System32\wintrust.dll
2013-09-19 14:59:21    175104    ----a-w-    C:\Windows\SysWow64\wintrust.dll
2013-09-19 14:59:21    1472512    ----a-w-    C:\Windows\System32\crypt32.dll
2013-09-19 14:59:21    1166848    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-09-19 14:58:20    111448    ----a-w-    C:\Windows\System32\consent.exe
2013-09-19 14:58:18    70144    ----a-w-    C:\Windows\System32\appinfo.dll
2013-09-19 14:58:17    1930752    ----a-w-    C:\Windows\System32\authui.dll
2013-09-19 14:58:17    1796096    ----a-w-    C:\Windows\SysWow64\authui.dll
2013-09-19 14:57:40    48640    ----a-w-    C:\Windows\System32\wwanprotdim.dll
2013-09-19 14:57:40    230400    ----a-w-    C:\Windows\System32\wwansvc.dll
2013-09-19 14:57:01    1656680    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
2013-09-19 14:55:53    624128    ----a-w-    C:\Windows\System32\qedit.dll
2013-09-19 14:55:53    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2013-09-19 14:55:46    39936    ----a-w-    C:\Windows\System32\drivers\tssecsrv.sys
2013-09-19 14:55:37    3155456    ----a-w-    C:\Windows\System32\win32k.sys
2013-09-19 14:55:04    751104    ----a-w-    C:\Windows\System32\win32spl.dll
2013-09-19 14:55:04    492544    ----a-w-    C:\Windows\SysWow64\win32spl.dll
2013-09-16 16:45:23    --------    d-----w-    C:\Users\arg\AppData\Roaming\KiTTY
2013-09-16 08:07:29    --------    d-----w-    C:\Windows\System32\MRT
2013-09-13 18:22:36    --------    d-----w-    C:\ProgramData\Oracle
2013-09-13 18:22:17    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-13 18:20:10    973736    ----a-w-    C:\Windows\System32\deployJava1.dll
2013-09-13 18:20:10    1095080    ----a-w-    C:\Windows\System32\npDeployJava1.dll
2013-09-13 18:20:08    108968    ----a-w-    C:\Windows\System32\WindowsAccessBridge-64.dll
2013-09-11 14:41:16    --------    d-----w-    C:\_OCA
2013-09-06 16:39:44    --------    d-----w-    C:\Users\arg\AppData\Roaming\Free-PDF-to-Word.com
2013-09-05 08:56:15    --------    d-----w-    C:\Program Files (x86)\Logitech Touch Mouse Server
.
==================== Find3M  ====================
.
2013-09-26 14:12:10    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-26 14:12:10    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-13 18:22:15    868264    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-09-13 18:22:15    790440    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-08-02 02:23:53    5550528    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-08-02 02:15:44    1732032    ----a-w-    C:\Windows\System32\ntdll.dll
2013-08-02 02:15:03    362496    ----a-w-    C:\Windows\System32\wow64win.dll
2013-08-02 02:15:03    243712    ----a-w-    C:\Windows\System32\wow64.dll
2013-08-02 02:15:03    13312    ----a-w-    C:\Windows\System32\wow64cpu.dll
2013-08-02 02:14:57    215040    ----a-w-    C:\Windows\System32\winsrv.dll
2013-08-02 02:14:11    16384    ----a-w-    C:\Windows\System32\ntvdm64.dll
2013-08-02 02:13:34    424448    ----a-w-    C:\Windows\System32\KernelBase.dll
2013-08-02 01:59:30    3968960    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-02 01:59:30    3913664    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-08-02 01:51:23    1292192    ----a-w-    C:\Windows\SysWow64\ntdll.dll
2013-08-02 01:50:42    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2013-08-02 01:50:42    274944    ----a-w-    C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17    338432    ----a-w-    C:\Windows\System32\conhost.exe
2013-08-02 00:59:09    112640    ----a-w-    C:\Windows\System32\smss.exe
2013-08-02 00:45:37    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2013-08-02 00:45:36    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2013-08-02 00:45:35    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2013-08-02 00:45:34    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2013-08-02 00:43:05    6144    ---ha-w-    C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05    4608    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05    3584    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-26 13:14:53    5    ----a-w-    C:\Windows\SysWow64\lMMLDeleteUserData42107612FX.tmp
2013-07-25 09:25:54    1888768    ----a-w-    C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27    1620992    ----a-w-    C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 18:47:08    83208    ----a-w-    C:\Windows\SysWow64\S32EVNT1.DLL
2013-07-19 18:47:08    73496    ----a-w-    C:\Windows\SysWow64\drivers\SYMEVENT.SYS
2013-07-19 18:47:08    124167    ----a-w-    C:\Windows\SysWow64\SYMEVNT.386
2013-07-19 01:58:42    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-07-19 01:41:01    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-07-16 13:09:33    219216    ----a-w-    C:\Windows\SysWow64\atsckernel.exe
2013-07-16 13:09:33    136784    ----a-w-    C:\Windows\SysWow64\atashost.exe
2013-07-09 05:51:16    1217024    ----a-w-    C:\Windows\System32\rpcrt4.dll
2013-07-09 04:52:33    663552    ----a-w-    C:\Windows\SysWow64\rpcrt4.dll
2013-07-06 06:03:53    1910208    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH:  8:31:25.90 ===============
 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 4/2/2013 2:34:57 PM
System Uptime: 10/1/2013 9:14:43 PM (35 hours ago)
.
Motherboard: Dell Inc. |  | 0CPWYR
Processor: Intel® Core i5-3230M CPU @ 2.60GHz | SOCKET 0 | 2601/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 238 GiB total, 135.978 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Virtual WiFi Miniport Adapter
Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&424B243&0&01
Manufacturer: Microsoft
Name: Microsoft Virtual WiFi Miniport Adapter
PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&424B243&0&01
Service: vwifimp
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Symantec Network Security WFP Driver
Device ID: ROOT\LEGACY_SYMNETS\0000
Manufacturer:
Name: Symantec Network Security WFP Driver
PNP Device ID: ROOT\LEGACY_SYMNETS\0000
Service: SYMNETS
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: BHDrvx64
Device ID: ROOT\LEGACY_BHDRVX64\0000
Manufacturer:
Name: BHDrvx64
PNP Device ID: ROOT\LEGACY_BHDRVX64\0000
Service: BHDrvx64
.
==== System Restore Points ===================
.
RP88: 9/23/2013 6:24:09 PM - Windows Update
RP89: 9/23/2013 8:23:56 PM - Windows Update
RP90: 9/23/2013 8:42:57 PM - Windows Update
RP91: 9/23/2013 9:23:18 PM - Installed iTunes
RP92: 9/23/2013 10:35:26 PM - Installed Windows Resource Kit Tools - SubInAcl.exe
RP93: 9/23/2013 10:44:18 PM - Windows Update
RP94: 9/23/2013 10:59:57 PM - Windows Update
RP95: 9/23/2013 11:05:56 PM - Windows Update
RP96: 9/24/2013 9:11:58 PM - Windows Update
RP97: 9/30/2013 4:00:10 AM - Windows Update
RP98: 9/30/2013 5:23:46 PM - Windows Update
.
==== Hosts File Hijack ======================
.
Hosts: 10.1.1.12 fileserver01ny.cbord.com fileserver01ny
Hosts: 10.1.1.11 fileserver02ny.cbord.com fileserver02ny
Hosts: 10.1.1.12 cfs.cbord.com
Hosts: 10.1.1.33 citrix.cbord.com citrix
Hosts: 10.1.1.26 ssrs.cbord.com ssrs
Hosts: 10.1.1.100 email.cbord.com email
Hosts: 10.1.1.101 exchange01ny.cbord.com exchange01ny
Hosts: 10.1.1.102 exchange02ny.cbord.com exchange02ny
Hosts: 10.1.1.114 ares.cbord.com ares
Hosts: 10.1.1.158 clear.cbord.com clear
Hosts: 10.1.1.159 eclear.cbord.com eclear
Hosts: 10.1.1.85 dc01ny.cbord.com dc01ny
Hosts: 10.1.1.55 dc02ny.cbord.com dc02ny
Hosts: 10.1.1.16 source.cbord.com source
Hosts: 10.1.6.3 vulcan.cbord.com vulcan
Hosts: 10.1.1.171 fd2.cbord.com fd2
Hosts: 10.1.1.78 fd8.cbord.com fd8
Hosts: 10.1.1.17 fms-auto-build.cbord.com fms-auto-build
Hosts: 10.1.20.131 fit-dotnet.cbord.com fit-dotnet
Hosts: 10.1.1.71 share.cbord.com share
Hosts: 10.1.1.72 share.cbord.com share
Hosts: 10.1.1.150 im.cbord.com im
Hosts: 10.1.1.149 im01.cbord.com im01
Hosts: 10.1.0.225 confluence.cbord.com confluence
Hosts: 10.1.1.129 webtimesheet.cbord.com webtimesheet
Hosts: 10.1.1.172 wwwhis.cbord.com wwwhis
Hosts: 10.1.1.127 delphi.cbord.com delphi
Hosts: 10.1.1.62 hades.cbord.com hades
Hosts: 10.1.1.76 intranet.cbord.com
Hosts: 10.1.1.34 merlin.cbord.com merlin
Hosts: 10.1.1.14 symposium.cbord.com symposium
Hosts: 10.1.1.111 echo.cbord.com echo
Hosts: 172.17.1.41 getadmin.ugryd.com
Hosts: 10.3.1.35 tps-ody-build.cbord.com
Hosts: 172.31.1.234 gopher.services.local gopher
Hosts: 172.31.1.121 wsusup.services.local wsusup
Hosts: 172.31.1.21 hostsvcs1.services.local
Hosts: 172.31.1.22 hostsvcs2.services.local
Hosts: 172.31.1.24 hostsvcs4.services.local
Hosts: 172.31.1.25 hostsvcs5.services.local
Hosts: 172.31.1.26 hostsvcs6.services.local
Hosts: 172.31.1.27 hostsvcs7.services.local
Hosts: 172.31.1.28 hostsvcs8.services.local
Hosts: 172.31.1.29 hostsvcs9.services.local
Hosts: 172.31.1.30 hostsvcs10.services.local
Hosts: 172.31.1.32 hostsvcs12.services.local
Hosts: 172.31.1.34 hostsvcs14.services.local
Hosts: 172.31.1.35 hostsvcs15.services.local
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.02)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Auslogics Registry Cleaner
BIG-IP Edge Client Components (All Users)
Bonjour
Bulk Rename Utility 2.7.1.2
CCleaner
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
Conexant HDA D330 MDC V.92 Modem
CREDANT Manager
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Dell Client System Update
Dell ControlVault Host Components Installer 64 bit
Dell Edoc Viewer
Dell Feature Enhancement Pack
Dell Touchpad
Dell Webcam Central
File Renamer - Basic
FileZilla Client 3.7.3
Greenshot 1.1.5.2643
inSSIDer 3
Intel PROSet Wireless
Intel® Control Center
Intel® Management Engine Components
Intel® Network Connections 16.8.45.00
Intel® Processor Graphics
Intel® Rapid Storage Technology
Intel® USB 3.0 eXtensible Host Controller Driver
Intel® WiDi
Intel® Wireless Display
Intel® PROSet/Wireless WiFi Software
Intel® Trusted Connect Service Client
IPTInstaller
iTunes
Java 7 Update 40
Java 7 Update 40 (64-bit)
Java Auto Updater
Juniper Networks Network Connect 7.1.0
Juniper Networks Secure Application Manager
Juniper Networks, Inc. Setup Client
Juniper Terminal Services Client
Junk Mail filter update
K-Lite Mega Codec Pack 9.9.0
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Logitech Touch Mouse Server 1.0
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Lync 2010
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 32-bit MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Modem Diagnostic Tool
Mozilla Firefox 24.0 (x86 en-US)
Mozilla Maintenance Service
Mp3tag v2.54
MSVCRT
MSVCRT_amd64
Netwaiting
OpenVPN 2.1_rc4
Password Policy Client 7.01
PCDJ VJ
PeerBlock 1.1 (r518)
PowerDVD DX
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Drive Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2760597) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 64-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2794707) 64-Bit Edition
Security Update for Microsoft Word 2010 (KB2760769) 64-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition
SI TSS
Skype™ 6.6
ST Microelectronics 3 Axis Digital Accelerometer Solution
Symantec Endpoint Protection
Symantec pcAnywhere
Synergy
System Requirements Lab CYRI
TextPad 7
UltraMon
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553157) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589370) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760758) 64-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition
VLC media player 2.0.6
WebEx
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Resource Kit Tools - SubInAcl.exe
WinRAR archiver
WinZip
.
==== Event Viewer Messages From Past Week ========
.
9/30/2013 5:24:15 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070005: Security Update for Windows 7 for x64-based Systems (KB2847927).
9/27/2013 8:40:46 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk2\DR6.
9/26/2013 9:04:11 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UxSms service.
9/26/2013 9:03:41 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UmRdpService service.
10/3/2013 8:29:16 AM, Error: Application Popup [1060]  - \??\C:\Program Files (x86)\Symantec\SYMEVENT.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
10/3/2013 1:14:46 AM, Error: Service Control Manager [7031]  - The Symantec Endpoint Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
10/2/2013 7:23:25 AM, Error: Service Control Manager [7000]  - The BHDrvx64 service failed to start due to the following error:  Element not found.
10/1/2013 9:17:07 PM, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1067]  - The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. .
10/1/2013 9:15:06 PM, Error: Microsoft-Windows-GroupPolicy [1129]  - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
10/1/2013 9:15:05 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  awlegacy BHDrvx64 Gernuwa SYMNETS UimBus Uim_IM Uim_VIM
10/1/2013 9:15:00 PM, Error: Service Control Manager [7001]  - The SI TSS v1.2.1.41 TCS service depends on the TPM Base Services service which failed to start because of the following error:  The operation completed successfully.
10/1/2013 9:15:00 PM, Error: NETLOGON [5719]  - This computer was not able to set up a secure session with a domain controller in domain CBORDNT due to the following:  There are currently no logon servers available to service the logon request.  This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.   ADDITIONAL INFO  If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
10/1/2013 9:15:00 PM, Error: Microsoft-Windows-TaskScheduler [413]  - Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.
10/1/2013 9:14:47 PM, Error: Application Popup [1060]  - \SystemRoot\SysWow64\Drivers\awlegacy.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
.
==== End Of File ===========================
 

