Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Advanced System Protector


  • This topic is locked This topic is locked
21 replies to this topic

#1 depogirl

depogirl

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 AM

Posted 13 August 2013 - 07:23 PM

HI all I tried to run a DDS and it provided me with a quick and lovely blue screen - I am pasting a Malware bytes log I ran a few days ago and then cleared - the same things I cleaned came back - does anyone have a suggestion on what I can run instead of DDS here? I don't really want to risk another blue screen TIA! I need to get rid of this advanced system protector it is causing issues

 

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.05.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16635
KAXX :: WSN6 [administrator]

8/10/2013 3:58:03 PM
mbam-log-2013-08-10 (15-58-03).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 542991
Time elapsed: 1 hour(s), 57 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCR\TypeLib\{1C1356DA-1E98-4810-A9F6-18D89BD1C0C0} (PUP.Optional.Amonetize) -> Quarantined and deleted successfully.
HKCR\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7} (PUP.Optional.Amonetize) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit) -> Bad: (http://search.conduit.com?SearchSource=10&CUI=UN61412412719412959&UM=2&ctid=CT3306058) Good: (http://www.google.com) -> No action taken.

Folders Detected: 10
C:\Users\KAXX\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> No action taken.
C:\Users\KAXX\AppData\Roaming\player (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\KAXX\AppData\Roaming\player\images (PUP.Optional.VPLMedia.A) -> No action taken.
C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Cache (PUP.Optional.Tarma.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages (PUP.Optional.VPLMedia.A) -> No action taken.

Files Detected: 150
C:\Users\KAXX\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> No action taken.
C:\Users\KAXX\AppData\Roaming\player\playlist.vpl (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\KAXX\AppData\Roaming\player\config.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\KAXX\AppData\Roaming\player\images\channel_ld_193.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\KAXX\AppData\Roaming\player\images\channel_ld_199.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\KAXX\AppData\Roaming\player\images\channel_ld_200.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\KAXX\AppData\Roaming\player\images\channel_ld_201.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\KAXX\AppData\Roaming\player\images\channel_ld_204.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\KAXX\AppData\Roaming\player\images\channel_ld_221.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\KAXX\AppData\Roaming\player\images\channel_ld_224.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\KAXX\AppData\Roaming\player\images\channel_ld_28.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\KAXX\AppData\Roaming\player\images\channel_ld_34.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\KAXX\AppData\Roaming\player\images\channel_ld_37.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\KAXX\AppData\Roaming\player\images\channel_ld_49.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\KAXX\AppData\Roaming\player\images\channel_ld_57.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\KAXX\AppData\Roaming\player\images\channel_ld_86.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\KAXX\AppData\Roaming\player\images\channel_ld_99.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\KAXX\AppData\Roaming\player\images\channel_ld_103.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\KAXX\AppData\Roaming\player\images\channel_ld_11.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\KAXX\AppData\Roaming\player\images\channel_ld_120.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\KAXX\AppData\Roaming\player\images\channel_ld_121.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\KAXX\AppData\Roaming\player\images\channel_ld_122.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\KAXX\AppData\Roaming\player\images\channel_ld_123.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\KAXX\AppData\Roaming\player\images\channel_ld_124.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\KAXX\AppData\Roaming\player\images\channel_ld_125.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\KAXX\AppData\Roaming\player\images\channel_ld_126.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\KAXX\AppData\Roaming\player\images\channel_ld_127.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\KAXX\AppData\Roaming\player\images\channel_ld_136.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\KAXX\AppData\Roaming\player\images\channel_ld_137.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\KAXX\AppData\Roaming\player\images\channel_ld_140.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\KAXX\AppData\Roaming\player\images\channel_ld_141.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\KAXX\AppData\Roaming\player\images\channel_ld_149.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\KAXX\AppData\Roaming\player\images\channel_ld_150.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\KAXX\AppData\Roaming\player\images\channel_ld_160.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\KAXX\AppData\Roaming\player\images\channel_ld_165.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\KAXX\AppData\Roaming\player\images\channel_ld_181.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\KAXX\AppData\Roaming\player\images\channel_ld_191.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll (PUP.Optional.Tarma.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\AxInterop.WMPLib.dll (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\ComponentFactory.Krypton.Toolkit.dll (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\FileBrowser.dll (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\Interop.WMPLib.dll (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\libreria.ico (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\Newtonsoft.Json.dll (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\UltraID3Lib.dll (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\Uninstall.exe (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\uninstall.ico (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\VAFPlayer.exe (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\VAFPlayer.exe.config (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\VAFPlayer.InstallState (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\VAFUpdate.exe (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\wmp.dll (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Estonian.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Indonesian.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Russian.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Arabic.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Arabic.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Bulgarian.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Bulgarian.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Catalan.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Catalan.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Chinese (Simplified).gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Chinese (Simplified).ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Chinese (Traditional).gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Chinese (Traditional).ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Czech.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Czech.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Danish.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Danish.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Dutch.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Dutch.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\English.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\English.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Indonesian.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Italian.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Italian.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Japanese.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Japanese.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Korean.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Korean.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Latvian.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Latvian.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Lithuanian.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Lithuanian.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Norwegian.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Norwegian.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Polish.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Polish.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Portuguese.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Portuguese.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Romanian.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Romanian.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Russian.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Slovak.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Slovak.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Slovenian.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Slovenian.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Spanish.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Spanish.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Swedish.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Swedish.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Thai.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Thai.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Turkish.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Turkish.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Ukrainian.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Ukrainian.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Vietnamese.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Vietnamese.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Estonian.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Finnish.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Finnish.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\French.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\French.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\German.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\German.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Greek.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Greek.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Haitian Creole.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Haitian Creole.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Hebrew.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Hebrew.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Hindi.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Hindi.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Hungarian.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Hungarian.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\KAXX\AppData\Local\Conduit\CT3298570\MixiDJ_V34AutoUpdateHelper.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\KAXX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0IUZRJHR\Internet_Explorer_Setup.exe (PUP.Optional.IBryte.A) -> Quarantined and deleted successfully.
C:\Users\KAXX\AppData\Local\Temp\setup__155_20130710.exe (PUP.Optional.Amonetize) -> Quarantined and deleted successfully.
C:\Users\KAXX\AppData\Local\Temp\dlLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\KAXX\AppData\Local\Temp\ToolbarHelper.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\KAXX\AppData\Local\Temp\ct3289847\ctbe.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\KAXX\AppData\Local\Temp\ct3289847\ielogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\KAXX\AppData\Local\Temp\ct3289847\statisticsStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\KAXX\AppData\Local\Temp\ct3298570\ctbe.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\KAXX\AppData\Local\Temp\ct3298570\ieLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\KAXX\AppData\Local\Temp\ct3298570\statisticsStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\KAXX\AppData\Local\Temp\DIQM\Setup_151\setup__120.exe (PUP.Optional.Amonetize) -> Quarantined and deleted successfully.
C:\Users\KAXX\AppData\Local\Temp\DIQM\Setup_151\software\Mixi Dj.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Program Files\MixiDJ_V34\MixiDJ_V34ToolbarHelper.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\Windows.old\Documents and Settings\KAXX\Local Settings\Temp\RegWork\AskInstallChecker-1.5.0.0.exe (PUP.Optional.AskToolbar) -> Quarantined and deleted successfully.

(end)

 

 



BC AdBot (Login to Remove)

 


#2 depogirl

depogirl
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 AM

Posted 13 August 2013 - 07:34 PM

hi all I managed to get a DDS Log here it is: please respond with the next steps thank you!!

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 8/25/2012 3:33:07 PM
System Uptime: 8/13/2013 5:09:30 PM (0 hours ago)
.
Motherboard: Dell Inc. |  | 0M858N
Processor: Intel® Core™2 Duo CPU     E7500  @ 2.93GHz | CPU | 2926/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 175.993 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP83: 7/19/2013 4:30:47 PM - Windows Update
RP84: 7/23/2013 3:00:12 AM - Windows Update
RP85: 7/30/2013 5:18:38 PM - Scheduled Checkpoint
RP86: 8/7/2013 12:00:02 AM - Scheduled Checkpoint
RP87: 8/10/2013 2:54:12 PM - Windows Update
RP88: 8/10/2013 3:24:38 PM - Windows Update
RP90: 8/10/2013 4:32:47 PM - Revo Uninstaller's restore point - Search Protect by conduit
RP92: 8/10/2013 4:34:54 PM - Revo Uninstaller's restore point - QuickShare
.
==== Installed Programs ======================
.
Adobe Acrobat  9 Standard - English, Français, Deutsch
Adobe Flash Player 11 ActiveX
BlackBerry Desktop Software 7.1
E-Transcript Bundle Viewer
Extreme Flash Player
Files Access
GoToAssist Corporate
GroupWise
GroupWise Client - VC Runtimes (release)
Intel® Management Engine Interface
Intel® Active Management Technology
LexisNexis TextMap Exhibit Linker
LogMeIn
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
NICI (Shared) U.S./Worldwide (128 bit) (2.7.6-1)
NMAS Challenge Response Method
NMAS Client
Novell Client for Windows
Novell iPrint Client v05.90.00
Novell Messenger
PowerDVD DX
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE 10.3
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Symantec Endpoint Protection
The Analyzer Workstation
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
VAFPlayer
ZENworks Desktop Management Agent
.
==== Event Viewer Messages From Past Week ========
.
8/13/2013 5:10:16 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  fcrt
8/13/2013 5:10:03 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000d1 (0xdf202038, 0x000000ff, 0x00000000, 0xc3b97a34). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081313-28875-01.
8/13/2013 3:45:58 PM, Error: Application Popup [877]  - There was error [DATABASE OPEN FAILED] processing the driver database.
8/13/2013 2:16:01 PM, Error: Service Control Manager [7038]  - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:  The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
8/13/2013 2:16:01 PM, Error: Service Control Manager [7000]  - The UPnP Device Host service failed to start due to the following error:  The service did not start due to a logon failure.
8/11/2013 2:59:34 PM, Error: Service Control Manager [7038]  - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:  The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
8/11/2013 2:59:34 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
8/10/2013 3:27:56 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f020b: Dell Inc. - Bus Controllers and Ports, Display - Dell 1909W(Analog).
8/10/2013 2:45:28 PM, Error: Service Control Manager [7034]  - The FastFreeConverterUpdt service terminated unexpectedly.  It has done this 1 time(s).
8/10/2013 2:35:22 PM, Error: Microsoft-Windows-WMPNSS-Service [14332]  - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
.
==== End Of File ===========================
 



#3 satchfan

satchfan

  • Malware Response Team
  • 2,919 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:07:43 PM

Posted 14 August 2013 - 05:46 AM

Hello depogirl and welcome to Bleeping Computer.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:
 

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

I am looking at your logs now and will reply with instructions shortly.

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#4 satchfan

satchfan

  • Malware Response Team
  • 2,919 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:07:43 PM

Posted 14 August 2013 - 06:03 AM

===================================================

Run RogueKiller

IMPORTANT: Please remove any usb or external drives from the computer before you run this scan!

Close all running programs.


Download RogueKiller to your desktop.

For 32-bit systems please use the above link.

64-bit systems download it from here

  • close all running programs
  • for Windows Vista/Seven, right click -> run as administrator, for XP simply double-click on RogueKiller.exe
  • when the pre-scan is finished, click on Scan
  • click on Report and copy/paste the content in your next post
  • NOTE: DO NOT attempt to remove anything that the scan detects –everything that is reported is not necessarily bad

If the program is blocked, continue to try it several times. If it still doesn’t work, (it could happen), rename it to winlogon.exe.

Please post the contents of the RKreport.txt in your next reply.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.

  • run AdwCleaner and select Delete
  • when it has finished it will ask to reboot - allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Download and run Junkware Removal Tool

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.

Logs to include in the next post:

RKreport.txt
AdwCleaner log
JRT.txt


Please also post the other DDS log – the one you sent was Attach.txt but would I also like the other one that was produced called DDS.txt

Thanks

Satchfan


Edited by satchfan, 14 August 2013 - 06:03 AM.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#5 depogirl

depogirl
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 AM

Posted 14 August 2013 - 10:18 AM

thanks Satchfan I will work on this today



#6 depogirl

depogirl
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 AM

Posted 14 August 2013 - 01:30 PM

Rogue killer:

 

