Inactive [A] win32/Small.CA virus

Status
Not open for further replies.
Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

======================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
ComboFix 13-01-17.04 - moradm 01/18/2013 20:14:34.2.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8126.5497 [GMT -6:00]
Running from: c:\users\moradm\Downloads\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Symantec Endpoint Protection *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Symantec Endpoint Protection *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\LAEA1BC.tmp
c:\windows\TEMP\LAEA1D3.tmp
c:\windows\TEMP\LAEA216.tmp
c:\windows\TEMP\LAEA338.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-12-19 to 2013-01-19 )))))))))))))))))))))))))))))))
.
.
2013-01-19 02:20 . 2013-01-19 02:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-19 01:35 . 2013-01-19 01:35 -------- d-----w- c:\users\TEMP
2013-01-18 21:32 . 2013-01-18 21:32 -------- d-----w- c:\program files (x86)\ESET
2013-01-18 17:43 . 2013-01-18 17:44 -------- d-----w- c:\program files (x86)\DataSorption
2013-01-18 17:42 . 2013-01-18 21:21 -------- d-----w- c:\users\moradm\AppData\Local\Coupon Companion Plugin
2013-01-18 06:28 . 2013-01-18 06:28 -------- d-----w- c:\users\moradm\AppData\Roaming\Curiolab
2013-01-17 20:21 . 2013-01-17 20:23 110080 ----a-r- c:\users\moradm\AppData\Roaming\Microsoft\Installer\{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}\IconF7A21AF7.exe
2013-01-17 20:21 . 2013-01-17 20:23 110080 ----a-r- c:\users\moradm\AppData\Roaming\Microsoft\Installer\{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}\IconD7F16134.exe
2013-01-17 20:21 . 2013-01-17 20:23 110080 ----a-r- c:\users\moradm\AppData\Roaming\Microsoft\Installer\{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}\Icon1226A4C5.exe
2013-01-17 20:20 . 2013-01-17 20:51 -------- d-----w- c:\windows\83B952C7F8F34CA3B4C533C85B24E478.TMP
2013-01-17 17:57 . 2013-01-17 17:57 -------- d-----w- c:\users\moradm\AppData\Local\Programs
2013-01-08 19:55 . 2013-01-08 19:55 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 19:20 . 2012-08-08 14:17 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 19:20 . 2012-01-04 21:52 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-08 16:53 . 2012-11-12 19:39 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-01-08 16:52 . 2012-11-12 19:38 42632 ----a-w- c:\windows\system32\drivers\WGX64.SYS
2013-01-08 16:52 . 2012-11-12 19:38 288176 ----a-w- c:\windows\system32\SymVPN.dll
2013-01-08 16:52 . 2012-11-12 19:38 81840 ----a-w- c:\windows\system32\FwsVpn.dll
2013-01-08 16:52 . 2012-11-12 19:38 119816 ----a-w- c:\windows\system32\drivers\SysPlant.sys
2012-12-14 22:49 . 2012-09-20 23:10 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-12 19:38 . 2012-11-12 19:38 58288 ----a-w- c:\windows\SysWow64\snacnp.dll
2012-11-12 19:38 . 2012-11-12 19:38 58288 ----a-w- c:\windows\system32\snacnp.dll
2012-11-12 19:38 . 2012-11-12 19:38 519600 ----a-w- c:\windows\system32\sysfer.dll
2012-11-12 19:38 . 2012-11-12 19:38 380848 ----a-w- c:\windows\SysWow64\sysfer.dll
2012-11-12 19:38 . 2012-11-12 19:38 11184 ----a-w- c:\windows\system32\sysferThunk.dll
2012-11-12 19:38 . 2012-11-12 19:38 10672 ----a-w- c:\windows\SysWow64\sysferThunk.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Adobe Reader Synchronizer"="c:\program files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe" [2012-12-18 1264360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-02-01 656920]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2011-01-28 299576]
"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2011-02-07 12274688]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-26 283160]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-28 336384]
"DTRun"="c:\program files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe" [2010-11-24 517456]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-04-05 94264]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-02-11 76344]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2011-04-25 305088]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"DameWare MRC Agent"="c:\windows\SysWOW64\DWRCST.exe" [2009-02-04 78848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableInstallerDetection"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInplaceSharing"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2011-02-03 22:09 75360 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 EaseUS Agent;EaseUS Agent Service;c:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe [2012-06-15 70280]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-08 160944]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [2011-02-07 63336]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-08-01 52584]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-03-03 13088]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe [2011-02-03 464480]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-01-31 174168]
R3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\DRIVERS\AE1200w764.sys [2011-03-30 1254464]
R3 lpasvc;Microsoft Policy Platform Local Authority;c:\program files\Microsoft Policy Platform\policyHost.exe [2011-12-06 50472]
R3 lppsvc;Microsoft Policy Platform Processor;c:\program files\Microsoft Policy Platform\policyHost.exe [2011-12-06 50472]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 rzjoystk;Razer VJoystick;c:\windows\system32\DRIVERS\rzjoystk.sys [2011-03-24 19968]
R3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [2011-07-14 157184]
R3 SyDvCtrl;SyDvCtrl;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\SyDvCtrl64.sys [2012-10-08 29664]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-04 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R4 Guard Agent;Guard Agent Service;c:\program files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [2012-05-03 24712]
R4 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;c:\program files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [2011-02-09 1318912]