Link to post
Share on other sites

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
In your next reply, post the following log files:
  • Malwarebytes' Anti-Malware log
  • OTL log with Extras.txt
Link to post
Share on other sites

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.03.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
arg :: ARG [limited]

Protection: Enabled

10/3/2013 9:02:47 AM
mbam-log-2013-10-03 (09-02-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 239919
Time elapsed: 1 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKLM\SOFTWARE\Updater By SweetPacks (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Updater By SweetPacks (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

 

OTL logfile created on: 10/3/2013 9:07:13 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\arg\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.88 Gb Total Physical Memory | 5.61 Gb Available Physical Memory | 71.18% Memory free
15.75 Gb Paging File | 13.38 Gb Available in Paging File | 84.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 237.70 Gb Total Space | 135.98 Gb Free Space | 57.21% Space Free | Partition Type: NTFS
 
Computer Name: ARG | User Name: arg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found --
PRC - [2013/10/03 09:03:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\arg\Desktop\OTL.exe
PRC - [2013/07/16 09:09:33 | 000,136,784 | ---- | M] (Cisco WebEx LLC) -- C:\Windows\SysWOW64\atashost.exe
PRC - [2013/06/27 15:44:02 | 012,108,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Lync\communicator.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/01/28 22:22:56 | 000,017,760 | ---- | M] (CREDANT Technologies, Inc.) -- C:\Program Files\CREDANT\CREDANT Manager\Credant.Manager.Loader.exe
PRC - [2012/12/18 15:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/07 18:27:50 | 000,167,424 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2012/10/22 20:29:42 | 000,365,600 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/10/22 20:29:42 | 000,278,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/10/22 20:29:40 | 000,166,432 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/10/16 09:54:28 | 000,291,648 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012/05/30 15:00:02 | 000,013,632 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012/05/30 15:00:00 | 000,284,480 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/06/23 02:01:26 | 000,670,792 | ---- | M] (Juniper Networks) -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
PRC - [2011/06/17 16:31:22 | 000,137,224 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
PRC - [2011/04/25 02:24:16 | 000,726,976 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2011/04/25 02:22:40 | 000,305,088 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2009/12/21 08:00:50 | 000,081,920 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
PRC - [2009/02/04 21:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2007/06/14 20:43:20 | 000,538,112 | ---- | M] () -- C:\Program Files (x86)\OpenVPN\bin\openvpn.exe
PRC - [2007/06/14 20:43:20 | 000,104,968 | ---- | M] () -- C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/09/23 14:59:39 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll
MOD - [2013/09/19 21:19:52 | 000,489,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\812063380a132051c054f5ca865f322e\IAStorUtil.ni.dll
MOD - [2013/09/19 21:19:52 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e218ecb21700f8ba41ec9d7415567388\IAStorCommon.ni.dll
MOD - [2013/09/19 21:14:01 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\28ea347a952d20959ac6ae02d7457d39\System.Windows.Forms.ni.dll
MOD - [2013/09/19 21:13:57 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/09/19 21:13:48 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1f6f220f9efe936d1158c79b9d4b451f\WindowsBase.ni.dll
MOD - [2013/09/19 21:13:44 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/09/19 21:13:42 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8f7d83126a3cf283e5ac97f2d6d99f12\System.Configuration.ni.dll
MOD - [2013/09/19 21:13:41 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/09/19 21:13:37 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2007/06/14 20:43:20 | 000,947,200 | ---- | M] () -- C:\Program Files (x86)\OpenVPN\bin\libeay32.dll
MOD - [2007/06/14 20:43:20 | 000,538,112 | ---- | M] () -- C:\Program Files (x86)\OpenVPN\bin\openvpn.exe
MOD - [2007/06/14 20:43:20 | 000,173,568 | ---- | M] () -- C:\Program Files (x86)\OpenVPN\bin\libssl32.dll
MOD - [2007/06/14 20:43:20 | 000,104,968 | ---- | M] () -- C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/01/28 22:22:56 | 001,854,304 | ---- | M] (CREDANT Technologies, Inc.) [Auto | Running] -- C:\Program Files\CREDANT\CREDANT Manager\Credant.Manager.exe -- (CredMgmtAgent)
SRV:64bit: - [2013/01/28 22:22:56 | 000,017,760 | ---- | M] (CREDANT Technologies, Inc.) [Auto | Running] -- C:\Program Files\CREDANT\CREDANT Manager\Credant.Manager.Loader.exe -- (CredMgmtLoader)
SRV:64bit: - [2012/08/23 17:05:12 | 003,342,640 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2012/08/23 17:04:28 | 000,272,688 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2012/08/23 17:04:00 | 000,629,040 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2012/08/23 17:03:14 | 000,149,296 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2012/08/15 17:38:04 | 002,280,504 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe -- (DFEPService)
SRV:64bit: - [2012/07/27 11:54:18 | 000,636,952 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2012/02/13 12:20:00 | 000,313,856 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/12/02 14:03:00 | 001,043,872 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
SRV:64bit: - [2011/12/02 14:03:00 | 000,036,768 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
SRV:64bit: - [2011/11/16 15:47:22 | 000,244,328 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\o2flash.exe -- (O2FLASH)
SRV:64bit: - [2011/11/09 18:38:06 | 000,189,608 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel®
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/10/01 09:34:49 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/09/26 10:12:10 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/16 09:09:33 | 000,136,784 | ---- | M] (Cisco WebEx LLC) [Auto | Running] -- C:\Windows\SysWOW64\atashost.exe -- (atashost)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/18 15:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/07 18:27:50 | 000,167,424 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2012/10/22 20:29:42 | 000,365,600 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/10/22 20:29:42 | 000,278,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/10/22 20:29:40 | 000,166,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/05/30 15:00:02 | 000,013,632 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012/05/11 10:42:24 | 001,643,520 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Security Innovation\SI TSS\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2012/02/08 21:42:52 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2011/06/23 02:01:26 | 000,670,792 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2011/06/17 16:31:26 | 002,591,232 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\Smc.exe -- (SmcService)
SRV - [2011/06/17 16:31:26 | 000,324,528 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\snac64.exe -- (SNAC)
SRV - [2011/06/17 16:31:22 | 000,137,224 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe -- (SepMasterService)
SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/29 15:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2007/06/14 20:43:20 | 000,016,384 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2003/05/29 11:00:00 | 000,106,496 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\pcAnywhere\awhost32.exe -- (awhost32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/24 09:16:03 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/03/24 09:15:58 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/03/24 09:15:58 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/02/18 13:59:44 | 000,633,680 | ---- | M] (Paragon) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\Uim_IMx64.sys -- (Uim_IM)
DRV:64bit: - [2013/02/18 13:59:44 | 000,090,960 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\uimx64.sys -- (UimBus)
DRV:64bit: - [2013/02/18 13:59:42 | 000,390,352 | ---- | M] (Paragon) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\uim_vimx64.sys -- (Uim_VIM)
DRV:64bit: - [2013/01/28 22:15:34 | 000,018,688 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\CredFltU.sys -- (CredFltU)
DRV:64bit: - [2013/01/28 22:15:32 | 000,036,608 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\CredFltL.sys -- (CredFltL)
DRV:64bit: - [2013/01/17 16:28:28 | 000,018,992 | ---- | M] (F5 Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urfltv64.sys -- (f5ipfw)
DRV:64bit: - [2012/12/21 15:47:50 | 000,449,480 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/12/07 18:27:50 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2012/11/07 06:21:52 | 000,099,192 | ---- | M] (Juniper Networks) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NEOFLTR_7113_22557.SYS -- (NEOFLTR_7113_22557)
DRV:64bit: - [2012/10/16 09:53:20 | 000,791,608 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/10/16 09:53:20 | 000,358,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/10/16 09:53:20 | 000,020,024 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012/10/09 19:48:52 | 000,035,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2012/10/09 19:48:52 | 000,025,528 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2012/10/09 19:48:50 | 000,188,896 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xHCIPort.sys -- (XHCIPort)
DRV:64bit: - [2012/10/09 19:48:50 | 000,047,072 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usb3Hub.sys -- (usb3Hub)
DRV:64bit: - [2012/09/30 02:24:08 | 011,523,072 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/10 22:44:18 | 000,482,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2012/07/13 01:56:32 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/05/30 17:42:10 | 000,569,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012/05/21 02:54:04 | 000,068,208 | ---- | M] (STMicroelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ST_ACCEL.sys -- (ST_ACCEL)
DRV:64bit: - [2012/04/06 00:15:42 | 000,045,776 | ---- | M] (F5 Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\covpnv64.sys -- (urvpndrv)
DRV:64bit: - [2012/02/13 12:20:00 | 000,535,552 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012/02/01 18:52:00 | 014,659,808 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/12/06 09:23:08 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/12/05 12:51:16 | 000,045,672 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV:64bit: - [2011/12/02 14:03:12 | 000,015,976 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wbfcvusbdrv.sys -- (wbfcvusbdrv)
DRV:64bit: - [2011/11/14 19:44:46 | 000,084,712 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys -- (O2SDJRDR)
DRV:64bit: - [2011/07/16 00:31:22 | 000,022,128 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2011/06/23 01:28:04 | 000,032,768 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV:64bit: - [2011/06/17 16:31:28 | 000,928,888 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\SEP\0C01029F\136B.105\x64\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2011/06/17 16:31:28 | 000,451,192 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SEP\0C01029F\136B.105\x64\SymDS64.sys -- (SymDS)
DRV:64bit: - [2011/06/17 16:31:28 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\SEP\0C01029F\136B.105\x64\symnets.sys -- (SYMNETS)
DRV:64bit: - [2011/06/17 16:31:28 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C01029F\136B.105\x64\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2011/06/17 16:31:26 | 000,745,592 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C01029F\136B.105\x64\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/06/17 16:31:26 | 000,170,104 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C01029F\136B.105\x64\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2011/04/25 01:49:16 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2011/01/03 18:19:56 | 000,074,984 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\O2MDRw7x64.sys -- (O2MDRRDR)
DRV:64bit: - [2011/01/03 16:04:44 | 000,072,808 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\o2mdfw7x64.sys -- (O2MDFRDR)
DRV:64bit: - [2010/11/20 23:23:48 | 000,168,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc60.sys -- (netvsc)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:48 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusVideoM.sys -- (SynthVid)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/11 01:11:52 | 000,141,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdserd.sys -- (sscdserd)
DRV:64bit: - [2010/11/11 01:11:50 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/11/11 01:11:50 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2010/11/11 01:11:50 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010/11/06 22:24:34 | 000,024,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV:64bit: - [2010/09/10 18:22:16 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/11/02 06:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/29 15:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/02/13 02:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/02/13 02:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/02/13 02:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2007/06/15 00:46:18 | 000,029,696 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2007/01/18 09:23:10 | 000,045,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RecFltr.sys -- (RecFltr)
DRV:64bit: - [2006/06/18 10:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2013/09/16 08:52:14 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20131002.022\ex64.sys -- (NAVEX15)
DRV - [2013/09/16 08:52:14 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20131002.022\eng64.sys -- (NAVENG)
DRV - [2013/08/27 08:21:33 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/07/19 14:47:08 | 000,073,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/05/31 13:00:16 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20130924.011\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/11/14 02:11:42 | 000,020,512 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys -- (UltraMonUtility)
DRV - [2003/04/21 14:08:44 | 000,010,901 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\AWLEGACY.sys -- (awlegacy)
DRV - [2003/04/21 13:00:32 | 000,013,898 | R--- | M] (Symantec Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysWow64\drivers\GERNUWA.sys -- (Gernuwa)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6062D0A2-0C25-42D2-BDF1-BF9BBC8F666F}
IE:64bit: - HKLM\..\SearchScopes\{6062D0A2-0C25-42D2-BDF1-BF9BBC8F666F}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDRJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{6062D0A2-0C25-42D2-BDF1-BF9BBC8F666F}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDRJS
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10045&barid={7E8E07B7-F654-11E2-8FF6-463500000031}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1358060857-1380795615-1237804090-2007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13-comm.msn.com
IE - HKU\S-1-5-21-1358060857-1380795615-1237804090-2007\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://login.microsoftonline.com/ [binary data over 200 bytes]
IE - HKU\S-1-5-21-1358060857-1380795615-1237804090-2007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://cbord.webex.com/mw0306ld/mywebex/default.do?siteurl=cbord
IE - HKU\S-1-5-21-1358060857-1380795615-1237804090-2007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1358060857-1380795615-1237804090-2007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-1358060857-1380795615-1237804090-2007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7F D6 A4 85 97 B8 CE 01  [binary data]
IE - HKU\S-1-5-21-1358060857-1380795615-1237804090-2007\..\SearchScopes,DefaultScope = {6062D0A2-0C25-42D2-BDF1-BF9BBC8F666F}
IE - HKU\S-1-5-21-1358060857-1380795615-1237804090-2007\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10045&barid={7E8E07B7-F654-11E2-8FF6-463500000031}
IE - HKU\S-1-5-21-1358060857-1380795615-1237804090-2007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1358060857-1380795615-1237804090-2007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "https://timesaver.adp.com/i17/hw1s/TS/login.php"
FF - prefs.js..extensions.enabledAddons: %7B5384767E-00D9-40E9-B72F-9CC39D655D6F%7D:1.4.2.1
FF - prefs.js..extensions.enabledAddons: foxmarks%40kei.com:4.2.1
FF - prefs.js..extensions.enabledAddons: tiletabs%40DW-dev:10.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..keyword.URL: "http://start.sweetpacks.com/?src=2&st=12&crg=3.5000006.10045&barid={7E8E07B7-F654-11E2-8FF6-463500000031}&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "https://timesaver.adp.com/i17/hw1s/TS/login.php"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/10/01 09:34:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/10/01 09:34:46 | 000,000,000 | ---D | M]
 