RogueKiller V8.6.5 [Aug  5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : kavedisian [Admin rights]
Mode : Scan -- Date : 08/14/2013 11:29:08
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Run : ShopAtHomeWatcher (C:\Users\kavedisian\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe [x]) -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (192.168.15.1:8080) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[13] : NtAlertResumeThread @ 0x82D1BDA1 -> HOOKED (Unknown @ 0x873F9D30)
[Address] SSDT[14] : NtAlertThread @ 0x82C6ECC7 -> HOOKED (Unknown @ 0x873F9E10)
[Address] SSDT[19] : NtAllocateVirtualMemory @ 0x82C67CBC -> HOOKED (Unknown @ 0x873EEE30)
[Address] SSDT[22] : NtAlpcConnectPort @ 0x82CB356E -> HOOKED (Unknown @ 0x866FB790)
[Address] SSDT[43] : NtAssignProcessToJobObject @ 0x82C3D0BE -> HOOKED (Unknown @ 0x873FAF10)
[Address] SSDT[74] : NtCreateMutant @ 0x82C4E34C -> HOOKED (Unknown @ 0x873F9A80)
[Address] SSDT[86] : NtCreateSymbolicLinkObject @ 0x82C3F9C6 -> HOOKED (Unknown @ 0x873FAC30)
[Address] SSDT[87] : NtCreateThread @ 0x82D19FDA -> HOOKED (Unknown @ 0x873EE2D8)
[Address] SSDT[88] : NtCreateThreadEx @ 0x82CAE49B -> HOOKED (Unknown @ 0x873FAD20)
[Address] SSDT[96] : NtDebugActiveProcess @ 0x82CEBEAA -> HOOKED (Unknown @ 0x873FAFD0)
[Address] SSDT[111] : NtDuplicateObject @ 0x82C6F761 -> HOOKED (Unknown @ 0x873EEFC0)
[Address] SSDT[131] : NtFreeVirtualMemory @ 0x82AF682C -> HOOKED (Unknown @ 0x873EEC48)
[Address] SSDT[145] : NtImpersonateAnonymousToken @ 0x82C33962 -> HOOKED (Unknown @ 0x873F9B70)
[Address] SSDT[147] : NtImpersonateThread @ 0x82CB7962 -> HOOKED (Unknown @ 0x873F9C50)
[Address] SSDT[155] : NtLoadDriver @ 0x82C03C32 -> HOOKED (Unknown @ 0x866E8808)
[Address] SSDT[168] : NtMapViewOfSection @ 0x82C845F1 -> HOOKED (Unknown @ 0x873EEB68)
[Address] SSDT[177] : NtOpenEvent @ 0x82C4DD48 -> HOOKED (Unknown @ 0x873F99A0)
[Address] SSDT[190] : NtOpenProcess @ 0x82C4FB93 -> HOOKED (Unknown @ 0x873F9368)
[Address] SSDT[191] : NtOpenProcessToken @ 0x82CA236F -> HOOKED (Unknown @ 0x873EEF00)
[Address] SSDT[194] : NtOpenSection @ 0x82CA79EB -> HOOKED (Unknown @ 0x873F97E0)
[Address] SSDT[198] : NtOpenThread @ 0x82C9C0EE -> HOOKED (Unknown @ 0x873F9298)
[Address] SSDT[215] : NtProtectVirtualMemory @ 0x82C80651 -> HOOKED (Unknown @ 0x873FAE20)
[Address] SSDT[304] : NtResumeThread @ 0x82CAE6C2 -> HOOKED (Unknown @ 0x873F9ED0)
[Address] SSDT[316] : NtSetContextThread @ 0x82D1B84D -> HOOKED (Unknown @ 0x873EE918)
[Address] SSDT[333] : NtSetInformationProcess @ 0x82C76875 -> HOOKED (Unknown @ 0x873EE9D8)
[Address] SSDT[350] : NtSetSystemInformation @ 0x82C8C37A -> HOOKED (Unknown @ 0x873F9698)
[Address] SSDT[366] : NtSuspendProcess @ 0x82D1BCDB -> HOOKED (Unknown @ 0x873F98C0)
[Address] SSDT[367] : NtSuspendThread @ 0x82CD319B -> HOOKED (Unknown @ 0x873F9F90)
[Address] SSDT[370] : NtTerminateProcess @ 0x82C98D86 -> HOOKED (Unknown @ 0x873EE3B8)
[Address] SSDT[371] : NtTerminateThread @ 0x82CB669B -> HOOKED (Unknown @ 0x873EE858)
[Address] SSDT[385] : NtUnmapViewOfSection @ 0x82CA29AA -> HOOKED (Unknown @ 0x873EEAA8)
[Address] SSDT[399] : NtWriteVirtualMemory @ 0x82C9DA83 -> HOOKED (Unknown @ 0x873EED18)
[Address] Shadow SSDT[318] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x86492E30)
[Address] Shadow SSDT[402] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x86541C98)
[Address] Shadow SSDT[434] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x87514718)
[Address] Shadow SSDT[436] : NtUserGetKeyState -> HOOKED (Unknown @ 0x8750F4D8)
[Address] Shadow SSDT[448] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x864CF310)
[Address] Shadow SSDT[490] : NtUserMessageCall -> HOOKED (Unknown @ 0x87511938)
[Address] Shadow SSDT[508] : NtUserPostMessage -> HOOKED (Unknown @ 0x8642AA78)
[Address] Shadow SSDT[509] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x875119C8)
[Address] Shadow SSDT[585] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8750C288)
[Address] Shadow SSDT[588] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x864D9058)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

 

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500AAJS-75M0A0 ATA Device +++++
--- User ---
[MBR] 5bf036f086295573c5c85c7e4d9e18a4
[BSP] e7a4d88e39462edee4d9ce59ade9badd : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 238377 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_08142013_112908.txt >>

 

 

 

 



#7 depogirl

depogirl
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 AM

Posted 14 August 2013 - 01:42 PM

ADW

***** [ Services ] *****

***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\BrowserProtect
Folder Deleted : C:\ProgramData\Systweak
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
Folder Deleted : C:\Program Files\Advanced System Protector
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Program Files\Yontoo
Folder Deleted : C:\Users\kavedisian\AppData\Local\Conduit
Folder Deleted : C:\Users\kavedisian\AppData\Local\PutLockerDownloader
Folder Deleted : C:\Users\kavedisian\AppData\Local\SearchProtect
Folder Deleted : C:\Users\KAVEDI~1\AppData\Local\Temp\CT3306058
Folder Deleted : C:\Users\KAVEDI~1\AppData\Local\Temp\CT3298570
Folder Deleted : C:\Users\KAVEDI~1\AppData\Local\Temp\CT3289847
Folder Deleted : C:\Users\kavedisian\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\kavedisian\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\kavedisian\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\kavedisian\AppData\Roaming\Systweak
Folder Deleted : C:\Users\kavedisian\AppData\Roaming\Yontoo
Folder Deleted : C:\Users\setupws\AppData\Roaming\Systweak
Folder Deleted : C:\Users\kavedisian\AppData\Roaming\Mozilla\Firefox\Profiles\u61p5o82.default\jetpack
Folder Deleted : C:\Users\kavedisian\AppData\Roaming\Mozilla\Firefox\Profiles\u61p5o82.default\CT3306058
Folder Deleted : C:\Users\kavedisian\AppData\Roaming\Mozilla\Firefox\Profiles\u61p5o82.default\CT3298570
Folder Deleted : C:\Users\kavedisian\AppData\Roaming\Mozilla\Firefox\Profiles\u61p5o82.default\CT3289847
File Deleted : C:\END
File Deleted : C:\Windows\system32\roboot.exe
File Deleted : C:\Windows\System32\Tasks\BrowserProtect
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserProtect
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D5CB385F-EB22-4938-8B35-F7C78C6AF74F}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D5CB385F-EB22-4938-8B35-F7C78C6AF74F}
***** [ Shortcuts ] *****

***** [ Registry ] *****
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Key Deleted : HKCU\Software\53ed68ce73ceb41
Key Deleted : HKLM\SOFTWARE\53ed68ce73ceb41
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898.3
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898.1
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7645B6B-5AF4-48E8-A2EF-A520C616FA37}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CEB6EE32-8BFD-40D1-8CE9-1D09C82616F7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{232C7B23-87F2-47FF-89D0-3B31E3A8A29A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2FBC2440-C385-4EDF-8B7E-6755BC6BAD39}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{08A415D2-076A-4CFC-BA5F-EB78188B7A11}
Key Deleted : HKLM\SOFTWARE\Classes\CouponXplorer_5zInstaller.Start
Key Deleted : HKLM\SOFTWARE\Classes\CouponXplorer_5zInstaller.Start.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{164af01d-35f6-495e-89b4-5b5e98add48a}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{164af01d-35f6-495e-89b4-5b5e98add48a}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{164af01d-35f6-495e-89b4-5b5e98add48a}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\delta LTD
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\DomaIQ
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EBE677C0-CBCB-4EBF-8098-E27E1B5271CF}
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16635
Setting Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch] - hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
Setting Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant] -
-\\ Mozilla Firefox v14.0.1 (en-US)
Folder Deleted : C:\Users\kavedisian\AppData\Roaming\Mozilla\Firefox\Profiles\u61p5o82.default\Extensions\plugin@yontoo.com
Folder Deleted : C:\Users\kavedisian\AppData\Roaming\Mozilla\Firefox\Profiles\u61p5o82.default\Extensions\{515b2424-5911-40bd-8a2c-bdb20286d8f5}
Folder Deleted : C:\Users\kavedisian\AppData\Roaming\Mozilla\Firefox\Profiles\u61p5o82.default\Extensions\{55b95864-3251-45e9-bb30-1a82589aaff1}
Folder Deleted : C:\Users\kavedisian\AppData\Roaming\Mozilla\Firefox\Profiles\u61p5o82.default\Extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}
File Deleted : C:\Users\kavedisian\AppData\Roaming\Mozilla\Firefox\Profiles\u61p5o82.default\searchplugins\Babylon.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml
File Deleted : C:\Users\kavedisian\AppData\Roaming\Mozilla\Firefox\Profiles\u61p5o82.default\searchplugins\BrowserProtect.xml
File Deleted : C:\Users\kavedisian\AppData\Roaming\Mozilla\Firefox\Profiles\u61p5o82.default\searchplugins\Conduit.xml
File Deleted : C:\Users\kavedisian\AppData\Roaming\Mozilla\Firefox\Profiles\u61p5o82.default\searchplugins\delta.xml
File Deleted : C:\Users\kavedisian\AppData\Roaming\Mozilla\Firefox\Profiles\u61p5o82.default\bprotector_extensions.sqlite
File Deleted : C:\Users\kavedisian\AppData\Roaming\Mozilla\Firefox\Profiles\u61p5o82.default\bprotector_prefs.js
File Deleted : C:\Users\kavedisian\AppData\Roaming\Mozilla\Firefox\Profiles\u61p5o82.default\user.js
[ File : C:\Users\kavedisian\AppData\Roaming\Mozilla\Firefox\Profiles\u61p5o82.default\prefs.js ]
Line Deleted : user_pref("CT3289847.FF19Solved", "true");
Line Deleted : user_pref("CT3289847.UserID", "UN41371870421890214");
Line Deleted : user_pref("CT3289847.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3289847.fullUserID", "UN41371870421890214.IN.20130723121842");
Line Deleted : user_pref("CT3289847.installDate", "23/07/2013 12:18:41");
Line Deleted : user_pref("CT3289847.installSessionId", "{E84A54F7-6C48-4517-A097-E242345BD3C7}");
Line Deleted : user_pref("CT3289847.installSp", "false");
Line Deleted : user_pref("CT3289847.installerVersion", "1.5.4.4");
Line Deleted : user_pref("CT3289847.keyword", "true");
Line Deleted : user_pref("CT3289847.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3298570&octid=CT3298570&S[...]
Line Deleted : user_pref("CT3289847.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT32[...]
Line Deleted : user_pref("CT3289847.originalSearchEngine", "MixiDJ V34 Customized Web Search");
Line Deleted : user_pref("CT3289847.originalSearchEngineName", "");
Line Deleted : user_pref("CT3289847.searchRevert", "true");
Line Deleted : user_pref("CT3289847.searchUserMode", "2");
Line Deleted : user_pref("CT3289847.smartbar.homepage", "true");
Line Deleted : user_pref("CT3289847.versionFromInstaller", "10.16.70.5");
Line Deleted : user_pref("CT3289847.xpeMode", "0");
Line Deleted : user_pref("CT3298570.FF19Solved", "true");
Line Deleted : user_pref("CT3298570.UserID", "UN11975054772437616");
Line Deleted : user_pref("CT3298570.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3298570.fullUserID", "UN11975054772437616.IN.20130719081337");
Line Deleted : user_pref("CT3298570.installDate", "19/07/2013 08:13:37");
Line Deleted : user_pref("CT3298570.installSessionId", "{2101BF17-E973-44AE-901B-FFE0BA2CF686}");
Line Deleted : user_pref("CT3298570.installSp", "TRUE");
Line Deleted : user_pref("CT3298570.installerVersion", "1.5.4.4");
Line Deleted : user_pref("CT3298570.keyword", "true");
Line Deleted : user_pref("CT3298570.originalHomepage", "hxxp://www.delta-search.com/?affID=119776&tt=100313_9111pl&[...]
Line Deleted : user_pref("CT3298570.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3298570.originalSearchEngine", "Delta Search");
Line Deleted : user_pref("CT3298570.originalSearchEngineName", "");
Line Deleted : user_pref("CT3298570.searchRevert", "false");
Line Deleted : user_pref("CT3298570.searchUserMode", "2");
Line Deleted : user_pref("CT3298570.smartbar.homepage", "true");
Line Deleted : user_pref("CT3298570.versionFromInstaller", "10.16.4.19");
Line Deleted : user_pref("CT3298570.xpeMode", "0");
Line Deleted : user_pref("CT3306058.FF19Solved", "true");
Line Deleted : user_pref("CT3306058.UserID", "UN31514710943124014");
Line Deleted : user_pref("CT3306058.addressUrlXPETakeover", "true");
Line Deleted : user_pref("CT3306058.autoDisableScopes", 0);
Line Deleted : user_pref("CT3306058.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3306058.defaultSearchXPETakeover", "true");
Line Deleted : user_pref("CT3306058.fullUserID", "UN31514710943124014.IN.20130810162848");
Line Deleted : user_pref("CT3306058.installDate", "10/08/2013 16:28:48");
Line Deleted : user_pref("CT3306058.installSessionId", "{E5365804-7360-4AC8-9A8B-D4AEEBA7F3BA}");
Line Deleted : user_pref("CT3306058.installSp", "TRUE");
Line Deleted : user_pref("CT3306058.installerVersion", "1.5.4.5");



#8 depogirl

depogirl
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 AM

Posted 14 August 2013 - 01:46 PM

I am unable to run the junkware removal tool and the computer did not  reboot after ADW cleaner - can you suggest another program other than the junkware - I cant get it through the firewall



#9 depogirl

depogirl
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 AM

Posted 14 August 2013 - 02:01 PM

JRT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.4.5 (08.13.2013:1)
OS: Windows 7 Professional x86
Ran by kavedisian on Wed 08/14/2013 at 11:54:55.31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\whitesmoke_new
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BB8B3AE-757D-443F-B3A4-0629E709B0D9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\systweakasp_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\systweakasp_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3196716
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3289847
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3298570
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3306058
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\strongvault online backup"
Successfully deleted: [Folder] "C:\Users\kavedisian\AppData\Roaming\strongvault"
Successfully deleted: [Folder] "C:\Users\kavedisian\appdata\locallow\whitesmoke_new"
Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"
Successfully deleted: [Folder] "C:\ai_recyclebin"