R4 XobniService;XobniService;c:\program files (x86)\Xobni\XobniService.exe [2011-03-07 62184]
S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2012-05-03 58504]
S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2012-05-03 48776]
S0 MfeEpePc;MfeEpePc; [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\Drivers\SEP\0C01044D\0191.105\x64\SYMDS64.SYS [2012-10-08 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\Drivers\SEP\0C01044D\0191.105\x64\SYMEFA64.SYS [2012-10-08 932472]
S1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [2010-07-07 136192]
S1 BHDrvx64;BHDrvx64;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\BASHDefs\20130107.011\BHDrvx64.sys [2012-11-14 1384608]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2011-04-25 87600]
S1 dwvkbd;DameWare Virtual Keyboard 64 bit Driver;c:\windows\system32\DRIVERS\dwvkbd64.sys [2007-02-15 30720]
S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2012-05-03 19592]
S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2012-05-03 189576]
S1 IDSVia64;IDSVia64;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\IPSDefs\20130117.011\IDSvia64.sys [2012-11-13 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\Drivers\SEP\0C01044D\0191.105\x64\Ironx64.SYS [2012-10-08 171128]
S1 SYMNETS;Symantec Network Security WFP Driver;c:\windows\system32\Drivers\SEP\0C01044D\0191.105\x64\SYMNETS.SYS [2012-10-08 386168]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-03-28 203264]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-01-07 138400]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-01-07 53920]
S2 CmRcService;Configuration Manager Remote Control;c:\windows\CCM\RemCtrl\CmRcService.exe [2012-02-20 605040]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2011-01-27 131128]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [2011-01-28 133688]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2011-02-07 320000]
S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [2011-01-28 281656]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-01-26 30520]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-26 13336]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2010-11-29 210896]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-02-01 1127448]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-01-18 113264]
S2 SepMasterService;Symantec Endpoint Protection;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\ccSvcHst.exe [2012-10-08 137208]
S2 TIRmtSvc;Track-It! Workstation Manager;c:\windows\TIREMOTE\TIRemoteService.exe [2012-05-04 210944]
S2 uArcCapture;ArcCapture;c:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [2010-11-11 502464]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-01-17 2656280]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2011-01-22 3154224]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-01-10 603896]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [2010-11-11 32192]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-01-07 36000]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-01-07 298144]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-01-07 28832]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-01-07 201376]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-01-07 55456]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-01-07 154272]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-01-07 279200]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-10-08 138912]
S3 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2011-01-12 36864]
S3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-04-05 1094712]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-01-27 12273408]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-11-30 406632]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-08 19:20]
.
2012-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-131294493-1449412943-965413785-16775Core.job
- c:\users\moradm\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-10 22:42]
.
2012-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-131294493-1449412943-965413785-16775UA.job
- c:\users\moradm\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-10 22:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2011-01-27 13880]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-01-07 615584]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-01-07 379040]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-27 167960]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-27 418328]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-27 835072]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://prod.campuscruiser.com/eicc/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: C&all - c:\program files (x86)\Cisco Systems\Unified Personal Communicator\add-ins\internet-explorer\iecontextmenu-call.htm
IE: Call with &Edit... - c:\program files (x86)\Cisco Systems\Unified Personal Communicator\add-ins\internet-explorer\iecontextmenu-edit-and-call.htm
IE: Convert link target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: eicc.edu\myeiccd
Trusted Zone: eiccd-sccm01
TCP: DhcpNameServer = 97.64.183.164 97.64.209.37 192.168.1.1
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://webvpn.eiccd.net/CACHE/stc/1/binaries/vpnweb.cab
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Notify-SEP - c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\WinLogoutNotifier.dll
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{E02FBF01-0DE3-4BCB-89E8-D300FEFC3289} - c:\program files (x86)\InstallShield Installation Information\{E02FBF01-0DE3-4BCB-89E8-D300FEFC3289}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SepMasterService]
"ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\sms.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SmcService]
"ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\Smc.exe\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-01-18 20:22:28
ComboFix-quarantined-files.txt 2013-01-19 02:22
ComboFix2.txt 2013-01-18 20:38
.
Pre-Run: 515,042,541,568 bytes free
Post-Run: 514,657,882,112 bytes free
.
- - End Of File - - A6C55405FBF05BA5E2EE82549A9F2119
 