[2013/04/22 11:05:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\arg\AppData\Roaming\mozilla\Extensions
[2013/09/27 11:39:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\arg\AppData\Roaming\mozilla\Firefox\Profiles\x2rzjsox.default\extensions
[2013/05/16 15:22:19 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\arg\AppData\Roaming\mozilla\Firefox\Profiles\x2rzjsox.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2013/05/21 15:28:08 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\arg\AppData\Roaming\mozilla\Firefox\Profiles\x2rzjsox.default\extensions\foxmarks@kei.com
[2013/09/27 11:39:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\arg\AppData\Roaming\mozilla\Firefox\Profiles\x2rzjsox.default\extensions\staged
[2013/08/23 20:29:45 | 000,119,969 | ---- | M] () (No name found) -- C:\Users\arg\AppData\Roaming\mozilla\firefox\profiles\x2rzjsox.default\extensions\tiletabs@DW-dev.xpi
[2013/07/31 04:13:50 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\arg\AppData\Roaming\mozilla\firefox\profiles\x2rzjsox.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/07/26 20:36:05 | 000,001,793 | ---- | M] () -- C:\Users\arg\AppData\Roaming\mozilla\firefox\profiles\x2rzjsox.default\searchplugins\Bing.xml
[2013/07/28 04:00:19 | 000,001,720 | ---- | M] () -- C:\Users\arg\AppData\Roaming\mozilla\firefox\profiles\x2rzjsox.default\searchplugins\sweetim.xml
[2013/10/01 09:34:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/10/01 09:34:49 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/06/27 15:41:24 | 000,032,440 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
 