 

~~~ FireFox

Successfully deleted: [Folder] C:\Users\kavedisian\AppData\Roaming\mozilla\firefox\profiles\u61p5o82.default\extensions\staged
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}
Successfully deleted the following from C:\Users\kavedisian\AppData\Roaming\mozilla\firefox\profiles\u61p5o82.default\prefs.js

user_pref("id_couponscom.variables.Var1", "hxxp%3A//cdn.coupons.com/couponbar.coupons.com");
user_pref("id_couponscom.variables.Var2", "hxxp%3A//couponbar.coupons.com");
user_pref("id_couponscom.variables.Var3", "hxxp%3A//www.coupons.com/coupon-codes/");

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 08/14/2013 at 11:58:27.67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#10 depogirl

depogirl
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 AM

Posted 14 August 2013 - 02:13 PM

DDS Text (ran last) looking forward to the next steps... I do see the icon has disappeared bu I have not restarted please advise

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16635
Run by kavedisian at 12:10:01 on 2013-08-14
#Option MBR scan  is disabled.
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3292.2031 [GMT -7:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Symantec Endpoint Protection *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe
C:\Windows\system32\iprntsrv.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Novell\ZENworks\nalntsrv.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\Smc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\Novell\XTAgent.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\rdpclip.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conhost.exe
C:\Windows\explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uProxyServer = 192.168.15.1:8080
uURLSearchHooks: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\symantec\symantec endpoint protection\12.1.2015.2015.105\bin\ips\IPSBHO.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Coupons.com CouponBar: {8660E5B3-6C41-44DE-8503-98D99BBECD41} -
uRun: [Novell Messenger] "c:\program files\novell\messenger\NMCL32.exe"
mRun: [NWTRAY] NWTRAY.EXE
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [iPrint Tray] c:\windows\system32\iprntctl.exe TRAY_ICON
mRun: [iPrint Event Monitor] c:\windows\system32\iprntlgn.exe
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [ShopAtHomeWatcher] c:\users\kavedisian\appdata\roaming\shopathome\shopathomehelper\ShopAtHomeWatcher.exe
mRun: [picon] "c:\program files\common files\intel\privacy icon\PrivacyIconClient.exe" -startup
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\applic~1.lnk - c:\program files\novell\zenworks\NalView.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - c:\progra~1\novell\messen~1\NMCL32.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {C1994287-422F-47aa-8E5E-6323E210A125} - {4B5F7606-8666-4D5A-9780-DB92A9D8812B} - c:\program files\novell\zenworks\AxNalServer.dll
TCP: NameServer = 192.168.15.2
TCP: Interfaces\{493139D8-9CA8-4053-8684-BAC9BC9BC33D} : DHCPNameServer = 192.168.15.2
Notify: GoToAssist - c:\program files\citrix\gotoassist\615\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
Notify: NetIdentity Notification - c:\windows\system32\novell\XtNotify.dll
Notify: SEP - c:\program files\symantec\symantec endpoint protection\12.1.1101.401.105\bin\WinLogoutNotifier.dll
SSODL: WebCheck - <orphaned>
SEH: Application Explorer - {763370C4-268E-4308-A60C-D8DA0342BE32} - c:\program files\novell\zenworks\NalShell.dll
LSA: Authentication Packages =  msv1_0 ncv1_0
LSA: Notification Packages =  scecli iPrntWinCredMan
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\kavedisian\appdata\roaming\mozilla\firefox\profiles\u61p5o82.default\
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\couponxplorer_5zei\installr\1.bin\NP5zEISb.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - plugin: c:\windows\system32\npnipp.dll
FF - plugin: c:\windows\system32\npnisp.dll
.
============= SERVICES / DRIVERS ===============
.
R0 NCFilter;Novell UNC Filter - Filter;c:\windows\system32\drivers\ncfilter.sys [2012-7-13 91776]
R0 NCRecognizer;Novell UNC Filter - Recognizer;c:\windows\system32\drivers\ncrecognizer.sys [2012-7-13 111232]
R0 NCUncFilter;Novell UNC Filter - UNC Filter;c:\windows\system32\drivers\ncuncfilter.sys [2012-7-13 22656]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\sep\0c0107df\07df.105\x86\SymDS.sys [2012-11-3 368288]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\sep\0c0107df\07df.105\x86\SymEFA.sys [2012-11-3 927904]
R1 BHDrvx86;BHDrvx86;c:\programdata\symantec\symantec endpoint protection\12.1.2015.2015.105\data\definitions\bashdefs\20130716.011\BHDrvx86.sys [2013-7-24 1002072]
R1 ccSettings_{29AC8EDB-F22A-46D3-9D66-4244585EAD0A};Symantec Endpoint Protection 12.1.2015.2015.105 Settings Manager;c:\windows\system32\drivers\sep\0c0107df\07df.105\x86\ccSetx86.sys [2012-11-3 134304]
R1 IDSVix86;IDSVix86;c:\programdata\symantec\symantec endpoint protection\12.1.2015.2015.105\data\definitions\ipsdefs\20130813.011\IDSvix86.sys [2013-8-13 386720]
R1 nipplpt2;Novell iCapture Lpt Redirector 2;c:\windows\system32\drivers\nipplpt.sys [2012-8-25 41016]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\sep\0c0107df\07df.105\x86\Ironx86.sys [2012-11-3 175264]
R1 SYMNETS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\sep\0c0107df\07df.105\x86\symnets.sys [2012-11-3 338592]
R2 iprntsrv;Novell iPrint Service;c:\windows\system32\iprntsrv.exe [2012-8-25 57344]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2012-7-5 375120]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2012-6-8 13624]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2012-8-25 47640]
R2 NCFSD;Novell Client File System Redirector;c:\program files\novell\client\xtier\drivers\ncfsd.sys [2012-7-13 91264]
R2 NCIOCTL;Novell Xplat IoCtl Driver;c:\program files\novell\client\xtier\drivers\ncioctl.sys [2012-7-13 61568]
R2 SepMasterService;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\12.1.2015.2015.105\bin\ccSvcHst.exe [2012-11-3 143928]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2013-8-5 2066968]
R2 XTAgent;Novell XTier Agent Services;c:\windows\system32\novell\xtagent.exe [2007-1-10 61440]
R2 XTSvcMgr;Novell XTier Service Manager;c:\program files\novell\client\xtier\services\xtsvcmgr.exe [2011-11-27 17024]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2009-11-6 214696]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-8-13 106656]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-8-10 14848]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SyDvCtrl;SyDvCtrl;c:\program files\symantec\symantec endpoint protection\12.1.2015.2015.105\bin\SyDvCtrl32.sys [2012-11-3 28136]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-8-10 49664]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-8-26 1343400]
.
=============== Created Last 30 ================
.
2013-08-14 18:54:52 -------- d-----w- c:\windows\ERUNT
2013-08-14 18:32:41 -------- dc----w- C:\AdwCleaner
2013-08-14 17:48:06 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-14 17:47:43 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-10 23:30:57 -------- d-----w- c:\program files\VS Revo Group
2013-08-10 22:27:58 514560 ----a-w- c:\windows\system32\qdvd.dll
2013-08-10 22:26:00 369856 ----a-w- c:\windows\system32\drivers\cng.sys
2013-08-10 22:26:00 247808 ----a-w- c:\windows\system32\schannel.dll
2013-08-10 22:26:00 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-08-10 22:26:00 1039360 ----a-w- c:\windows\system32\lsasrv.dll
2013-08-10 21:58:11 -------- d-----w- c:\windows\system32\MRT
2013-08-05 19:26:19 -------- d-----w- c:\program files\common files\postureAgent
2013-08-05 19:26:18 1006104 ----a-w- c:\windows\system32\mesoludlg.exe
2013-08-05 19:26:15 -------- d-----w- c:\program files\common files\Intel
2013-07-19 15:41:42 -------- d-----w- c:\program files\Uninstaller
2013-07-19 15:28:50 -------- d-----w- c:\users\kavedisian\appdata\roaming\player
2013-07-19 15:28:50 -------- d-----w- c:\program files\Tuguu SL
2013-07-19 15:21:25 -------- d-----w- c:\program files\Files Access
2013-07-19 15:18:55 -------- d-----w- c:\program files\Extreme Flash Player
.
==================== Find3M  ====================
.
2013-08-05 19:40:26 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-05 19:40:26 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-05 19:17:39 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2013-08-05 19:17:39 53064 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2013-08-05 19:17:38 92488 ----a-w- c:\windows\system32\LMIinit.dll
2013-08-05 19:17:38 31560 ----a-w- c:\windows\system32\LMIport.dll
2013-06-11 23:43:37 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- c:\windows\system32\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-06-07 02:37:52 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-05 03:05:09 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 04:53:07 509440 ----a-w- c:\windows\system32\qedit.dll
.
============= FINISH: 12:10:35.28 ===============

 



#11 satchfan

satchfan

  • Malware Response Team
  • 2,919 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:07:43 PM

Posted 14 August 2013 - 04:55 PM

Run RogueKiller

IMPORTANT: Do not reboot your computer if at all possible otherwise the malware will reactivate and you will have to run RogueKiller again

  • close all programs
  • double-click RogueKiller.exe - Windows 7: right-click the program and select Run as Administrator'
  • after it has completed it's prescan click on the “Registry” tab
  • make sure these entries there are checked, then click on Delete:

[RUN][SUSP PATH] HKLM\[...]\Run : ShopAtHomeWatcher (C:\Users\kavedisian\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe [x]) -> FOUND

[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (192.168.15.1:8080) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
 

  • Please include the Delete log in your next post.

    ===================================================

    Download and run OTL
     
  • download OTL to your desktop.
  • double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • click Scan all users.
  • under Custom Scan paste this in


    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    services.exe
    /md5stop
    %systemroot%\*. /rp /s
    DRIVES
    CREATERESTOREPOINT

     

  • click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won’t take long.
  • when the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
  • you may need two posts to fit them both in.

===================================================

Run aswMBR
 

  • download aswMBR.exe to your desktop.
  • double click the aswMBR.exe to run it
  • if asked, accept the AVAST virus definition download
  • click the "Scan" button to start scan
  • on completion of the scan click Save log, save it to your desktop and post in your next reply.

Logs to include with next post:

RogueKiller Delete log
OTL.txt
Extras.txt
aswMBR log

 

Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#12 depogirl

depogirl
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 AM

Posted 14 August 2013 - 05:37 PM

ugh unfortunately it rebooted ok - we will re run these give me a few thanks



#13 depogirl

depogirl
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 AM

Posted 14 August 2013 - 05:45 PM

I checked and there were no entries in the registry file after the pre scan I will continue with the next steps



#14 depogirl

depogirl
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 AM

Posted 14 August 2013 - 06:16 PM

OTL 1:

 

OTL logfile created on: 8/14/2013 3:59:50 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\kavedisian\Desktop\Karmen Clean up 8.14.2013
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.21 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 53.58% Memory free
6.43 Gb Paging File | 5.17 Gb Available in Paging File | 80.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 179.32 Gb Free Space | 77.03% Space Free | Partition Type: NTFS
 
Computer Name: WSN6 | User Name: kavedisian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/08/14 15:49:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\kavedisian\Desktop\Karmen Clean up 8.14.2013\OTL.exe
PRC - [2013/08/05 12:40:26 | 000,814,984 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe
PRC - [2013/08/05 12:18:16 | 000,202,576 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2013/08/05 12:17:38 | 000,375,120 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2013/04/22 21:25:02 | 000,071,960 | ---- | M] (Novell, Inc.) -- C:\Windows\System32\iprntlgn.exe
PRC - [2013/04/22 21:25:02 | 000,067,864 | ---- | M] (Novell, Inc.) -- C:\Windows\System32\iprntctl.exe
PRC - [2013/04/22 19:06:24 | 000,057,344 | ---- | M] (Novell, Inc.) -- C:\Windows\System32\iprntsrv.exe
PRC - [2012/11/22 19:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/11/03 07:22:24 | 001,785,792 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\Smc.exe
PRC - [2012/11/03 07:22:22 | 000,143,928 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
PRC - [2012/07/13 16:49:06 | 000,034,944 | ---- | M] () -- C:\Windows\System32\nwtray.exe
PRC - [2012/07/13 16:49:06 | 000,017,024 | ---- | M] (Novell, Inc.) -- C:\Program Files\Novell\Client\XTier\Services\xtsvcmgr.exe
PRC - [2012/06/08 12:06:24 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2012/06/08 12:06:24 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2011/11/02 02:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/10/07 15:33:54 | 001,433,675 | ---- | M] (Novell, Inc.) -- C:\Program Files\Novell\Messenger\NMCL32.exe
PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 04:17:32 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rdpclip.exe
PRC - [2009/07/21 14:40:56 | 002,066,968 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
PRC - [2009/07/21 14:40:52 | 000,796,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
PRC - [2009/07/21 14:40:50 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2009/07/13 18:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PrintIsolationHost.exe
PRC - [2009/06/24 20:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2007/01/10 11:52:02 | 000,061,440 | ---- | M] (Novell, Inc.) -- C:\Windows\System32\novell\xtagent.exe
PRC - [2006/06/13 06:52:18 | 000,113,152 | ---- | M] (Novell, Inc.) -- C:\Program Files\Novell\ZENworks\NALNTSRV.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/07/22 08:00:59 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll
MOD - [2013/07/22 08:00:28 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll
MOD - [2013/07/22 07:59:58 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll
MOD - [2013/07/22 07:59:53 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll
MOD - [2013/07/22 07:59:49 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll
MOD - [2013/07/22 07:59:21 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2012/07/13 16:49:06 | 000,909,440 | ---- | M] () -- C:\Windows\System32\ncnetprovider.dll
MOD - [2012/07/13 16:49:06 | 000,230,528 | ---- | M] () -- C:\Windows\System32\nwshlxnt.dll
MOD - [2012/07/13 16:49:06 | 000,156,800 | ---- | M] () -- C:\Windows\System32\mapbase.dll
MOD - [2012/07/13 16:49:06 | 000,034,944 | ---- | M] () -- C:\Windows\System32\nwtray.exe
MOD - [2012/07/13 16:49:04 | 000,092,800 | ---- | M] () -- C:\Windows\System32\nclangid.dll
MOD - [2012/07/13 16:05:50 | 000,488,448 | ---- | M] () -- C:\Windows\System32\nls\english\ncnetproviderr.dll
MOD - [2012/07/13 16:04:28 | 000,101,376 | ---- | M] () -- C:\Windows\System32\nls\english\nwshlxntr.dll
MOD - [2012/07/13 16:03:32 | 000,086,016 | ---- | M] () -- C:\Windows\System32\nls\english\mapbaser.dll
MOD - [2012/07/13 15:58:44 | 000,015,872 | ---- | M] () -- C:\Windows\System32\nls\english\nclangidr.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013/08/05 12:40:27 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/05 12:18:16 | 000,202,576 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2013/08/05 12:17:38 | 000,375,120 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2013/05/26 21:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/04/22 19:06:24 | 000,057,344 | ---- | M] (Novell, Inc.) [Auto | Running] -- C:\Windows\System32\iprntsrv.exe -- (iprntsrv)
SRV - [2012/11/03 07:22:24 | 001,785,792 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\Smc.exe -- (SmcService)
SRV - [2012/11/03 07:22:24 | 000,288,208 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\snac.exe -- (SNAC)
SRV - [2012/11/03 07:22:22 | 000,143,928 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe -- (SepMasterService)
SRV - [2012/08/28 18:10:38 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)
SRV - [2012/08/26 00:18:55 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/08/25 17:01:38 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/07/13 17:17:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/13 16:49:06 | 000,017,024 | ---- | M] (Novell, Inc.) [Auto | Running] -- C:\Program Files\Novell\Client\XTier\Services\xtsvcmgr.exe -- (XTSvcMgr)
SRV - [2012/06/08 12:06:24 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2009/07/21 14:40:56 | 002,066,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS)
SRV - [2009/07/21 14:40:50 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS)
SRV - [2009/07/13 18:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2007/01/10 11:52:02 | 000,061,440 | ---- | M] (Novell, Inc.) [Auto | Running] -- C:\Windows\System32\novell\xtagent.exe -- (XTAgent)
SRV - [2006/06/13 06:52:18 | 000,113,152 | ---- | M] (Novell, Inc.) [Auto | Running] -- C:\Program Files\Novell\ZENworks\NALNTSRV.EXE -- (NALNTSERVICE)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\drfemvu.sys -- (fcrt)
DRV - [2013/08/05 12:18:14 | 000,013,624 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2013/08/05 12:17:39 | 000,086,888 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2013/08/05 07:40:33 | 001,611,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\VirusDefs\20130814.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/08/05 07:40:32 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/08/05 07:40:32 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\VirusDefs\20130814.002\NAVENG.SYS -- (NAVENG)
DRV - [2013/07/08 08:06:27 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\IPSDefs\20130813.011\IDSvix86.sys -- (IDSVix86)
DRV - [2013/05/31 10:00:17 | 001,002,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\BASHDefs\20130716.011\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/04/22 21:25:04 | 000,041,016 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\nipplpt.sys -- (nipplpt2)
DRV - [2013/03/29 12:49:25 | 000,111,584 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SysPlant.sys -- (SysPlant)
DRV - [2013/03/29 11:11:51 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/03/25 08:40:00 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/11/03 07:22:26 | 000,927,904 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\SEP\0C0107DF\07DF.105\x86\SymEFA.sys -- (SymEFA)
DRV - [2012/11/03 07:22:26 | 000,585,888 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\SEP\0C0107DF\07DF.105\x86\srtsp.sys -- (SRTSP)
DRV - [2012/11/03 07:22:26 | 000,368,288 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SEP\0C0107DF\07DF.105\x86\SymDS.sys -- (SymDS)
DRV - [2012/11/03 07:22:26 | 000,338,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SEP\0C0107DF\07DF.105\x86\symnets.sys -- (SYMNETS)
DRV - [2012/11/03 07:22:26 | 000,175,264 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SEP\0C0107DF\07DF.105\x86\Ironx86.sys -- (SymIRON)
DRV - [2012/11/03 07:22:26 | 000,134,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SEP\0C0107DF\07DF.105\x86\ccSetx86.sys -- (ccSettings_{29AC8EDB-F22A-46D3-9D66-4244585EAD0A})
DRV - [2012/11/03 07:22:26 | 000,075,528 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\Teefer.sys -- (Teefer2)
DRV - [2012/11/03 07:22:26 | 000,032,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SEP\0C0107DF\07DF.105\x86\srtspx.sys -- (SRTSPX)
DRV - [2012/11/03 07:22:24 | 000,028,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\SyDvCtrl32.sys -- (SyDvCtrl)
DRV - [2012/08/23 07:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 07:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/08/16 13:32:46 | 000,074,368 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\ncpfsp.sys -- (ncpfsp)
DRV - [2012/07/13 16:49:06 | 000,111,232 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\System32\drivers\ncrecognizer.sys -- (NCRecognizer)
DRV - [2012/07/13 16:49:06 | 000,096,896 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\nds4.sys -- (nds4)
DRV - [2012/07/13 16:49:06 | 000,091,776 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\System32\drivers\ncfilter.sys -- (NCFilter)
DRV - [2012/07/13 16:49:06 | 000,091,264 | ---- | M] () [File_System | Auto | Running] -- C:\Program Files\Novell\Client\XTier\Drivers\ncfsd.sys -- (NCFSD)
DRV - [2012/07/13 16:49:06 | 000,066,176 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\ndmndap.sys -- (ndmndap)
DRV - [2012/07/13 16:49:06 | 000,065,152 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\nciom.sys -- (nciom)
DRV - [2012/07/13 16:49:06 | 000,064,128 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\ncp.sys -- (ncp)
DRV - [2012/07/13 16:49:06 | 000,061,568 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\Novell\Client\XTier\Drivers\ncioctl.sys -- (NCIOCTL)
DRV - [2012/07/13 16:49:06 | 000,045,696 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\nipctl.sys -- (nipctl)
DRV - [2012/07/13 16:49:06 | 000,045,184 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\xtxplat.sys -- (xtxplat)
DRV - [2012/07/13 16:49:06 | 000,041,088 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\ncpl.sys -- (ncpl)
DRV - [2012/07/13 16:49:06 | 000,030,848 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\niam.sys -- (niam)
DRV - [2012/07/13 16:49:06 | 000,028,800 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\nsvccost.sys -- (nsvccost)
DRV - [2012/07/13 16:49:06 | 000,028,800 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\nscm.sys -- (nscm)
DRV - [2012/07/13 16:49:06 | 000,027,264 | ---- | M] (Novell, Inc.) [Kernel | System | Running] -- C:\Program Files\Novell\Client\XTier\Drivers\nicm.sys -- (NICM)
DRV - [2012/07/13 16:49:06 | 000,026,752 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\nccache.sys -- (nccache)
DRV - [2012/07/13 16:49:06 | 000,022,656 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\System32\drivers\ncuncfilter.sys -- (NCUncFilter)
DRV - [2012/07/13 16:49:06 | 000,022,144 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\nsns.sys -- (nsns)
DRV - [2012/07/13 16:49:06 | 000,018,560 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\ndm.sys -- (ndm)
DRV - [2012/06/08 12:06:24 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/11/20 04:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 04:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 04:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 01:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 01:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/11/06 01:35:22 | 000,214,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress)
DRV - [2009/07/13 16:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/06/23 15:28:12 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USREL/1
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGHP_enUS504
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.15.1:8080
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@ei.CouponXplorer_5z.com/Plugin: C:\Program Files\CouponXplorer_5zEI\Installr\1.bin\NP5zEISB.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@novell.com/iPrint: C:\Windows\system32 [2013/08/14 15:46:09 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\IPSFFPlgn\ [2013/03/29 12:50:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/08/05 12:31:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/08/05 12:31:18 | 000,000,000 | ---D | M]
 
[2012/08/25 19:24:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kavedisian\AppData\Roaming\Mozilla\Extensions
[2013/08/14 11:58:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kavedisian\AppData\Roaming\Mozilla\Firefox\Profiles\u61p5o82.default\extensions
[2013/01/30 11:27:42 | 000,205,094 | ---- | M] () (No name found) -- C:\Users\kavedisian\AppData\Roaming\Mozilla\Firefox\Profiles\u61p5o82.default\extensions\clickmoviedownloader@clickmoviedownloader.com.xpi
[2012/08/25 19:24:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/08/25 19:24:35 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\PROGRAM FILES\COUPONS.COM COUPONBAR\FIREFOX\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\COUPONS.COM.XPI
File not found (No name found) -- C:\PROGRAMDATA\BROWSERPROTECT\2.6.1095.52\{C16C1CCB-7046-4E5C-A2F3-533AD2FEC8E8}\FIREFOXEXTENSION
File not found (No name found) -- C:\USERS\KAVEDISIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U61P5O82.DEFAULT\EXTENSIONS\FFXTLBR@DELTA.COM
File not found (No name found) -- C:\USERS\KAVEDISIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U61P5O82.DEFAULT\EXTENSIONS\PLUGIN@YONTOO.COM
[2012/07/13 17:17:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/24 10:39:38 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2012/07/13 17:16:36 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2012/07/13 17:16:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/13 17:16:36 | 000,001,131 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2012/07/13 17:16:36 | 000,003,368 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2012/07/13 17:16:36 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/07/13 17:16:36 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2012/07/13 17:16:36 | 000,001,096 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml
 
O1 HOSTS File: ([2009/06/10 14:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iPrint Event Monitor] C:\Windows\System32\iprntlgn.exe (Novell, Inc.)
O4 - HKLM..\Run: [iPrint Tray] C:\Windows\System32\iprntctl.exe (Novell, Inc.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [NWTRAY] C:\Windows\System32\nwtray.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [ShopAtHomeWatcher] C:\Users\kavedisian\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe File not found
O4 - HKCU..\Run: [Novell Messenger] C:\Program Files\Novell\Messenger\NMCL32.exe (Novell, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Program Files\Novell\Messenger\NMCL32.exe (Novell, Inc.)
O9 - Extra 'Tools' menuitem : Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Program Files\Novell\Messenger\NMCL32.exe (Novell, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Program Files\Novell\ZENworks\AxNalServer.dll (Novell, Inc)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: att.net ([loginprodx] https in Trusted sites)
O15 - HKCU\..Trusted Domains: live.com ([login] http in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([att.my] http in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{493139D8-9CA8-4053-8684-BAC9BC9BC33D}: DhcpNameServer = 192.168.15.2
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\615\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NetIdentity Notification: DllName - (C:\Windows\system32\Novell\XtNotify.dll) - C:\Windows\System32\novell\xtnotify.dll (Novell, Inc.)
O20 - Winlogon\Notify\SEP: DllName - (C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\WinLogoutNotifier.dll) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {763370C4-268E-4308-A60C-D8DA0342BE32} - C:\Program Files\Novell\ZENworks\NalShell.dll (Novell, Inc)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (ncv1_0) - C:\Windows\System32\ncv1_0.dll ()
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bak -- [ NTFS ]
O32 - AutoRun File - [2012/08/25 17:36:00 | 000,000,083 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/08/14 13:11:12 | 000,000,000 | ---D | C] -- C:\Users\kavedisian\Desktop\Karmen Clean up 8.14.2013
[2013/08/14 11:54:52 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/08/14 11:32:41 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/08/14 10:48:06 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2013/08/10 16:30:57 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/08/10 15:28:16 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
[2013/08/10 15:28:15 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys
[2013/08/10 15:28:15 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpvideominiport.sys
[2013/08/10 15:28:15 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
[2013/08/10 15:28:15 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RdpGroupPolicyExtension.dll
[2013/08/10 15:28:14 | 002,739,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll
[2013/08/10 15:28:14 | 000,317,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe
[2013/08/10 15:28:14 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2013/08/10 15:28:14 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpudd.dll
[2013/08/10 15:28:14 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp_winip.dll
[2013/08/10 15:28:14 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWbPrxy.exe