O1 HOSTS File: ([2013/07/11 13:47:35 | 000,002,129 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 10.1.1.12 fileserver01ny.cbord.com fileserver01ny
O1 - Hosts: 10.1.1.11 fileserver02ny.cbord.com fileserver02ny
O1 - Hosts: 10.1.1.12 cfs.cbord.com
O1 - Hosts: 10.1.1.33 citrix.cbord.com citrix
O1 - Hosts: 10.1.1.26 ssrs.cbord.com ssrs
O1 - Hosts: 10.1.1.100 email.cbord.com email
O1 - Hosts: 10.1.1.101 exchange01ny.cbord.com exchange01ny
O1 - Hosts: 10.1.1.102 exchange02ny.cbord.com exchange02ny
O1 - Hosts: 10.1.1.114 ares.cbord.com ares
O1 - Hosts: 10.1.1.158 clear.cbord.com clear
O1 - Hosts: 10.1.1.159 eclear.cbord.com eclear
O1 - Hosts: 10.1.1.85 dc01ny.cbord.com dc01ny
O1 - Hosts: 10.1.1.55 dc02ny.cbord.com dc02ny
O1 - Hosts: 10.1.1.16 source.cbord.com source
O1 - Hosts: 10.1.6.3 vulcan.cbord.com vulcan
O1 - Hosts: 10.1.1.171 fd2.cbord.com fd2
O1 - Hosts: 10.1.1.78 fd8.cbord.com fd8
O1 - Hosts: 10.1.1.17 fms-auto-build.cbord.com fms-auto-build
O1 - Hosts: 10.1.20.131 fit-dotnet.cbord.com fit-dotnet
O1 - Hosts: 10.1.1.71 share.cbord.com share
O1 - Hosts: 10.1.1.72 share.cbord.com share
O1 - Hosts: 10.1.1.150 im.cbord.com im
O1 - Hosts: 10.1.1.149 im01.cbord.com im01
O1 - Hosts: 10.1.0.225 confluence.cbord.com confluence
O1 - Hosts: 32 more lines...
O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [DFEPApplication] C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [Greenshot] C:\Program Files\Greenshot\Greenshot.exe (Greenshot)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [intelPROSet] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Communicator] C:\Program Files (x86)\Microsoft Lync\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [uSB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1358060857-1380795615-1237804090-2007..\Run: [synergy Client] "C:\Program Files\Synergy\synergyc.exe"  --no-daemon --debug WARNING --name ARG 192.168.1.51:24800 File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk =  File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk =  File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-1358060857-1380795615-1237804090-2007\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-1358060857-1380795615-1237804090-2007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1358060857-1380795615-1237804090-2007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoReadingPane = 1
O9 - Extra Button: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1358060857-1380795615-1237804090-2007\..Trusted Domains: cbord.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1358060857-1380795615-1237804090-2007\..Trusted Domains: cbord.com ([share] https in Local intranet)
O15 - HKU\S-1-5-21-1358060857-1380795615-1237804090-2007\..Trusted Domains: dynamics.com ([*.crm] * in Trusted sites)
O15 - HKU\S-1-5-21-1358060857-1380795615-1237804090-2007\..Trusted Domains: live.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1358060857-1380795615-1237804090-2007\..Trusted Domains: salesforce.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1358060857-1380795615-1237804090-2007\..Trusted Domains: sharepoint.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1358060857-1380795615-1237804090-2007\..Trusted Domains: webex.com ([]* in Trusted sites)
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} C:\Users\arg\AppData\Local\Temp\f5tmp\urxvpn.cab (F5 Networks VPN Manager)
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} C:\Users\arg\AppData\Local\Temp\f5tmp\f5tunsrv.cab (F5 Networks Dynamic Application Tunnel Control)
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} C:\Users\arg\AppData\Local\Temp\IXP000.TMP\InstallerControl.cab#-1,-1,-1,-1 (F5 Networks Auto Update)
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} C:\Users\arg\AppData\Local\Temp\f5tmp\urxshost.cab (F5 Networks SuperHost Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://cbord.webex.com/client/T27LB/support/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} C:\Users\arg\AppData\Local\Temp\f5tmp\urxhost.cab (F5 Networks Host Control)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://sslvpn.coloradocollege.edu/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.85
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cbord.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21EF0F4B-D0D6-4AE5-926B-46BFDFBDA3AF}: DhcpNameServer = 10.1.1.85
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B4FD816-0B32-42C3-8764-1BAA07E0A3B2}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2E84BB2-B7C1-445F-BD17-12AF6F2A56CD}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\PCANotify: DllName - (PCANotify.dll) - C:\Windows\SysWow64\PCANotify.dll (Symantec Corporation)
O20 - Winlogon\Notify\SEP: DllName - (C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\WinLogoutNotifier.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5c5f710c-bf9f-11e2-86f9-74867a6cbe19}\Shell - "" = AutoRun
O33 - MountPoints2\{5c5f710c-bf9f-11e2-86f9-74867a6cbe19}\Shell\AutoRun\command - "" = F:\TL-Bootstrap.exe
O33 - MountPoints2\{79520f59-0160-11e3-b7c1-463500000031}\Shell - "" = AutoRun
O33 - MountPoints2\{79520f59-0160-11e3-b7c1-463500000031}\Shell\AutoRun\command - "" = F:\TL-Bootstrap.exe
O33 - MountPoints2\{79520f5a-0160-11e3-b7c1-463500000031}\Shell - "" = AutoRun
O33 - MountPoints2\{79520f5a-0160-11e3-b7c1-463500000031}\Shell\AutoRun\command - "" = E:\HTC_Sync_Manager_PC.exe
O33 - MountPoints2\{e9c363b6-adf1-11e2-8588-74867a6cbe19}\Shell - "" = AutoRun
O33 - MountPoints2\{e9c363b6-adf1-11e2-8588-74867a6cbe19}\Shell\AutoRun\command - "" = I:\TLBootstrap_WPP.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/10/03 09:03:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\arg\Desktop\OTL.exe
[2013/10/01 12:30:48 | 000,589,896 | ---- | C] (Juniper Networks) -- C:\Windows\SysNative\dsNcSmartCardProv.dll
[2013/10/01 12:30:48 | 000,421,448 | ---- | C] (Juniper Networks) -- C:\Windows\SysNative\dsNcCredProv.dll
[2013/10/01 09:34:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/09/23 22:35:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Resource Kits
[2013/09/23 22:31:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/09/23 22:30:29 | 000,000,000 | ---D | C] -- C:\Users\arg\Desktop\mbar
[2013/09/23 22:08:40 | 000,000,000 | ---D | C] -- C:\Users\arg\AppData\Roaming\Greenshot
[2013/09/23 22:08:40 | 000,000,000 | ---D | C] -- C:\Users\arg\AppData\Local\Greenshot
[2013/09/23 22:08:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greenshot
[2013/09/23 22:08:36 | 000,000,000 | ---D | C] -- C:\Program Files\Greenshot
[2013/09/23 21:24:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/09/23 21:24:20 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/09/23 21:24:19 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/09/23 21:24:19 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/09/23 15:24:52 | 000,000,000 | -HSD | C] -- C:\$$PendingFiles
[2013/09/23 13:17:31 | 000,000,000 | ---D | C] -- C:\Users\arg\Desktop\Mail Archive
[2013/09/23 12:29:13 | 000,000,000 | ---D | C] -- C:\Users\arg\AppData\Roaming\Malwarebytes
[2013/09/23 12:29:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/09/23 12:29:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2013/09/23 12:29:09 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/09/23 12:29:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/09/23 12:29:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/09/23 11:50:10 | 000,099,192 | ---- | C] (Juniper Networks) -- C:\Windows\SysNative\drivers\NEOFLTR_7113_22557.SYS
[2013/09/23 11:50:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Juniper Networks
[2013/09/23 11:49:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Juniper Networks
[2013/09/23 11:46:00 | 000,000,000 | ---D | C] -- C:\Users\arg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Juniper Networks
[2013/09/23 11:45:37 | 000,000,000 | ---D | C] -- C:\Users\arg\AppData\Roaming\Juniper Networks
[2013/09/23 10:57:56 | 000,000,000 | ---D | C] -- C:\Users\arg\AppData\Local\ElevatedDiagnostics
[2013/09/23 10:28:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinMerge
[2013/09/23 10:28:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinMerge
[2013/09/22 04:08:54 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2013/09/16 12:45:23 | 000,000,000 | ---D | C] -- C:\Users\arg\AppData\Roaming\KiTTY
[2013/09/16 09:41:56 | 000,000,000 | ---D | C] -- C:\Users\arg\AppData\Roaming\FileZilla
[2013/09/16 09:41:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2013/09/16 09:41:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2013/09/16 04:07:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/09/13 14:22:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/09/13 14:22:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/09/13 14:22:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/09/13 14:20:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/09/13 14:20:05 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/09/11 10:41:16 | 000,000,000 | ---D | C] -- C:\_OCA
[2013/09/06 12:39:44 | 000,000,000 | ---D | C] -- C:\Users\arg\AppData\Roaming\Free-PDF-to-Word.com
[2013/09/05 04:56:15 | 000,000,000 | ---D | C] -- C:\Users\arg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Logitech Touch Mouse Server
[2013/09/05 04:56:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech Touch Mouse Server
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/10/03 09:03:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\arg\Desktop\OTL.exe
[2013/10/03 05:55:28 | 000,131,072 | -HS- | M] () -- C:\CredSED.dat
[2013/10/02 12:20:21 | 000,000,067 | ---- | M] () -- C:\Windows\synergy.sgc
[2013/10/01 21:22:09 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/01 21:22:09 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/01 21:19:13 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/01 21:19:13 | 000,660,318 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/01 21:19:13 | 000,121,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/01 21:14:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/01 21:14:51 | 2047,963,135 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/01 12:42:03 | 000,000,054 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.SDY
[2013/10/01 12:41:58 | 000,002,278 | -H-- | M] () -- C:\Users\arg\Documents\Default.rdp
[2013/09/27 20:12:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/25 11:39:30 | 000,005,506 | RHS- | M] () -- C:\Users\arg\ntuser.pol
[2013/09/23 22:37:05 | 000,000,298 | ---- | M] () -- C:\Users\arg\Desktop\fix.cmd
[2013/09/23 21:24:28 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/09/23 15:02:35 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/09/23 15:02:34 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/09/23 13:34:58 | 000,000,542 | ---- | M] () -- C:\Users\arg\Desktop\SiteLogins.lnk
[2013/09/23 12:45:46 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/22 16:41:38 | 007,556,660 | ---- | M] () -- C:\Users\arg\Desktop\X1222USB_X1832USB_P0A0I_OI_EN_ES_FR.pdf
[2013/09/19 21:10:35 | 000,418,768 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/09/16 09:41:52 | 000,002,006 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2013/09/16 04:05:23 | 000,773,050 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/09/23 22:37:05 | 000,000,298 | ---- | C] () -- C:\Users\arg\Desktop\fix.cmd
[2013/09/23 21:24:28 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/09/23 20:34:28 | 000,002,585 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UltraMon.lnk
[2013/09/23 15:02:35 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/09/23 15:02:34 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/09/23 13:34:58 | 000,000,542 | ---- | C] () -- C:\Users\arg\Desktop\SiteLogins.lnk
[2013/09/23 12:45:46 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/22 16:39:55 | 007,556,660 | ---- | C] () -- C:\Users\arg\Desktop\X1222USB_X1832USB_P0A0I_OI_EN_ES_FR.pdf
[2013/09/16 09:41:52 | 000,002,006 | ---- | C] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2013/09/01 18:52:33 | 000,000,037 | -HS- | C] () -- C:\Users\arg\AppData\Local\70149b02515b3bb20dd492.47983420
[2013/06/13 16:08:11 | 000,000,000 | ---- | C] () -- C:\Windows\f5unistall.INI
[2013/05/17 20:43:51 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2013/05/17 20:43:51 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2013/05/17 20:43:51 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2013/05/17 20:43:51 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013/05/17 20:43:49 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2013/04/26 12:05:53 | 000,121,681 | ---- | C] () -- C:\Windows\File Renamer - Basic Uninstaller.exe
[2013/04/22 09:06:58 | 000,005,506 | RHS- | C] () -- C:\Users\arg\ntuser.pol
[2013/04/03 12:18:07 | 000,029,522 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/03/24 09:10:11 | 000,735,796 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2013/03/24 09:10:10 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2013/03/24 09:10:08 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013/03/24 09:10:06 | 013,007,360 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll
[2012/07/27 11:36:58 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2013/03/24 09:16:00 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{8a6d475c-e0e7-6dd4-bee6-d26a961e4324}\L
[2013/06/11 01:35:54 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{8a6d475c-e0e7-6dd4-bee6-d26a961e4324}\U
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/04/03 10:02:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ICAClient
[2013/04/03 10:03:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Wave Systems Corp
[2013/04/23 17:12:12 | 000,000,000 | ---D | M] -- C:\Users\arg\AppData\Roaming\AusLogics
[2013/10/03 01:10:17 | 000,000,000 | ---D | M] -- C:\Users\arg\AppData\Roaming\FileZilla
[2013/09/06 12:39:44 | 000,000,000 | ---D | M] -- C:\Users\arg\AppData\Roaming\Free-PDF-to-Word.com
[2013/09/23 22:08:40 | 000,000,000 | ---D | M] -- C:\Users\arg\AppData\Roaming\Greenshot
[2013/04/22 12:25:50 | 000,000,000 | ---D | M] -- C:\Users\arg\AppData\Roaming\Helios
[2013/07/26 09:14:57 | 000,000,000 | ---D | M] -- C:\Users\arg\AppData\Roaming\HTC
[2013/09/23 15:23:02 | 000,000,000 | ---D | M] -- C:\Users\arg\AppData\Roaming\ICAClient
[2013/10/01 12:30:50 | 000,000,000 | ---D | M] -- C:\Users\arg\AppData\Roaming\Juniper Networks
[2013/09/16 12:46:41 | 000,000,000 | ---D | M] -- C:\Users\arg\AppData\Roaming\KiTTY
[2013/09/27 18:45:24 | 000,000,000 | ---D | M] -- C:\Users\arg\AppData\Roaming\Mp3tag
[2013/05/27 16:21:24 | 000,000,000 | ---D | M] -- C:\Users\arg\AppData\Roaming\SystemRequirementsLab
[2013/09/23 12:26:09 | 000,000,000 | ---D | M] -- C:\Users\arg\AppData\Roaming\uTorrent
[2013/06/14 14:53:38 | 000,000,000 | ---D | M] -- C:\Users\arg\AppData\Roaming\webex
[2013/05/18 16:48:44 | 000,000,000 | ---D | M] -- C:\Users\arg\AppData\Roaming\WindSolutions
 