[2013/08/10 15:28:14 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsRdpWebAccess.dll
[2013/08/10 15:28:14 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2013/08/10 15:28:14 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll
[2013/08/10 15:28:14 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprtPS.dll
[2013/08/10 15:27:58 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2013/08/10 14:58:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2013/08/05 12:26:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\postureAgent
[2013/08/05 12:26:18 | 001,006,104 | ---- | C] (Intel Corporation) -- C:\Windows\System32\mesoludlg.exe
[2013/08/05 12:26:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Management and Security
[2013/08/05 12:26:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2013/07/19 08:41:42 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstaller
[2013/07/19 08:28:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAFPlayer
[2013/07/19 08:28:50 | 000,000,000 | ---D | C] -- C:\Program Files\Tuguu SL
[2013/07/19 08:28:50 | 000,000,000 | ---D | C] -- C:\Users\kavedisian\AppData\Roaming\player
[2013/07/19 08:27:16 | 000,000,000 | ---D | C] -- C:\Users\kavedisian\Documents\PC Speed Boost
[2013/07/19 08:27:14 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/07/19 08:21:25 | 000,000,000 | ---D | C] -- C:\Program Files\Files Access
[2013/07/19 08:18:55 | 000,000,000 | ---D | C] -- C:\Program Files\Extreme Flash Player
[2013/07/18 12:14:01 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2008/03/19 17:04:30 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Users\kavedisian\AppData\Roaming\foxtools.fll
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Users\kavedisian\Documents\*.tmp files -> C:\Users\kavedisian\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/08/14 15:21:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/14 14:39:41 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/14 14:39:41 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/14 14:36:45 | 000,660,068 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/08/14 14:36:45 | 000,120,996 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/08/14 14:32:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/14 14:32:14 | 2588,626,944 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/14 11:26:28 | 000,920,576 | ---- | M] () -- C:\Users\kavedisian\Desktop\RogueKiller.exe
[2013/08/14 09:09:06 | 000,029,896 | ---- | M] () -- C:\Users\kavedisian\Documents\TM client list.pdf
[2013/08/13 17:09:53 | 401,757,287 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/08/13 12:45:12 | 000,035,784 | ---- | M] () -- C:\Users\kavedisian\Documents\8-14 calendar.pdf
[2013/08/13 11:48:31 | 000,030,507 | ---- | M] () -- C:\Users\kavedisian\Documents\19119.pdf
[2013/08/09 14:36:16 | 000,022,493 | ---- | M] () -- C:\Users\kavedisian\Documents\8-12 calendar.pdf
[2013/08/09 12:25:50 | 000,279,375 | ---- | M] () -- C:\Users\kavedisian\Documents\Aging as of 8-9-13.pdf
[2013/08/09 11:48:28 | 000,032,260 | ---- | M] () -- C:\Users\kavedisian\Documents\Foley Europe depo invoices.pdf
[2013/08/08 16:34:13 | 000,030,339 | ---- | M] () -- C:\Users\kavedisian\Documents\18871.pdf
[2013/08/08 14:57:57 | 000,033,330 | ---- | M] () -- C:\Users\kavedisian\Documents\8-9 calendar.pdf
[2013/08/07 16:05:04 | 000,021,724 | ---- | M] () -- C:\Users\kavedisian\Documents\8-8 calendar.pdf
[2013/08/07 10:38:56 | 000,030,410 | ---- | M] () -- C:\Users\kavedisian\Documents\19206.pdf
[2013/08/07 09:52:16 | 000,091,917 | ---- | M] () -- C:\Users\kavedisian\Documents\Billing for July 2013.pdf
[2013/08/06 13:58:15 | 000,035,696 | ---- | M] () -- C:\Users\kavedisian\Documents\8-7 calendar.pdf
[2013/08/06 10:47:40 | 000,028,199 | ---- | M] () -- C:\Users\kavedisian\Documents\19097.pdf
[2013/08/06 10:45:58 | 000,031,940 | ---- | M] () -- C:\Users\kavedisian\Documents\Exmark state.pdf
[2013/08/06 09:19:43 | 000,027,253 | ---- | M] () -- C:\Users\kavedisian\Documents\calrep.pdf
[2013/08/05 15:45:48 | 000,058,737 | ---- | M] () -- C:\Users\kavedisian\Documents\TM calendar.pdf
[2013/08/05 12:40:26 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/08/05 12:40:26 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/08/05 12:17:39 | 000,086,888 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIRfsClientNP.dll
[2013/08/05 12:17:38 | 000,092,488 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIinit.dll
[2013/08/05 12:17:38 | 000,031,560 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIport.dll
[2013/08/01 15:52:01 | 000,032,213 | ---- | M] () -- C:\Users\kavedisian\Documents\Atkinson as of 8-1-13.pdf
[2013/08/01 10:52:10 | 000,071,197 | ---- | M] () -- C:\Users\kavedisian\Documents\Aging for all of Foley Offices.pdf
[2013/08/01 10:51:25 | 000,031,604 | ---- | M] () -- C:\Users\kavedisian\Documents\Europ Deposition Aging.pdf
[2013/08/01 10:50:14 | 000,304,895 | ---- | M] () -- C:\Users\kavedisian\Documents\Aging for July 2013.pdf
[2013/07/31 16:46:01 | 000,186,451 | ---- | M] () -- C:\Users\kavedisian\Documents\Cash rec. for July 2013.pdf
[2013/07/30 09:41:07 | 000,032,214 | ---- | M] () -- C:\Users\kavedisian\Documents\Atkinson as of 7-30-13.pdf
[2013/07/24 10:01:43 | 000,032,946 | ---- | M] () -- C:\Users\kavedisian\Documents\calendar.pdf
[2013/07/22 15:45:30 | 000,626,620 | ---- | M] () -- C:\Users\kavedisian\Documents\Firm Listing.pdf
[2013/07/22 14:09:38 | 000,007,916 | ---- | M] () -- C:\Users\kavedisian\Documents\LL calendar up to 8-5-13.pdf
[2013/07/19 08:18:58 | 000,001,025 | ---- | M] () -- C:\Users\Public\Desktop\Extreme Flash Player.lnk
[2013/07/18 18:41:01 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2013/07/18 13:39:32 | 000,023,433 | ---- | M] () -- C:\Users\kavedisian\Documents\Billing for 6 months.pdf
[2013/07/18 13:38:40 | 000,166,436 | ---- | M] () -- C:\Users\kavedisian\Documents\Clinton jobs that billed in 6 months.pdf
[2013/07/16 14:50:11 | 000,018,491 | ---- | M] () -- C:\Users\kavedisian\Documents\BS 5-31.pdf
[2013/07/16 08:35:18 | 000,032,036 | ---- | M] () -- C:\Users\kavedisian\Documents\Foley Europe invoices.pdf
[2013/07/16 08:32:07 | 000,024,008 | ---- | M] () -- C:\Users\kavedisian\Documents\Foley LA as of 7-16.pdf
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Users\kavedisian\Documents\*.tmp files -> C:\Users\kavedisian\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/08/14 11:26:28 | 000,920,576 | ---- | C] () -- C:\Users\kavedisian\Desktop\RogueKiller.exe
[2013/08/14 09:09:06 | 000,029,896 | ---- | C] () -- C:\Users\kavedisian\Documents\TM client list.pdf
[2013/08/13 12:45:12 | 000,035,784 | ---- | C] () -- C:\Users\kavedisian\Documents\8-14 calendar.pdf
[2013/08/13 11:48:31 | 000,030,507 | ---- | C] () -- C:\Users\kavedisian\Documents\19119.pdf
[2013/08/09 14:36:16 | 000,022,493 | ---- | C] () -- C:\Users\kavedisian\Documents\8-12 calendar.pdf
[2013/08/09 12:25:50 | 000,279,375 | ---- | C] () -- C:\Users\kavedisian\Documents\Aging as of 8-9-13.pdf
[2013/08/09 11:48:28 | 000,032,260 | ---- | C] () -- C:\Users\kavedisian\Documents\Foley Europe depo invoices.pdf
[2013/08/08 16:34:13 | 000,030,339 | ---- | C] () -- C:\Users\kavedisian\Documents\18871.pdf
[2013/08/08 14:57:57 | 000,033,330 | ---- | C] () -- C:\Users\kavedisian\Documents\8-9 calendar.pdf
[2013/08/07 16:05:04 | 000,021,724 | ---- | C] () -- C:\Users\kavedisian\Documents\8-8 calendar.pdf
[2013/08/07 10:38:56 | 000,030,410 | ---- | C] () -- C:\Users\kavedisian\Documents\19206.pdf
[2013/08/07 09:52:16 | 000,091,917 | ---- | C] () -- C:\Users\kavedisian\Documents\Billing for July 2013.pdf
[2013/08/06 13:58:15 | 000,035,696 | ---- | C] () -- C:\Users\kavedisian\Documents\8-7 calendar.pdf
[2013/08/06 10:47:40 | 000,028,199 | ---- | C] () -- C:\Users\kavedisian\Documents\19097.pdf
[2013/08/06 10:45:58 | 000,031,940 | ---- | C] () -- C:\Users\kavedisian\Documents\Exmark state.pdf
[2013/08/06 09:19:43 | 000,027,253 | ---- | C] () -- C:\Users\kavedisian\Documents\calrep.pdf
[2013/08/05 15:45:48 | 000,058,737 | ---- | C] () -- C:\Users\kavedisian\Documents\TM calendar.pdf
[2013/08/01 15:52:01 | 000,032,213 | ---- | C] () -- C:\Users\kavedisian\Documents\Atkinson as of 8-1-13.pdf
[2013/08/01 10:52:10 | 000,071,197 | ---- | C] () -- C:\Users\kavedisian\Documents\Aging for all of Foley Offices.pdf
[2013/08/01 10:51:25 | 000,031,604 | ---- | C] () -- C:\Users\kavedisian\Documents\Europ Deposition Aging.pdf
[2013/08/01 10:50:14 | 000,304,895 | ---- | C] () -- C:\Users\kavedisian\Documents\Aging for July 2013.pdf
[2013/07/31 16:46:01 | 000,186,451 | ---- | C] () -- C:\Users\kavedisian\Documents\Cash rec. for July 2013.pdf
[2013/07/30 09:41:07 | 000,032,214 | ---- | C] () -- C:\Users\kavedisian\Documents\Atkinson as of 7-30-13.pdf
[2013/07/24 10:01:43 | 000,032,946 | ---- | C] () -- C:\Users\kavedisian\Documents\calendar.pdf
[2013/07/22 15:45:30 | 000,626,620 | ---- | C] () -- C:\Users\kavedisian\Documents\Firm Listing.pdf
[2013/07/22 14:09:38 | 000,007,916 | ---- | C] () -- C:\Users\kavedisian\Documents\LL calendar up to 8-5-13.pdf
[2013/07/19 08:18:58 | 000,001,025 | ---- | C] () -- C:\Users\Public\Desktop\Extreme Flash Player.lnk
[2013/07/18 13:39:32 | 000,023,433 | ---- | C] () -- C:\Users\kavedisian\Documents\Billing for 6 months.pdf
[2013/07/18 13:38:40 | 000,166,436 | ---- | C] () -- C:\Users\kavedisian\Documents\Clinton jobs that billed in 6 months.pdf
[2013/07/16 14:50:11 | 000,018,491 | ---- | C] () -- C:\Users\kavedisian\Documents\BS 5-31.pdf
[2013/07/16 08:35:18 | 000,032,036 | ---- | C] () -- C:\Users\kavedisian\Documents\Foley Europe invoices.pdf
[2013/07/16 08:32:07 | 000,024,008 | ---- | C] () -- C:\Users\kavedisian\Documents\Foley LA as of 7-16.pdf
[2013/03/20 11:12:49 | 000,000,110 | ---- | C] () -- C:\Windows\Anlyzr5x.ini
[2012/10/31 09:28:58 | 000,017,136 | ---- | C] () -- C:\Windows\System32\sasnative32.exe
[2012/09/07 09:35:44 | 000,000,125 | ---- | C] () -- C:\Windows\Anlyzr5x.ini_test
[2012/09/04 12:53:45 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012/08/28 18:10:29 | 000,103,784 | ---- | C] () -- C:\Users\kavedisian\GoToAssistDownloadHelper.exe
[2012/08/28 11:43:52 | 000,007,609 | ---- | C] () -- C:\Users\kavedisian\AppData\Local\Resmon.ResmonCfg
[2012/08/25 20:23:13 | 000,220,784 | ---- | C] () -- C:\Windows\System32\npnipp.dll
[2012/08/25 20:23:13 | 000,080,152 | ---- | C] () -- C:\Windows\System32\nipplpte.exe
[2012/08/25 20:23:13 | 000,071,960 | ---- | C] () -- C:\Windows\System32\icapture.exe
[2012/08/25 20:23:13 | 000,041,016 | ---- | C] () -- C:\Windows\System32\drivers\nipplpt.sys
[2012/08/25 17:58:14 | 000,000,777 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012/08/25 17:58:14 | 000,000,288 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/08/25 16:51:55 | 000,023,116 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2012/07/13 16:49:06 | 001,832,576 | ---- | C] () -- C:\Windows\System32\noveap.dll
[2012/07/13 16:49:06 | 000,666,752 | ---- | C] () -- C:\Windows\System32\ncloginui.dll
[2012/07/13 16:49:06 | 000,187,520 | ---- | C] () -- C:\Windows\System32\lgnwnt32.dll
[2012/07/13 16:49:06 | 000,156,800 | ---- | C] () -- C:\Windows\System32\mapbase.dll
[2012/07/13 16:49:06 | 000,111,232 | ---- | C] () -- C:\Windows\System32\drivers\ncrecognizer.sys
[2012/07/13 16:49:06 | 000,091,776 | ---- | C] () -- C:\Windows\System32\drivers\ncfilter.sys
[2012/07/13 16:49:06 | 000,066,176 | ---- | C] () -- C:\Windows\System32\slpinfo.exe
[2012/07/13 16:49:06 | 000,034,944 | ---- | C] () -- C:\Windows\System32\nwtray.exe
[2012/07/13 16:49:06 | 000,026,240 | ---- | C] () -- C:\Windows\System32\loginw32.exe
[2012/07/13 16:49:06 | 000,022,656 | ---- | C] () -- C:\Windows\System32\drivers\ncuncfilter.sys
[2012/07/13 16:49:04 | 000,461,952 | ---- | C] () -- C:\Windows\System32\nccredprovider.dll
[2012/07/13 16:49:04 | 000,092,800 | ---- | C] () -- C:\Windows\System32\nclangid.dll
[2012/07/13 16:49:04 | 000,039,552 | ---- | C] () -- C:\Windows\System32\ncv1_0.dll
[2012/07/13 16:49:04 | 000,014,464 | ---- | C] () -- C:\Windows\System32\nccredlogonext.dll
[2011/11/27 20:14:52 | 000,909,440 | ---- | C] () -- C:\Windows\System32\ncnetprovider.dll
[2011/11/27 20:14:52 | 000,230,528 | ---- | C] () -- C:\Windows\System32\nwshlxnt.dll
[2007/11/13 14:23:56 | 000,131,072 | ---- | C] () -- C:\Users\kavedisian\AppData\Roaming\hndlib.dll
[2005/12/12 14:43:44 | 000,072,192 | ---- | C] () -- C:\Users\kavedisian\AppData\Roaming\zlib.dll
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 18:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: EXPLORER.EXE  >
[2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\Windows.old\Windows\explorer.exe
[2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/25 22:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 04:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/02 22:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/02 22:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/30 23:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: SERVICES.EXE  >
[2009/02/06 04:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\Windows.old\Windows\$hf_mig$\KB956572\SP3QFE\services.exe
[2009/07/13 18:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/13 18:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009/02/06 04:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\Windows.old\Windows\system32\dllcache\services.exe
[2009/02/06 04:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\Windows.old\Windows\system32\services.exe
 
< MD5 for: SVCHOST.EXE  >
[2008/04/14 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\Windows.old\Windows\system32\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2008/04/14 05:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\Windows.old\Windows\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/10/27 23:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/27 22:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 04:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 04:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/13 18:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 05:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\Windows.old\Windows\system32\winlogon.exe
 
< %systemroot%\*. /rp /s >
 
========== Drive Information ==========
 
Physical Drives
---------------
 
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD2500AAJS-75M0A0 ATA Device
Partitions: 2
Status: OK
Status Info: 0
 
Partitions
---------------
 
DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 39.00MB
Starting Offset: 32256
Hidden sectors: 0
 
 
DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 233.00GB
Starting Offset: 41943040
Hidden sectors: 0
 
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\System32\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction

< End of report >


OTL 2

 

OTL logfile created on: 8/14/2013 3:59:50 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\kavedisian\Desktop\Karmen Clean up 8.14.2013
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.21 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 53.58% Memory free
6.43 Gb Paging File | 5.17 Gb Available in Paging File | 80.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 179.32 Gb Free Space | 77.03% Space Free | Partition Type: NTFS
 
Computer Name: WSN6 | User Name: kavedisian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/08/14 15:49:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\kavedisian\Desktop\Karmen Clean up 8.14.2013\OTL.exe
PRC - [2013/08/05 12:40:26 | 000,814,984 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe
PRC - [2013/08/05 12:18:16 | 000,202,576 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2013/08/05 12:17:38 | 000,375,120 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2013/04/22 21:25:02 | 000,071,960 | ---- | M] (Novell, Inc.) -- C:\Windows\System32\iprntlgn.exe
PRC - [2013/04/22 21:25:02 | 000,067,864 | ---- | M] (Novell, Inc.) -- C:\Windows\System32\iprntctl.exe
PRC - [2013/04/22 19:06:24 | 000,057,344 | ---- | M] (Novell, Inc.) -- C:\Windows\System32\iprntsrv.exe
PRC - [2012/11/22 19:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/11/03 07:22:24 | 001,785,792 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\Smc.exe
PRC - [2012/11/03 07:22:22 | 000,143,928 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
PRC - [2012/07/13 16:49:06 | 000,034,944 | ---- | M] () -- C:\Windows\System32\nwtray.exe
PRC - [2012/07/13 16:49:06 | 000,017,024 | ---- | M] (Novell, Inc.) -- C:\Program Files\Novell\Client\XTier\Services\xtsvcmgr.exe
PRC - [2012/06/08 12:06:24 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2012/06/08 12:06:24 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2011/11/02 02:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/10/07 15:33:54 | 001,433,675 | ---- | M] (Novell, Inc.) -- C:\Program Files\Novell\Messenger\NMCL32.exe
PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 04:17:32 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rdpclip.exe
PRC - [2009/07/21 14:40:56 | 002,066,968 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
PRC - [2009/07/21 14:40:52 | 000,796,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
PRC - [2009/07/21 14:40:50 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2009/07/13 18:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PrintIsolationHost.exe
PRC - [2009/06/24 20:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2007/01/10 11:52:02 | 000,061,440 | ---- | M] (Novell, Inc.) -- C:\Windows\System32\novell\xtagent.exe
PRC - [2006/06/13 06:52:18 | 000,113,152 | ---- | M] (Novell, Inc.) -- C:\Program Files\Novell\ZENworks\NALNTSRV.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/07/22 08:00:59 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll
MOD - [2013/07/22 08:00:28 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll
MOD - [2013/07/22 07:59:58 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll
MOD - [2013/07/22 07:59:53 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll
MOD - [2013/07/22 07:59:49 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll
MOD - [2013/07/22 07:59:21 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2012/07/13 16:49:06 | 000,909,440 | ---- | M] () -- C:\Windows\System32\ncnetprovider.dll
MOD - [2012/07/13 16:49:06 | 000,230,528 | ---- | M] () -- C:\Windows\System32\nwshlxnt.dll
MOD - [2012/07/13 16:49:06 | 000,156,800 | ---- | M] () -- C:\Windows\System32\mapbase.dll
MOD - [2012/07/13 16:49:06 | 000,034,944 | ---- | M] () -- C:\Windows\System32\nwtray.exe
MOD - [2012/07/13 16:49:04 | 000,092,800 | ---- | M] () -- C:\Windows\System32\nclangid.dll
MOD - [2012/07/13 16:05:50 | 000,488,448 | ---- | M] () -- C:\Windows\System32\nls\english\ncnetproviderr.dll
MOD - [2012/07/13 16:04:28 | 000,101,376 | ---- | M] () -- C:\Windows\System32\nls\english\nwshlxntr.dll
MOD - [2012/07/13 16:03:32 | 000,086,016 | ---- | M] () -- C:\Windows\System32\nls\english\mapbaser.dll
MOD - [2012/07/13 15:58:44 | 000,015,872 | ---- | M] () -- C:\Windows\System32\nls\english\nclangidr.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013/08/05 12:40:27 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/05 12:18:16 | 000,202,576 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2013/08/05 12:17:38 | 000,375,120 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2013/05/26 21:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/04/22 19:06:24 | 000,057,344 | ---- | M] (Novell, Inc.) [Auto | Running] -- C:\Windows\System32\iprntsrv.exe -- (iprntsrv)
SRV - [2012/11/03 07:22:24 | 001,785,792 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\Smc.exe -- (SmcService)
SRV - [2012/11/03 07:22:24 | 000,288,208 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\snac.exe -- (SNAC)
SRV - [2012/11/03 07:22:22 | 000,143,928 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe -- (SepMasterService)
SRV - [2012/08/28 18:10:38 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)
SRV - [2012/08/26 00:18:55 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/08/25 17:01:38 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/07/13 17:17:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/13 16:49:06 | 000,017,024 | ---- | M] (Novell, Inc.) [Auto | Running] -- C:\Program Files\Novell\Client\XTier\Services\xtsvcmgr.exe -- (XTSvcMgr)
SRV - [2012/06/08 12:06:24 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2009/07/21 14:40:56 | 002,066,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS)
SRV - [2009/07/21 14:40:50 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS)
SRV - [2009/07/13 18:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2007/01/10 11:52:02 | 000,061,440 | ---- | M] (Novell, Inc.) [Auto | Running] -- C:\Windows\System32\novell\xtagent.exe -- (XTAgent)
SRV - [2006/06/13 06:52:18 | 000,113,152 | ---- | M] (Novell, Inc.) [Auto | Running] -- C:\Program Files\Novell\ZENworks\NALNTSRV.EXE -- (NALNTSERVICE)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\drfemvu.sys -- (fcrt)
DRV - [2013/08/05 12:18:14 | 000,013,624 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2013/08/05 12:17:39 | 000,086,888 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2013/08/05 07:40:33 | 001,611,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\VirusDefs\20130814.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/08/05 07:40:32 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/08/05 07:40:32 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\VirusDefs\20130814.002\NAVENG.SYS -- (NAVENG)
DRV - [2013/07/08 08:06:27 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\IPSDefs\20130813.011\IDSvix86.sys -- (IDSVix86)
DRV - [2013/05/31 10:00:17 | 001,002,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\BASHDefs\20130716.011\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/04/22 21:25:04 | 000,041,016 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\nipplpt.sys -- (nipplpt2)
DRV - [2013/03/29 12:49:25 | 000,111,584 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SysPlant.sys -- (SysPlant)
DRV - [2013/03/29 11:11:51 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/03/25 08:40:00 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/11/03 07:22:26 | 000,927,904 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\SEP\0C0107DF\07DF.105\x86\SymEFA.sys -- (SymEFA)
DRV - [2012/11/03 07:22:26 | 000,585,888 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\SEP\0C0107DF\07DF.105\x86\srtsp.sys -- (SRTSP)
DRV - [2012/11/03 07:22:26 | 000,368,288 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SEP\0C0107DF\07DF.105\x86\SymDS.sys -- (SymDS)
DRV - [2012/11/03 07:22:26 | 000,338,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SEP\0C0107DF\07DF.105\x86\symnets.sys -- (SYMNETS)
DRV - [2012/11/03 07:22:26 | 000,175,264 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SEP\0C0107DF\07DF.105\x86\Ironx86.sys -- (SymIRON)
DRV - [2012/11/03 07:22:26 | 000,134,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SEP\0C0107DF\07DF.105\x86\ccSetx86.sys -- (ccSettings_{29AC8EDB-F22A-46D3-9D66-4244585EAD0A})
DRV - [2012/11/03 07:22:26 | 000,075,528 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\Teefer.sys -- (Teefer2)
DRV - [2012/11/03 07:22:26 | 000,032,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SEP\0C0107DF\07DF.105\x86\srtspx.sys -- (SRTSPX)
DRV - [2012/11/03 07:22:24 | 000,028,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\SyDvCtrl32.sys -- (SyDvCtrl)
DRV - [2012/08/23 07:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 07:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/08/16 13:32:46 | 000,074,368 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\ncpfsp.sys -- (ncpfsp)
DRV - [2012/07/13 16:49:06 | 000,111,232 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\System32\drivers\ncrecognizer.sys -- (NCRecognizer)
DRV - [2012/07/13 16:49:06 | 000,096,896 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\nds4.sys -- (nds4)
DRV - [2012/07/13 16:49:06 | 000,091,776 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\System32\drivers\ncfilter.sys -- (NCFilter)
DRV - [2012/07/13 16:49:06 | 000,091,264 | ---- | M] () [File_System | Auto | Running] -- C:\Program Files\Novell\Client\XTier\Drivers\ncfsd.sys -- (NCFSD)
DRV - [2012/07/13 16:49:06 | 000,066,176 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\ndmndap.sys -- (ndmndap)
DRV - [2012/07/13 16:49:06 | 000,065,152 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\nciom.sys -- (nciom)
DRV - [2012/07/13 16:49:06 | 000,064,128 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\ncp.sys -- (ncp)
DRV - [2012/07/13 16:49:06 | 000,061,568 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\Novell\Client\XTier\Drivers\ncioctl.sys -- (NCIOCTL)
DRV - [2012/07/13 16:49:06 | 000,045,696 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\nipctl.sys -- (nipctl)
DRV - [2012/07/13 16:49:06 | 000,045,184 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\xtxplat.sys -- (xtxplat)
DRV - [2012/07/13 16:49:06 | 000,041,088 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\ncpl.sys -- (ncpl)
DRV - [2012/07/13 16:49:06 | 000,030,848 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\niam.sys -- (niam)
DRV - [2012/07/13 16:49:06 | 000,028,800 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\nsvccost.sys -- (nsvccost)
DRV - [2012/07/13 16:49:06 | 000,028,800 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\nscm.sys -- (nscm)
DRV - [2012/07/13 16:49:06 | 000,027,264 | ---- | M] (Novell, Inc.) [Kernel | System | Running] -- C:\Program Files\Novell\Client\XTier\Drivers\nicm.sys -- (NICM)
DRV - [2012/07/13 16:49:06 | 000,026,752 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\nccache.sys -- (nccache)
DRV - [2012/07/13 16:49:06 | 000,022,656 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\System32\drivers\ncuncfilter.sys -- (NCUncFilter)
DRV - [2012/07/13 16:49:06 | 000,022,144 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\nsns.sys -- (nsns)
DRV - [2012/07/13 16:49:06 | 000,018,560 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\ndm.sys -- (ndm)
DRV - [2012/06/08 12:06:24 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/11/20 04:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 04:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 04:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 01:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 01:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/11/06 01:35:22 | 000,214,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress)
DRV - [2009/07/13 16:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/06/23 15:28:12 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USREL/1
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGHP_enUS504
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.15.1:8080
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@ei.CouponXplorer_5z.com/Plugin: C:\Program Files\CouponXplorer_5zEI\Installr\1.bin\NP5zEISB.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@novell.com/iPrint: C:\Windows\system32 [2013/08/14 15:46:09 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\IPSFFPlgn\ [2013/03/29 12:50:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/08/05 12:31:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/08/05 12:31:18 | 000,000,000 | ---D | M]
 
[2012/08/25 19:24:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kavedisian\AppData\Roaming\Mozilla\Extensions
[2013/08/14 11:58:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kavedisian\AppData\Roaming\Mozilla\Firefox\Profiles\u61p5o82.default\extensions
[2013/01/30 11:27:42 | 000,205,094 | ---- | M] () (No name found) -- C:\Users\kavedisian\AppData\Roaming\Mozilla\Firefox\Profiles\u61p5o82.default\extensions\clickmoviedownloader@clickmoviedownloader.com.xpi
[2012/08/25 19:24:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/08/25 19:24:35 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\PROGRAM FILES\COUPONS.COM COUPONBAR\FIREFOX\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\COUPONS.COM.XPI
File not found (No name found) -- C:\PROGRAMDATA\BROWSERPROTECT\2.6.1095.52\{C16C1CCB-7046-4E5C-A2F3-533AD2FEC8E8}\FIREFOXEXTENSION
File not found (No name found) -- C:\USERS\KAVEDISIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U61P5O82.DEFAULT\EXTENSIONS\FFXTLBR@DELTA.COM
File not found (No name found) -- C:\USERS\KAVEDISIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U61P5O82.DEFAULT\EXTENSIONS\PLUGIN@YONTOO.COM
[2012/07/13 17:17:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/24 10:39:38 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2012/07/13 17:16:36 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2012/07/13 17:16:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/13 17:16:36 | 000,001,131 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2012/07/13 17:16:36 | 000,003,368 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2012/07/13 17:16:36 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/07/13 17:16:36 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2012/07/13 17:16:36 | 000,001,096 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml
 
O1 HOSTS File: ([2009/06/10 14:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iPrint Event Monitor] C:\Windows\System32\iprntlgn.exe (Novell, Inc.)