========== Purity Check ==========
 
 

< End of report >
 

Link to post
Share on other sites

OTL Extras logfile created on: 10/3/2013 9:07:13 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\arg\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.88 Gb Total Physical Memory | 5.61 Gb Available Physical Memory | 71.18% Memory free
15.75 Gb Paging File | 13.38 Gb Available in Paging File | 84.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 237.70 Gb Total Space | 135.98 Gb Free Space | 57.21% Space Free | Partition Type: NTFS
 
Computer Name: ARG | User Name: arg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1358060857-1380795615-1237804090-2007\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications]
"AllowUserPrefMerge" = 1
"Enabled" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List]
"%programfiles%\Microsoft Office Communicator\communicator.exe:*:enabled:Communicator" = %programfiles%\Microsoft Office Communicator\communicator.exe:*:enabled:Communicator
"%systemdrive%\Clarify\eFrontOffice10.1.1\ClarifyClient\clarify.exe:*:enabled:Clarify" = %systemdrive%\Clarify\eFrontOffice10.1.1\ClarifyClient\clarify.exe:*:enabled:Clarify
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]
"AllowUserPrefMerge" = 1
"Enabled" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]
"1333:UDP:localsubnet:enabled:Password Policy Enforcer" = 1333:UDP:localsubnet:enabled:Password Policy Enforcer
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings]
"AllowOutboundDestinationUnreachable" = 0
"AllowOutboundSourceQuench" = 0
"AllowRedirect" = 0
"AllowInboundEchoRequest" = 1
"AllowInboundRouterRequest" = 0
"AllowOutboundTimeExceeded" = 0
"AllowOutboundParameterProblem" = 0
"AllowInboundTimestampRequest" = 0
"AllowInboundMaskRequest" = 0
"AllowOutboundPacketTooBig" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging]
"LogDroppedPackets" = 1
"LogSuccessfulConnections" = 1
"LogFilePath" = c:\windows\firewall.log
"LogFileSize" = 4096
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings]
"Enabled" = 1
"RemoteAddresses" = localsubnet
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" = localsubnet,10.1.0.0/21,172.20.0.0/16
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop]
"Enabled" = 1
"RemoteAddresses" = *
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\UPnPFramework]
"Enabled" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications]
"AllowUserPrefMerge" = 1
"Enabled" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications\List]
"%programfiles%\Messenger\msmsgs.exe:*:enabled:Messenger" = %programfiles%\Messenger\msmsgs.exe:*:enabled:Messenger
"%programfiles%\Microsoft Office Communicator\communicator.exe:*:enabled:Communicator" = %programfiles%\Microsoft Office Communicator\communicator.exe:*:enabled:Communicator
"%systemdrive%\Clarify\eFrontOffice10.1.1\ClarifyClient\clarify.exe:*:enabled:Clarify" = %systemdrive%\Clarify\eFrontOffice10.1.1\ClarifyClient\clarify.exe:*:enabled:Clarify
"%WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice" = %WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice
"%WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe:*:Enabled: Offer Remote Assistance" = %WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe:*:Enabled: Offer Remote Assistance
"%WINDIR%\SYSTEM32\Sessmgr.exe:*:Enabled:Remote Assistance" = %WINDIR%\SYSTEM32\Sessmgr.exe:*:Enabled:Remote Assistance
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts]
"AllowUserPrefMerge" = 1
"Enabled" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts\List]
"135:TCP:*:Enabled:Offer Remote Assistance" = 135:TCP:*:Enabled:Offer Remote Assistance
"2967:UDP:*:enabled:Symantec AV Rtvscan" = 2967:UDP:*:enabled:Symantec AV Rtvscan
"38293:UDP:*:enabled:Symantec AV LiveUpdate" = 38293:UDP:*:enabled:Symantec AV LiveUpdate
"1333:UDP:localsubnet:enabled:Password Policy Enforcer" = 1333:UDP:localsubnet:enabled:Password Policy Enforcer
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Logging]
"LogDroppedPackets" = 1
"LogSuccessfulConnections" = 1
"LogFilePath" = c:\windows\firewall.log
"LogFileSize" = 4096
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\RemoteAdminSettings]
"Enabled" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" = localsubnet
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\RemoteDesktop]
"Enabled" = 1
"RemoteAddresses" = *
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\UPnPFramework]
"Enabled" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications]
"AllowUserPrefMerge" = 1
"Enabled" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List]
"%programfiles%\Microsoft Office Communicator\communicator.exe:*:enabled:Communicator" = %programfiles%\Microsoft Office Communicator\communicator.exe:*:enabled:Communicator
"%systemdrive%\Clarify\eFrontOffice10.1.1\ClarifyClient\clarify.exe:*:enabled:Clarify" = %systemdrive%\Clarify\eFrontOffice10.1.1\ClarifyClient\clarify.exe:*:enabled:Clarify
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]
"AllowUserPrefMerge" = 1
"Enabled" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]
"1333:UDP:localsubnet:enabled:Password Policy Enforcer" = 1333:UDP:localsubnet:enabled:Password Policy Enforcer
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings]
"AllowOutboundDestinationUnreachable" = 0
"AllowOutboundSourceQuench" = 0
"AllowRedirect" = 0
"AllowInboundEchoRequest" = 1
"AllowInboundRouterRequest" = 0
"AllowOutboundTimeExceeded" = 0
"AllowOutboundParameterProblem" = 0
"AllowInboundTimestampRequest" = 0
"AllowInboundMaskRequest" = 0
"AllowOutboundPacketTooBig" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging]
"LogDroppedPackets" = 1
"LogSuccessfulConnections" = 1
"LogFilePath" = c:\windows\firewall.log
"LogFileSize" = 4096
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings]
"Enabled" = 1
"RemoteAddresses" = localsubnet
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" = localsubnet,10.1.0.0/21,172.20.0.0/16
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop]
"Enabled" = 1
"RemoteAddresses" = *
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\UPnPFramework]
"Enabled" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications]
"AllowUserPrefMerge" = 1
"Enabled" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications\List]
"%programfiles%\Messenger\msmsgs.exe:*:enabled:Messenger" = %programfiles%\Messenger\msmsgs.exe:*:enabled:Messenger
"%programfiles%\Microsoft Office Communicator\communicator.exe:*:enabled:Communicator" = %programfiles%\Microsoft Office Communicator\communicator.exe:*:enabled:Communicator
"%systemdrive%\Clarify\eFrontOffice10.1.1\ClarifyClient\clarify.exe:*:enabled:Clarify" = %systemdrive%\Clarify\eFrontOffice10.1.1\ClarifyClient\clarify.exe:*:enabled:Clarify
"%WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice" = %WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice
"%WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe:*:Enabled: Offer Remote Assistance" = %WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe:*:Enabled: Offer Remote Assistance
"%WINDIR%\SYSTEM32\Sessmgr.exe:*:Enabled:Remote Assistance" = %WINDIR%\SYSTEM32\Sessmgr.exe:*:Enabled:Remote Assistance
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts]
"AllowUserPrefMerge" = 1
"Enabled" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts\List]
"135:TCP:*:Enabled:Offer Remote Assistance" = 135:TCP:*:Enabled:Offer Remote Assistance
"2967:UDP:*:enabled:Symantec AV Rtvscan" = 2967:UDP:*:enabled:Symantec AV Rtvscan
"38293:UDP:*:enabled:Symantec AV LiveUpdate" = 38293:UDP:*:enabled:Symantec AV LiveUpdate
"1333:UDP:localsubnet:enabled:Password Policy Enforcer" = 1333:UDP:localsubnet:enabled:Password Policy Enforcer
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Logging]
"LogDroppedPackets" = 1
"LogSuccessfulConnections" = 1
"LogFilePath" = c:\windows\firewall.log
"LogFileSize" = 4096
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\RemoteAdminSettings]
"Enabled" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" = localsubnet
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\RemoteDesktop]
"Enabled" = 1
"RemoteAddresses" = *
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\UPnPFramework]
"Enabled" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B7FB37E-8EF9-4AF3-8009-1ED580D2DB19}," = lport=3389 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{104AFA5B-454D-48B4-A5C0-86584122A2B0}" = dir=in | app=c:\program files\microsoft lync\ucmapi64.exe |
"{11A9CFAB-C576-4411-88AA-4F95B7730A66}" = dir=in | app=c:\program files (x86)\microsoft lync\communicator.exe |
"{19D0B929-0320-4796-AC62-572A0DF2CB7B}" = dir=in | app=c:\program files (x86)\microsoft lync\ucmapi.exe |
"{4450DF7D-7033-4C2B-BDC6-B5865AAA3A59}" = protocol=6 | dir=in | app=c:\program files\synergy\synergys.exe |
"{508BD393-73BC-4BA5-BC03-A16FF8536CED}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech touch mouse server\itouch-server-win.exe |