O4 - HKLM..\Run: [iPrint Tray] C:\Windows\System32\iprntctl.exe (Novell, Inc.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [NWTRAY] C:\Windows\System32\nwtray.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [ShopAtHomeWatcher] C:\Users\kavedisian\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe File not found
O4 - HKCU..\Run: [Novell Messenger] C:\Program Files\Novell\Messenger\NMCL32.exe (Novell, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Program Files\Novell\Messenger\NMCL32.exe (Novell, Inc.)
O9 - Extra 'Tools' menuitem : Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Program Files\Novell\Messenger\NMCL32.exe (Novell, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Program Files\Novell\ZENworks\AxNalServer.dll (Novell, Inc)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: att.net ([loginprodx] https in Trusted sites)
O15 - HKCU\..Trusted Domains: live.com ([login] http in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([att.my] http in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{493139D8-9CA8-4053-8684-BAC9BC9BC33D}: DhcpNameServer = 192.168.15.2
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\615\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NetIdentity Notification: DllName - (C:\Windows\system32\Novell\XtNotify.dll) - C:\Windows\System32\novell\xtnotify.dll (Novell, Inc.)
O20 - Winlogon\Notify\SEP: DllName - (C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\WinLogoutNotifier.dll) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {763370C4-268E-4308-A60C-D8DA0342BE32} - C:\Program Files\Novell\ZENworks\NalShell.dll (Novell, Inc)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (ncv1_0) - C:\Windows\System32\ncv1_0.dll ()
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bak -- [ NTFS ]
O32 - AutoRun File - [2012/08/25 17:36:00 | 000,000,083 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/08/14 13:11:12 | 000,000,000 | ---D | C] -- C:\Users\kavedisian\Desktop\Karmen Clean up 8.14.2013
[2013/08/14 11:54:52 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/08/14 11:32:41 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/08/14 10:48:06 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2013/08/10 16:30:57 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/08/10 15:28:16 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
[2013/08/10 15:28:15 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys
[2013/08/10 15:28:15 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpvideominiport.sys
[2013/08/10 15:28:15 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
[2013/08/10 15:28:15 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RdpGroupPolicyExtension.dll
[2013/08/10 15:28:14 | 002,739,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll
[2013/08/10 15:28:14 | 000,317,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe
[2013/08/10 15:28:14 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2013/08/10 15:28:14 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpudd.dll
[2013/08/10 15:28:14 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp_winip.dll
[2013/08/10 15:28:14 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWbPrxy.exe
[2013/08/10 15:28:14 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsRdpWebAccess.dll
[2013/08/10 15:28:14 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2013/08/10 15:28:14 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll
[2013/08/10 15:28:14 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprtPS.dll
[2013/08/10 15:27:58 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2013/08/10 14:58:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2013/08/05 12:26:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\postureAgent
[2013/08/05 12:26:18 | 001,006,104 | ---- | C] (Intel Corporation) -- C:\Windows\System32\mesoludlg.exe
[2013/08/05 12:26:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Management and Security
[2013/08/05 12:26:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2013/07/19 08:41:42 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstaller
[2013/07/19 08:28:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAFPlayer
[2013/07/19 08:28:50 | 000,000,000 | ---D | C] -- C:\Program Files\Tuguu SL
[2013/07/19 08:28:50 | 000,000,000 | ---D | C] -- C:\Users\kavedisian\AppData\Roaming\player
[2013/07/19 08:27:16 | 000,000,000 | ---D | C] -- C:\Users\kavedisian\Documents\PC Speed Boost
[2013/07/19 08:27:14 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/07/19 08:21:25 | 000,000,000 | ---D | C] -- C:\Program Files\Files Access
[2013/07/19 08:18:55 | 000,000,000 | ---D | C] -- C:\Program Files\Extreme Flash Player
[2013/07/18 12:14:01 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2008/03/19 17:04:30 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Users\kavedisian\AppData\Roaming\foxtools.fll
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Users\kavedisian\Documents\*.tmp files -> C:\Users\kavedisian\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/08/14 15:21:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/14 14:39:41 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/14 14:39:41 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/14 14:36:45 | 000,660,068 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/08/14 14:36:45 | 000,120,996 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/08/14 14:32:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/14 14:32:14 | 2588,626,944 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/14 11:26:28 | 000,920,576 | ---- | M] () -- C:\Users\kavedisian\Desktop\RogueKiller.exe
[2013/08/14 09:09:06 | 000,029,896 | ---- | M] () -- C:\Users\kavedisian\Documents\TM client list.pdf
[2013/08/13 17:09:53 | 401,757,287 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/08/13 12:45:12 | 000,035,784 | ---- | M] () -- C:\Users\kavedisian\Documents\8-14 calendar.pdf
[2013/08/13 11:48:31 | 000,030,507 | ---- | M] () -- C:\Users\kavedisian\Documents\19119.pdf
[2013/08/09 14:36:16 | 000,022,493 | ---- | M] () -- C:\Users\kavedisian\Documents\8-12 calendar.pdf
[2013/08/09 12:25:50 | 000,279,375 | ---- | M] () -- C:\Users\kavedisian\Documents\Aging as of 8-9-13.pdf
[2013/08/09 11:48:28 | 000,032,260 | ---- | M] () -- C:\Users\kavedisian\Documents\Foley Europe depo invoices.pdf
[2013/08/08 16:34:13 | 000,030,339 | ---- | M] () -- C:\Users\kavedisian\Documents\18871.pdf
[2013/08/08 14:57:57 | 000,033,330 | ---- | M] () -- C:\Users\kavedisian\Documents\8-9 calendar.pdf
[2013/08/07 16:05:04 | 000,021,724 | ---- | M] () -- C:\Users\kavedisian\Documents\8-8 calendar.pdf
[2013/08/07 10:38:56 | 000,030,410 | ---- | M] () -- C:\Users\kavedisian\Documents\19206.pdf
[2013/08/07 09:52:16 | 000,091,917 | ---- | M] () -- C:\Users\kavedisian\Documents\Billing for July 2013.pdf
[2013/08/06 13:58:15 | 000,035,696 | ---- | M] () -- C:\Users\kavedisian\Documents\8-7 calendar.pdf
[2013/08/06 10:47:40 | 000,028,199 | ---- | M] () -- C:\Users\kavedisian\Documents\19097.pdf
[2013/08/06 10:45:58 | 000,031,940 | ---- | M] () -- C:\Users\kavedisian\Documents\Exmark state.pdf
[2013/08/06 09:19:43 | 000,027,253 | ---- | M] () -- C:\Users\kavedisian\Documents\calrep.pdf
[2013/08/05 15:45:48 | 000,058,737 | ---- | M] () -- C:\Users\kavedisian\Documents\TM calendar.pdf
[2013/08/05 12:40:26 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/08/05 12:40:26 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/08/05 12:17:39 | 000,086,888 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIRfsClientNP.dll
[2013/08/05 12:17:38 | 000,092,488 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIinit.dll
[2013/08/05 12:17:38 | 000,031,560 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIport.dll
[2013/08/01 15:52:01 | 000,032,213 | ---- | M] () -- C:\Users\kavedisian\Documents\Atkinson as of 8-1-13.pdf
[2013/08/01 10:52:10 | 000,071,197 | ---- | M] () -- C:\Users\kavedisian\Documents\Aging for all of Foley Offices.pdf
[2013/08/01 10:51:25 | 000,031,604 | ---- | M] () -- C:\Users\kavedisian\Documents\Europ Deposition Aging.pdf
[2013/08/01 10:50:14 | 000,304,895 | ---- | M] () -- C:\Users\kavedisian\Documents\Aging for July 2013.pdf
[2013/07/31 16:46:01 | 000,186,451 | ---- | M] () -- C:\Users\kavedisian\Documents\Cash rec. for July 2013.pdf
[2013/07/30 09:41:07 | 000,032,214 | ---- | M] () -- C:\Users\kavedisian\Documents\Atkinson as of 7-30-13.pdf
[2013/07/24 10:01:43 | 000,032,946 | ---- | M] () -- C:\Users\kavedisian\Documents\calendar.pdf
[2013/07/22 15:45:30 | 000,626,620 | ---- | M] () -- C:\Users\kavedisian\Documents\Firm Listing.pdf
[2013/07/22 14:09:38 | 000,007,916 | ---- | M] () -- C:\Users\kavedisian\Documents\LL calendar up to 8-5-13.pdf
[2013/07/19 08:18:58 | 000,001,025 | ---- | M] () -- C:\Users\Public\Desktop\Extreme Flash Player.lnk
[2013/07/18 18:41:01 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2013/07/18 13:39:32 | 000,023,433 | ---- | M] () -- C:\Users\kavedisian\Documents\Billing for 6 months.pdf
[2013/07/18 13:38:40 | 000,166,436 | ---- | M] () -- C:\Users\kavedisian\Documents\Clinton jobs that billed in 6 months.pdf
[2013/07/16 14:50:11 | 000,018,491 | ---- | M] () -- C:\Users\kavedisian\Documents\BS 5-31.pdf
[2013/07/16 08:35:18 | 000,032,036 | ---- | M] () -- C:\Users\kavedisian\Documents\Foley Europe invoices.pdf
[2013/07/16 08:32:07 | 000,024,008 | ---- | M] () -- C:\Users\kavedisian\Documents\Foley LA as of 7-16.pdf
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Users\kavedisian\Documents\*.tmp files -> C:\Users\kavedisian\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/08/14 11:26:28 | 000,920,576 | ---- | C] () -- C:\Users\kavedisian\Desktop\RogueKiller.exe
[2013/08/14 09:09:06 | 000,029,896 | ---- | C] () -- C:\Users\kavedisian\Documents\TM client list.pdf
[2013/08/13 12:45:12 | 000,035,784 | ---- | C] () -- C:\Users\kavedisian\Documents\8-14 calendar.pdf
[2013/08/13 11:48:31 | 000,030,507 | ---- | C] () -- C:\Users\kavedisian\Documents\19119.pdf
[2013/08/09 14:36:16 | 000,022,493 | ---- | C] () -- C:\Users\kavedisian\Documents\8-12 calendar.pdf
[2013/08/09 12:25:50 | 000,279,375 | ---- | C] () -- C:\Users\kavedisian\Documents\Aging as of 8-9-13.pdf
[2013/08/09 11:48:28 | 000,032,260 | ---- | C] () -- C:\Users\kavedisian\Documents\Foley Europe depo invoices.pdf
[2013/08/08 16:34:13 | 000,030,339 | ---- | C] () -- C:\Users\kavedisian\Documents\18871.pdf
[2013/08/08 14:57:57 | 000,033,330 | ---- | C] () -- C:\Users\kavedisian\Documents\8-9 calendar.pdf
[2013/08/07 16:05:04 | 000,021,724 | ---- | C] () -- C:\Users\kavedisian\Documents\8-8 calendar.pdf
[2013/08/07 10:38:56 | 000,030,410 | ---- | C] () -- C:\Users\kavedisian\Documents\19206.pdf
[2013/08/07 09:52:16 | 000,091,917 | ---- | C] () -- C:\Users\kavedisian\Documents\Billing for July 2013.pdf
[2013/08/06 13:58:15 | 000,035,696 | ---- | C] () -- C:\Users\kavedisian\Documents\8-7 calendar.pdf
[2013/08/06 10:47:40 | 000,028,199 | ---- | C] () -- C:\Users\kavedisian\Documents\19097.pdf
[2013/08/06 10:45:58 | 000,031,940 | ---- | C] () -- C:\Users\kavedisian\Documents\Exmark state.pdf
[2013/08/06 09:19:43 | 000,027,253 | ---- | C] () -- C:\Users\kavedisian\Documents\calrep.pdf
[2013/08/05 15:45:48 | 000,058,737 | ---- | C] () -- C:\Users\kavedisian\Documents\TM calendar.pdf
[2013/08/01 15:52:01 | 000,032,213 | ---- | C] () -- C:\Users\kavedisian\Documents\Atkinson as of 8-1-13.pdf
[2013/08/01 10:52:10 | 000,071,197 | ---- | C] () -- C:\Users\kavedisian\Documents\Aging for all of Foley Offices.pdf
[2013/08/01 10:51:25 | 000,031,604 | ---- | C] () -- C:\Users\kavedisian\Documents\Europ Deposition Aging.pdf
[2013/08/01 10:50:14 | 000,304,895 | ---- | C] () -- C:\Users\kavedisian\Documents\Aging for July 2013.pdf
[2013/07/31 16:46:01 | 000,186,451 | ---- | C] () -- C:\Users\kavedisian\Documents\Cash rec. for July 2013.pdf
[2013/07/30 09:41:07 | 000,032,214 | ---- | C] () -- C:\Users\kavedisian\Documents\Atkinson as of 7-30-13.pdf
[2013/07/24 10:01:43 | 000,032,946 | ---- | C] () -- C:\Users\kavedisian\Documents\calendar.pdf
[2013/07/22 15:45:30 | 000,626,620 | ---- | C] () -- C:\Users\kavedisian\Documents\Firm Listing.pdf
[2013/07/22 14:09:38 | 000,007,916 | ---- | C] () -- C:\Users\kavedisian\Documents\LL calendar up to 8-5-13.pdf
[2013/07/19 08:18:58 | 000,001,025 | ---- | C] () -- C:\Users\Public\Desktop\Extreme Flash Player.lnk
[2013/07/18 13:39:32 | 000,023,433 | ---- | C] () -- C:\Users\kavedisian\Documents\Billing for 6 months.pdf
[2013/07/18 13:38:40 | 000,166,436 | ---- | C] () -- C:\Users\kavedisian\Documents\Clinton jobs that billed in 6 months.pdf
[2013/07/16 14:50:11 | 000,018,491 | ---- | C] () -- C:\Users\kavedisian\Documents\BS 5-31.pdf
[2013/07/16 08:35:18 | 000,032,036 | ---- | C] () -- C:\Users\kavedisian\Documents\Foley Europe invoices.pdf
[2013/07/16 08:32:07 | 000,024,008 | ---- | C] () -- C:\Users\kavedisian\Documents\Foley LA as of 7-16.pdf
[2013/03/20 11:12:49 | 000,000,110 | ---- | C] () -- C:\Windows\Anlyzr5x.ini
[2012/10/31 09:28:58 | 000,017,136 | ---- | C] () -- C:\Windows\System32\sasnative32.exe
[2012/09/07 09:35:44 | 000,000,125 | ---- | C] () -- C:\Windows\Anlyzr5x.ini_test
[2012/09/04 12:53:45 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012/08/28 18:10:29 | 000,103,784 | ---- | C] () -- C:\Users\kavedisian\GoToAssistDownloadHelper.exe
[2012/08/28 11:43:52 | 000,007,609 | ---- | C] () -- C:\Users\kavedisian\AppData\Local\Resmon.ResmonCfg
[2012/08/25 20:23:13 | 000,220,784 | ---- | C] () -- C:\Windows\System32\npnipp.dll
[2012/08/25 20:23:13 | 000,080,152 | ---- | C] () -- C:\Windows\System32\nipplpte.exe
[2012/08/25 20:23:13 | 000,071,960 | ---- | C] () -- C:\Windows\System32\icapture.exe
[2012/08/25 20:23:13 | 000,041,016 | ---- | C] () -- C:\Windows\System32\drivers\nipplpt.sys
[2012/08/25 17:58:14 | 000,000,777 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012/08/25 17:58:14 | 000,000,288 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/08/25 16:51:55 | 000,023,116 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2012/07/13 16:49:06 | 001,832,576 | ---- | C] () -- C:\Windows\System32\noveap.dll
[2012/07/13 16:49:06 | 000,666,752 | ---- | C] () -- C:\Windows\System32\ncloginui.dll
[2012/07/13 16:49:06 | 000,187,520 | ---- | C] () -- C:\Windows\System32\lgnwnt32.dll
[2012/07/13 16:49:06 | 000,156,800 | ---- | C] () -- C:\Windows\System32\mapbase.dll
[2012/07/13 16:49:06 | 000,111,232 | ---- | C] () -- C:\Windows\System32\drivers\ncrecognizer.sys
[2012/07/13 16:49:06 | 000,091,776 | ---- | C] () -- C:\Windows\System32\drivers\ncfilter.sys
[2012/07/13 16:49:06 | 000,066,176 | ---- | C] () -- C:\Windows\System32\slpinfo.exe
[2012/07/13 16:49:06 | 000,034,944 | ---- | C] () -- C:\Windows\System32\nwtray.exe