"{60398DDD-C2F9-4CAB-A9EB-43E2B19BD7F8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{6DB9373E-0B2B-42D6-BAAB-1C2D9FD03D32}" = protocol=17 | dir=in | app=c:\program files\synergy\synergys.exe |
"{E3FA80C6-BC94-4976-9AE4-5C2913027C78}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{E46FB5F7-EF26-4FDA-A01D-0CC66249F03A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E643C8C1-2E8B-4E97-80D9-8A9D19487525}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech touch mouse server\itouch-server-win.exe |
"TCP Query User{02E458DC-36B2-47AD-8E20-840232BF4654}C:\program files (x86)\logitech touch mouse server\itouch-server-win.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech touch mouse server\itouch-server-win.exe |
"TCP Query User{2C571B04-4C7C-4168-958E-2D6C6BC394FD}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=6 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe |
"TCP Query User{52053458-D910-41DA-A42E-3504562ADF3B}C:\program files\synergy\synergys.exe" = protocol=6 | dir=in | app=c:\program files\synergy\synergys.exe |
"TCP Query User{77286718-53C1-4779-A57B-EC1F62763B51}C:\program files (x86)\logitech touch mouse server\itouch-server-win.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech touch mouse server\itouch-server-win.exe |
"TCP Query User{81B909F0-6B4E-4B3B-BE0A-DBDEB87A5F89}C:\program files\synergy\synergys.exe" = protocol=6 | dir=in | app=c:\program files\synergy\synergys.exe |
"UDP Query User{010BFD36-18DC-4CEF-9F92-A4DA6DE693B9}C:\program files (x86)\logitech touch mouse server\itouch-server-win.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech touch mouse server\itouch-server-win.exe |
"UDP Query User{07076B4A-8E90-4FD9-8313-5739060EDE27}C:\program files\synergy\synergys.exe" = protocol=17 | dir=in | app=c:\program files\synergy\synergys.exe |
"UDP Query User{1AC5ADE3-DB62-441A-A75D-8211AE468574}C:\program files\synergy\synergys.exe" = protocol=17 | dir=in | app=c:\program files\synergy\synergys.exe |
"UDP Query User{69E6C105-7DAD-467D-8A44-B1088BBECAB7}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=17 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe |
"UDP Query User{6F7DDD8F-6A0E-4597-B5E6-0B5EDE028BD3}C:\program files (x86)\logitech touch mouse server\itouch-server-win.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech touch mouse server\itouch-server-win.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{0335701D-8E28-4A7F-B0EF-312974755BB2}" = Modem Diagnostic Tool
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417040FF}" = Java 7 Update 40 (64-bit)
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display
"{2CDF9857-2CC5-423C-8415-F2D796517C7F}" = Dell ControlVault Host Components Installer 64 bit
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{537056B7-32A4-4408-9B54-0341963C7C9C}" = UltraMon
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6097158B-0184-4140-BEC3-7885794D2571}" = Intel® WiDi
"{6438A99C-A37E-4758-A0AE-95F8A63AAFF5}" = Intel® Network Connections 16.8.45.00
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6DEFE980-DF48-477A-B6E4-D30CEA0D31EA}" = CREDANT Manager
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7AB8C73F-03FE-48AE-990C-CCB8D6C4FAB8}" = Intel® Trusted Connect Service Client
"{81BE0B17-563B-45D4-B198-5721E6C665CD}" = Microsoft Lync 2010
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{87C925D6-F6BF-4FBD-840B-53BAE2648B7B}" = Symantec Endpoint Protection
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{39E35753-DE4A-419C-AB3D-DE38058C3103}" =
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-1000-0000000FF1CE}_Office14.PROPLUS_{B5F5C3B8-2C08-4712-97AA-A68582A2D00B}" =
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}_Office14.PROPLUS_{B5F5C3B8-2C08-4712-97AA-A68582A2D00B}" =
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUS_{B5F5C3B8-2C08-4712-97AA-A68582A2D00B}" =
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}_Office14.PROPLUS_{B5F5C3B8-2C08-4712-97AA-A68582A2D00B}" =
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{B5F5C3B8-2C08-4712-97AA-A68582A2D00B}" =
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}_Office14.PROPLUS_{B5F5C3B8-2C08-4712-97AA-A68582A2D00B}" =
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{B5F5C3B8-2C08-4712-97AA-A68582A2D00B}" =
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B5F5C3B8-2C08-4712-97AA-A68582A2D00B}" =
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUS_{B5F5C3B8-2C08-4712-97AA-A68582A2D00B}" =
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{B5F5C3B8-2C08-4712-97AA-A68582A2D00B}" =
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUS_{B5F5C3B8-2C08-4712-97AA-A68582A2D00B}" =
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUS_{B5F5C3B8-2C08-4712-97AA-A68582A2D00B}" =
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUS_{B5F5C3B8-2C08-4712-97AA-A68582A2D00B}" =
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}_Office14.PROPLUS_{B5F5C3B8-2C08-4712-97AA-A68582A2D00B}" =
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}_Office14.PROPLUS_{B5F5C3B8-2C08-4712-97AA-A68582A2D00B}" =
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{992D1CE7-A20F-4AB0-9D9D-AFC3418844DA}" = Dell Feature Enhancement Pack
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A2309A2F-4BEB-45C8-92E1-84D430AC15AD}" = SI TSS
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ECE5B218-A086-4E18-A362-D11181681457}" = Intel® PROSet/Wireless WiFi Software
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F73A118B-8271-47E2-8790-0C636B2539C5}" = iTunes
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Greenshot_is1" = Greenshot 1.1.5.2643
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"ProInst" = Intel PROSet Wireless
"PROSetDX" = Intel® Network Connections 16.8.45.00
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"WinRAR archiver" = WinRAR archiver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04566294-A6B6-4462-9721-031073EB3694}" = Dell Client System Update
"{08208143-777D-4A06-BB54-71BF0AD1BB70}" = IPTInstaller
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 40
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29466812-44FB-46B9-8D46-A9F45146EC99}" = Password Policy Client 7.01
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Netwaiting
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7170F93F-6B61-4DC1-A664-0E222744CEC7}" = Citrix online plug-in (DV)
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1" = Auslogics Registry Cleaner
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}" = ST Microelectronics 3 Axis Digital Accelerometer Solution
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F53AC20-2D32-4341-9DA1-29DD40E2199E}" = TextPad 7
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A80CEA4E-74C1-4F9F-806B-E1D9AFC01768}" = inSSIDer 3
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{AE66F944-596A-4D09-9A1C-DAF3DE836991}" = Citrix online plug-in (HDX)
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D641760F-FE66-4655-99B9-59A451F2FFAB}" = Citrix online plug-in (USB)
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E05E8183-866A-11D3-97DF-0000F8D8F2E9}" = Symantec pcAnywhere
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5F05232-96B6-4552-A480-785A60A94B21}" = System Requirements Lab CYRI
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{F9F0C5D5-AAE5-45FA-95C2-CA1EE0FA067A}" = Citrix online plug-in (Web)
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Bulk Rename Utility_is1" = Bulk Rename Utility 2.7.1.2
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"Dell Webcam Central" = Dell Webcam Central
"F5 Networks Client Components" = BIG-IP Edge Client Components (All Users)
"File Renamer - Basic" = File Renamer - Basic
"FileZilla Client" = FileZilla Client 3.7.3
"Juniper Network Connect 7.1.0" = Juniper Networks Network Connect 7.1.0
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.9.0
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"Logitech Touch Mouse Server" = Logitech Touch Mouse Server 1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 24.0 (x86 en-US)" = Mozilla Firefox 24.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.54
"Neoteris_Secure_Application_Manager" = Juniper Networks Secure Application Manager
"OpenVPN" = OpenVPN 2.1_rc4
"PCDJ VJ" = PCDJ VJ
"Synergy" = Synergy
"VLC media player" = VLC media player 2.0.6
"WinLiveSuite" = Windows Live Essentials
"WinZip" = WinZip
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1358060857-1380795615-1237804090-2007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client
"Juniper_Term_Services" = Juniper Terminal Services Client
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 9/23/2013 10:45:56 AM | Computer Name = ARG.cbord.com | Source = Symantec AntiVirus | ID = 16711753
Description =       SONAR has generated an error: code 1: description: Heuristic Scan
or Load Failure
 
Error - 9/23/2013 10:50:06 AM | Computer Name = ARG.cbord.com | Source = SignInAssistant | ID = 0
Description =
 
Error - 9/23/2013 11:28:01 AM | Computer Name = ARG.cbord.com | Source = WinMgmt | ID = 10
Description =
 
Error - 9/23/2013 11:33:11 AM | Computer Name = ARG.cbord.com | Source = Symantec AntiVirus | ID = 16711753
Description =       SONAR has generated an error: code 1: description: Heuristic Scan
or Load Failure
 
Error - 9/23/2013 11:36:12 AM | Computer Name = ARG.cbord.com | Source = SignInAssistant | ID = 0
Description =
 
Error - 9/23/2013 11:41:45 AM | Computer Name = ARG.cbord.com | Source = Symantec AntiVirus | ID = 16711754
Description =       SONAR has generated an error: code 0: description: Definition Failure
 
Error - 9/23/2013 12:24:15 PM | Computer Name = ARG.cbord.com | Source = WinMgmt | ID = 10
Description =
 
Error - 9/23/2013 12:26:48 PM | Computer Name = ARG.cbord.com | Source = WinMgmt | ID = 10
Description =
 
Error - 9/23/2013 12:30:06 PM | Computer Name = ARG.cbord.com | Source = Symantec AntiVirus | ID = 16711753
Description =       SONAR has generated an error: code 1: description: Heuristic Scan
or Load Failure
 
Error - 9/23/2013 12:33:14 PM | Computer Name = ARG.cbord.com | Source = System Restore | ID = 8193
Description =
 
[ System Events ]
Error - 9/13/2013 8:54:27 AM | Computer Name = ARG.cbord.com | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\Symantec\SYMEVENT.SYS has been blocked
from loading due to incompatibility with this system. Please contact your software
 vendor for a compatible version of the driver.
 
Error - 9/13/2013 10:00:45 AM | Computer Name = ARG.cbord.com | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\Symantec\SYMEVENT.SYS has been blocked
from loading due to incompatibility with this system. Please contact your software
 vendor for a compatible version of the driver.
 
Error - 9/13/2013 10:00:45 AM | Computer Name = ARG.cbord.com | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\Symantec\SYMEVENT.SYS has been blocked
from loading due to incompatibility with this system. Please contact your software
 vendor for a compatible version of the driver.
 
Error - 9/13/2013 11:55:39 AM | Computer Name = ARG.cbord.com | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\Symantec\SYMEVENT.SYS has been blocked
from loading due to incompatibility with this system. Please contact your software
 vendor for a compatible version of the driver.
 
Error - 9/13/2013 11:55:39 AM | Computer Name = ARG.cbord.com | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\Symantec\SYMEVENT.SYS has been blocked
from loading due to incompatibility with this system. Please contact your software
 vendor for a compatible version of the driver.
 
Error - 9/13/2013 1:55:41 PM | Computer Name = ARG.cbord.com | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\Symantec\SYMEVENT.SYS has been blocked
from loading due to incompatibility with this system. Please contact your software
 vendor for a compatible version of the driver.
 
Error - 9/13/2013 1:55:41 PM | Computer Name = ARG.cbord.com | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\Symantec\SYMEVENT.SYS has been blocked
from loading due to incompatibility with this system. Please contact your software
 vendor for a compatible version of the driver.
 
Error - 9/13/2013 3:55:43 PM | Computer Name = ARG.cbord.com | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\Symantec\SYMEVENT.SYS has been blocked
from loading due to incompatibility with this system. Please contact your software
 vendor for a compatible version of the driver.
 
Error - 9/13/2013 3:55:43 PM | Computer Name = ARG.cbord.com | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\Symantec\SYMEVENT.SYS has been blocked
from loading due to incompatibility with this system. Please contact your software
 vendor for a compatible version of the driver.
 
Error - 9/13/2013 5:55:45 PM | Computer Name = ARG.cbord.com | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\Symantec\SYMEVENT.SYS has been blocked
from loading due to incompatibility with this system. Please contact your software
 vendor for a compatible version of the driver.
 
 
< End of report >
 

Link to post
Share on other sites

Thanks!

Step 1

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 2

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
Step 3

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...s.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10045&barid={7E8E07B7-F654-11E2-8FF6-463500000031}

    IE - HKU\S-1-5-21-1358060857-1380795615-1237804090-2007\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10045&barid={7E8E07B7-F654-11E2-8FF6-463500000031}

    FF - prefs.js..browser.startup.homepage: "https://timesaver.adp.com/i17/hw1s/TS/login.php"

    FF - prefs.js..keyword.URL: "http://start.sweetpacks.com/?src=2&st=12&crg=3.5000006.10045&barid={7E8E07B7-F654-11E2-8FF6-463500000031}&q="

    FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""

    FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""

    FF - prefs.js..browser.startup.homepage: "https://timesaver.adp.com/i17/hw1s/TS/login.php"

    FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""

    [2013/07/28 04:00:19 | 000,001,720 | ---- | M] () -- C:\Users\arg\AppData\Roaming\mozilla\firefox\profiles\x2rzjsox.default\searchplugins\sweetim.xml

    [2013/09/23 12:26:09 | 000,000,000 | ---D | M] -- C:\Users\arg\AppData\Roaming\uTorrent

    :files

    ipconfig /flushdns /c

    :Commands

    [emptytemp]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.
Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • AdwCleaner log
  • OTL Fix log
Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.3 (09.27.2013:1)
OS: Windows 7 Professional x64
Ran by arg on Thu 10/03/2013 at  9:33:39.84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1358060857-1380795615-1237804090-2007\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\webcakedesktop_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\webcakedesktop_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askchecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askchecker_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\askchecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\askchecker_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\Users\arg\AppData\Roaming\mozilla\firefox\profiles\x2rzjsox.default\user.js
Successfully deleted: [File] C:\Users\arg\AppData\Roaming\mozilla\firefox\profiles\x2rzjsox.default\searchplugins\sweetim.xml
Successfully deleted: [Folder] C:\Users\arg\AppData\Roaming\mozilla\firefox\profiles\x2rzjsox.default\extensions\staged
Successfully deleted the following from C:\Users\arg\AppData\Roaming\mozilla\firefox\profiles\x2rzjsox.default\prefs.js


user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");

user_pref("sweetim.toolbar.previous.keyword.URL", "");

Emptied folder: C:\Users\arg\AppData\Roaming\mozilla\firefox\profiles\x2rzjsox.default\minidumps [42 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 10/03/2013 at  9:37:41.97
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

# AdwCleaner v3.006 - Report created 03/10/2013 at 09:42:26
# Updated 01/10/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : arg - ARG
# Running from : C:\Users\arg\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\arg\AppData\Roaming\Mozilla\Firefox\Profiles\x2rzjsox.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1148 octets] - [03/10/2013 09:40:05]
AdwCleaner[R1].txt - [880 octets] - [03/10/2013 09:42:10]
AdwCleaner[s0].txt - [1150 octets] - [03/10/2013 09:40:52]
AdwCleaner[s1].txt - [802 octets] - [03/10/2013 09:42:26]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [861 octets] ##########
 

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_USERS\S-1-5-21-1358060857-1380795615-1237804090-2007\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Prefs.js: "http://start.sweetpa...06.10045&barid={7E8E07B7-F654-11E2-8FF6-463500000031}&q=" removed from keyword.URL
Prefs.js: "" removed from sweetim.toolbar.previous.browser.search.defaultenginename
Prefs.js: "" removed from sweetim.toolbar.previous.browser.search.selectedEngine
Prefs.js: "https://timesaver.ad...1s/TS/login.php" removed from browser.startup.homepage
Prefs.js: "" removed from sweetim.toolbar.previous.keyword.URL
File C:\Users\arg\AppData\Roaming\mozilla\firefox\profiles\x2rzjsox.default\searchplugins\sweetim.xml not found.
Folder C:\Users\arg\AppData\Roaming\uTorrent\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\arg\Desktop\cmd.bat deleted successfully.
C:\Users\arg\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 158616837 bytes
->Temporary Internet Files folder emptied: 12046933 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 598 bytes
 
User: All Users
 
User: arg
->Temp folder emptied: 2290709 bytes
->Temporary Internet Files folder emptied: 13208050 bytes
->Java cache emptied: 434559 bytes
->FireFox cache emptied: 31944550 bytes
->Flash cache emptied: 717 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: setup
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 5 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4206460 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 43216639 bytes
RecycleBin emptied: 16450932 bytes
 
Total Files Cleaned = 269.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 10032013_094912

Files\Folders moved on Reboot...
C:\Users\arg\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\arg\AppData\Local\Temp\~DF36723F4D315EFDFA.TMP not found!
C:\Users\arg\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\temp\wbxtra_10032013_094527.wbt moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 

Link to post
Share on other sites

Glad I could help! :)

Step 1

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
Step 2
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Uninstall
  • Confirm with Yes
Step 3

Some malware prevention tips:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing! :)

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.