[2012/07/13 16:49:06 | 000,026,240 | ---- | C] () -- C:\Windows\System32\loginw32.exe
[2012/07/13 16:49:06 | 000,022,656 | ---- | C] () -- C:\Windows\System32\drivers\ncuncfilter.sys
[2012/07/13 16:49:04 | 000,461,952 | ---- | C] () -- C:\Windows\System32\nccredprovider.dll
[2012/07/13 16:49:04 | 000,092,800 | ---- | C] () -- C:\Windows\System32\nclangid.dll
[2012/07/13 16:49:04 | 000,039,552 | ---- | C] () -- C:\Windows\System32\ncv1_0.dll
[2012/07/13 16:49:04 | 000,014,464 | ---- | C] () -- C:\Windows\System32\nccredlogonext.dll
[2011/11/27 20:14:52 | 000,909,440 | ---- | C] () -- C:\Windows\System32\ncnetprovider.dll
[2011/11/27 20:14:52 | 000,230,528 | ---- | C] () -- C:\Windows\System32\nwshlxnt.dll
[2007/11/13 14:23:56 | 000,131,072 | ---- | C] () -- C:\Users\kavedisian\AppData\Roaming\hndlib.dll
[2005/12/12 14:43:44 | 000,072,192 | ---- | C] () -- C:\Users\kavedisian\AppData\Roaming\zlib.dll
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 18:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: EXPLORER.EXE  >
[2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\Windows.old\Windows\explorer.exe
[2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/25 22:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 04:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/02 22:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/02 22:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/30 23:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: SERVICES.EXE  >
[2009/02/06 04:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\Windows.old\Windows\$hf_mig$\KB956572\SP3QFE\services.exe
[2009/07/13 18:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/13 18:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009/02/06 04:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\Windows.old\Windows\system32\dllcache\services.exe
[2009/02/06 04:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\Windows.old\Windows\system32\services.exe
 
< MD5 for: SVCHOST.EXE  >
[2008/04/14 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\Windows.old\Windows\system32\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2008/04/14 05:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\Windows.old\Windows\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/10/27 23:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/27 22:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 04:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 04:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/13 18:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 05:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\Windows.old\Windows\system32\winlogon.exe
 
< %systemroot%\*. /rp /s >
 
========== Drive Information ==========
 
Physical Drives
---------------
 
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD2500AAJS-75M0A0 ATA Device
Partitions: 2
Status: OK
Status Info: 0
 
Partitions
---------------
 
DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 39.00MB
Starting Offset: 32256
Hidden sectors: 0
 
 
DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 233.00GB
Starting Offset: 41943040
Hidden sectors: 0
 
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\System32\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction

< End of report >



#15 depogirl

depogirl
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 AM

Posted 14 August 2013 - 06:17 PM

Extras 1

 

OTL Extras logfile created on: 8/14/2013 3:59:50 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\kavedisian\Desktop\Karmen Clean up 8.14.2013
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.21 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 53.58% Memory free
6.43 Gb Paging File | 5.17 Gb Available in Paging File | 80.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 179.32 Gb Free Space | 77.03% Space Free | Partition Type: NTFS
 
Computer Name: WSN6 | User Name: kavedisian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\Advanced System Protector\filetypehelper.exe -scanunknown "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{28D4AC4D-E3ED-43F7-9D2E-ED62DCC1F34E}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{35EBD958-F0C9-4D44-A7DF-97753A44032E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{98693ACD-CBB3-4793-9194-233E63B939FC}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{C970E51B-1743-4FC5-8EBE-A34F077AFD6F}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{EA0007A1-7F4F-45B2-A7BC-52BDF0C74F54}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10AEFEAA-7322-4483-A7AF-E02D47F3CC9C}" = protocol=6 | dir=in | app=c:\program files\novell\groupwise\grpwise.exe |
"{1BA4EAF2-36C6-468E-99E7-954A4A0A1BF7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{213F4395-935C-496D-A5D8-0F983E13B1A7}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{37D67CAC-9AD2-4087-9B66-D99D0E48BEC4}" = protocol=6 | dir=in | app=c:\program files\novell\groupwise\notify.exe |
"{5A14F055-B9FA-4847-B408-4B34B3122391}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\12.1.2015.2015.105\bin\smc.exe |
"{5CE7BDBC-6E90-4C6B-AB9B-FAE35001875A}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{646991CB-83AB-436F-A9D1-45C2DFF2488E}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\12.1.2015.2015.105\bin\snac.exe |
"{6B19BCD6-7ABE-49F0-9E86-EF66DDAF2645}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{74AA60C0-8418-4C67-AC1C-38AA6C03A5C1}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\12.1.2015.2015.105\bin\snac.exe |
"{7D4ACC1A-7CB0-405A-B9BC-7EAD0032A243}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{A07B17AB-68DC-4C3A-86BA-18E01DB93C3D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{E90BDD1B-4273-4BAC-AC87-FBCC376C7914}" = protocol=17 | dir=in | app=c:\program files\novell\groupwise\notify.exe |
"{F2B6E900-9A3A-42EF-AC96-604C6E328671}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\12.1.2015.2015.105\bin\smc.exe |
"{F8A04A29-0A33-4A06-A949-047F67CA4A20}" = protocol=17 | dir=in | app=c:\program files\novell\groupwise\grpwise.exe |
"TCP Query User{60FA036F-D558-4DE2-9CB7-0FCE330FCDDC}\\fs1\sys\public\clntrust.exe" = protocol=6 | dir=in | app=\\fs1\sys\public\clntrust.exe |
"UDP Query User{45F626EA-CD3F-4442-8970-9F403D52A528}\\fs1\sys\public\clntrust.exe" = protocol=17 | dir=in | app=\\fs1\sys\public\clntrust.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0028ED8D-E938-4B81-B636-F20B3207086F}" = ZENworks Desktop Management Agent
"{00933EC6-0582-4597-ADE4-D7565D98BFE6}" = GroupWise
"{03286181-DB93-4998-9B4D-7BE32DCF5E33}" = E-Transcript Bundle Viewer
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{22461A1C-BD68-4D90-9897-1DB146D55ECB}" = LogMeIn
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC0833E-073C-4D5D-A046-74BC32358CB3}" = Novell Messenger
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{55456ADA-1540-491F-8E74-26431C764C0C}" = GroupWise Client - VC Runtimes (release)
"{56BC75EA-B19F-4C14-85B8-3FA61C0C791F}" = NMAS Client
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{8CBFE0AB-3EBF-4103-BA48-59EB4FF66AD1}" = NMAS Challenge Response Method
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{93527A87-1D44-4181-8FE6-37DBB41C685A}" = The Analyzer Workstation
"{97B70991-5002-4241-8B0C-D74B8ADEB2B5}" = BlackBerry Desktop Software 7.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B054F1B-2829-4500-8635-2BE5DB284124}" = LexisNexis TextMap Exhibit Linker
"{AC76BA86-1033-F400-BA7E-000000000004}" = Adobe Acrobat  9 Standard - English, Français, Deutsch
"{AC76BA86-1033-F400-BA7E-000000000004}{AC76BA86-1033-F400-BA7E-000000000004}" = Adobe Acrobat  9 Standard - English, Français, Deutsch
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{C335C87B-2D3E-4CCC-BB4B-CE60617B1A51}" = Symantec Endpoint Protection
"{D8D2AB32-D886-45E1-BEEA-6BE33A81E7BB}" = LexisNexis TextMap Exhibit Linker
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
"{F02DBC5D-33E3-45E9-B0F8-B7745229ED1C}" = NICI (Shared) U.S./Worldwide (128 bit) (2.7.6-1)
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"BlackBerry_Desktop" = BlackBerry Desktop Software 7.1
"Extreme Flash Player" = Extreme Flash Player
"Files Access" = Files Access
"GoToAssist" = GoToAssist Corporate
"HECI" = Intel® Management Engine Interface
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MESOL" = Intel® Active Management Technology
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Novell Client for Windows" = Novell Client for Windows
"Novell iPrint Client" = Novell iPrint Client v05.90.00
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
 
========== Last 20 Event Log Errors ==========
 
[ Symantec Endpoint Protection Client Events ]
Error - 6/6/2013 3:57:53 AM | Computer Name = WSN6 | Source = Symantec Endpoint Protection Client | ID = 16711731
Description =       Security Risk Found!Yontoo in File: c:\users\kavedisian\appdata\roaming\yontoo\dat\healthmonitor.dat
 by: Scheduled scan.  Action: Reboot Required.  Action Description: The file was
 quarantined successfully.
 
Error - 6/6/2013 8:27:03 PM | Computer Name = WSN6 | Source = Symantec Endpoint Protection Client | ID = 16711731
Description =       Security Risk Found!Yontoo in File: C:\Users\KAVEDISIAN\AppData\Roaming\Yontoo\dat\DESKTOP.OS.DLL
 by: Auto-Protect scan.  Action: Quarantine failed : Delete failed.  Action Description:
 Reboot Processing
 
Error - 6/6/2013 8:27:03 PM | Computer Name = WSN6 | Source = Symantec Endpoint Protection Client | ID = 16711731
Description =       Security Risk Found!Yontoo in File: c:\users\kavedisian\appdata\roaming\yontoo\dat\healthmonitor.dat
 by: Scheduled scan.  Action: Quarantine failed : Leave Alone failed.  Action Description:
 Reboot Processing
 
Error - 7/16/2013 3:59:33 AM | Computer Name = WSN6 | Source = Symantec Endpoint Protection Client | ID = 16711731
Description =       Security Risk Found!Yontoo in File: c:\users\kavedisian\appdata\roaming\mozilla\firefox\profiles\u61p5o82.default\extensions\plugin@yontoo.com\content\overlay.js
 by: Scheduled scan.  Action: Reboot Required.  Action Description: The file was
 quarantined successfully.
 
Error - 7/16/2013 1:16:51 PM | Computer Name = WSN6 | Source = Symantec Endpoint Protection Client | ID = 16711731
Description =       Security Risk Found!Yontoo in File: c:\program files\yontoo\y2desktop.updater.exe
 by: Defwatch scan.  Action: Process or service must be halted.  Action Description:
 
 
Error - 7/16/2013 1:17:38 PM | Computer Name = WSN6 | Source = Symantec Endpoint Protection Client | ID = 16711731
Description =       Security Risk Found!Yontoo in File: c:\program files\yontoo\y2desktop.updater.exe
 by: Manual scan.  Action: Reboot Required.  Action Description: The file was quarantined
 successfully.
 
Error - 7/16/2013 7:31:43 PM | Computer Name = WSN6 | Source = Symantec Endpoint Protection Client | ID = 16711731
Description =       Security Risk Found!Yontoo in File: c:\users\kavedisian\appdata\roaming\mozilla\firefox\profiles\u61p5o82.default\extensions\plugin@yontoo.com\content\overlay.js
 by: Scheduled scan.  Action: Quarantine failed : Leave Alone failed.  Action Description:
 Reboot Processing
 
Error - 7/16/2013 7:31:44 PM | Computer Name = WSN6 | Source = Symantec Endpoint Protection Client | ID = 16711731
Description =       Security Risk Found!Yontoo in File: c:\program files\yontoo\y2desktop.updater.exe
 by: Manual scan.  Action: Quarantine failed : Leave Alone failed.  Action Description:
 Reboot Processing
 
Error - 7/23/2013 10:24:25 PM | Computer Name = WSN6 | Source = Symantec Endpoint Protection Client | ID = 16711731
Description =       Security Risk Found!Adware.DomaIQ in File: c:\Users\kavedisian\AppData\Local\Temp\DIQM\Setup_151\Setup_V.179834485a.exe
 by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description:
 The file was quarantined successfully.
 
Error - 8/13/2013 7:53:26 PM | Computer Name = WSN6 | Source = Symantec Endpoint Protection Client | ID = 16711731
Description =       Security Risk Found!Tracking Cookies in File: Cookie:kavedisian@atdmt.com/
 by: Manual scan.  Action: Delete succeeded.  Action Description: The file was deleted
 successfully.
 
[ System Events ]
Error - 8/14/2013 6:58:06 PM | Computer Name = WSN6 | Source = TermDD | ID = 655416
Description =
 
Error - 8/14/2013 6:58:09 PM | Computer Name = WSN6 | Source = UmrdpService | ID = 1107
Description = The printer Adobe PDF (redirected 1) could not be deleted.
 
Error - 8/14/2013 6:58:09 PM | Computer Name = WSN6 | Source = UmrdpService | ID = 1107
Description = The printer Microsoft XPS Document Writer (redirected 1) could not
 be deleted.
 
Error - 8/14/2013 7:00:15 PM | Computer Name = WSN6 | Source = UmrdpService | ID = 1111
Description = Driver Apple Color LW 12/660 PS required for printer Apple_Color_LW_12/660_PS
 is unknown. Contact the administrator to install the driver before you log in again.
 
Error - 8/14/2013 7:00:16 PM | Computer Name = WSN6 | Source = UmrdpService | ID = 1111
Description = Driver Kyocera CS-C2520 NW-FAX required for printer Kyocera CS-C2520
 NW-FAX is unknown. Contact the administrator to install the driver before you log
 in again.
 
Error - 8/14/2013 7:00:17 PM | Computer Name = WSN6 | Source = UmrdpService | ID = 1111
Description = Driver Kyocera Mita FS-4000DN KX required for printer Kyocera Mita
 FS-4000DN KX is unknown. Contact the administrator to install the driver before
 you log in again.
 
Error - 8/14/2013 7:00:18 PM | Computer Name = WSN6 | Source = UmrdpService | ID = 1111
Description = Driver Kyocera TASKalfa 520i NW-FAX required for printer Kyocera TASKalfa
 520i NW-FAX is unknown. Contact the administrator to install the driver before
you log in again.
 
Error - 8/14/2013 7:00:18 PM | Computer Name = WSN6 | Source = UmrdpService | ID = 1111
Description = Driver Microsoft Office Document Image Writer Driver required for
printer Microsoft Office Document Image Writer is unknown. Contact the administrator
 to install the driver before you log in again.
 
Error - 8/14/2013 7:00:21 PM | Computer Name = WSN6 | Source = UmrdpService | ID = 1111
Description = Driver WebEx Document Loader required for printer WebEx Document Loader
 is unknown. Contact the administrator to install the driver before you log in again.
 
Error - 8/14/2013 7:00:22 PM | Computer Name = WSN6 | Source = UmrdpService | ID = 1111
Description = Driver Xerox WorkCentre Pro 428 PCL 6 required for printer Xerox WorkCentre
 Pro 428 is unknown. Contact the administrator to install the driver before you
log in again.
 
 
< End of report >
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users