Looks good.

How is computer doing?

=====================

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

=========================

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

==========================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
No just tells me to remove it.

# AdwCleaner v2.106 - Logfile created 01/18/2013 at 20:42:27
# Updated 17/01/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : moradm - KDOLCNU13000JF
# Boot Mode : Normal
# Running from : C:\Users\moradm\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\OApps
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\Users\moradm\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\moradm\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Registry is clean.

-\\ Google Chrome v24.0.1312.52

File : C:\Users\moradm\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1563 octets] - [18/01/2013 20:40:27]
AdwCleaner[S1].txt - [1520 octets] - [18/01/2013 20:42:27]

########## EOF - C:\AdwCleaner[S1].txt - [1580 octets] ##########
 
# AdwCleaner v2.106 - Logfile created 01/18/2013 at 20:40:27
# Updated 17/01/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : moradm - KDOLCNU13000JF
# Boot Mode : Normal
# Running from : C:\Users\moradm\Desktop\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
Folder Found : C:\Program Files (x86)\OApps
Folder Found : C:\ProgramData\blekko toolbars
Folder Found : C:\Users\moradm\AppData\LocalLow\Conduit
Folder Found : C:\Users\moradm\AppData\Roaming\OpenCandy
***** [Registry] *****
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16455
[OK] Registry is clean.
-\\ Google Chrome v24.0.1312.52
File : C:\Users\moradm\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [1436 octets] - [18/01/2013 20:40:27]
########## EOF - C:\AdwCleaner[R1].txt - [1496 octets] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.4.4 (01.17.2013:1)
OS: Windows 7 Professional x64
Ran by moradm on Fri 01/18/2013 at 20:58:59.66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 01/18/2013 at 21:09:08.47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
OTL Extras logfile created on: 1/18/2013 9:15:51 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\moradm\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.94 Gb Total Physical Memory | 5.40 Gb Available Physical Memory | 68.03% Memory free
15.87 Gb Paging File | 12.67 Gb Available in Paging File | 79.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.48 Gb Total Space | 479.32 Gb Free Space | 80.36% Space Free | Partition Type: NTFS
Drive E: | 16.87 Gb Total Space | 2.55 Gb Free Space | 15.15% Space Free | Partition Type: NTFS
Drive F: | 4.98 Gb Total Space | 2.13 Gb Free Space | 42.68% Space Free | Partition Type: FAT32
Drive H: | 80.00 Gb Total Space | 77.82 Gb Free Space | 97.28% Space Free | Partition Type: NTFS

Computer Name: KDOLCNU13000JF | User Name: moradm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings]
"Enabled" = 1
"RemoteAddresses" = *

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" = *

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings]
"Enabled" = 1
"RemoteAddresses" = *

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" = *

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BB7BEF4-6A08-48EF-A3EC-050E39DB093B}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{0DE68BF4-A9B5-4A99-8F3B-03674E6DF212}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2D0A448E-9EA5-44F6-BEF3-C2F82362D4C6}" = lport=6129 | protocol=6 | dir=in | name=dameware mini remote control service |
"{3695F97C-237E-4EDB-A659-DB8D6306960D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{4D420837-2ACE-4EAF-82D6-BF0CB22357DF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{59C02012-300E-4681-86E6-99BDB240622B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{81D87C64-2FB0-4885-A6C2-9CAFB8861D52}" = lport=6129 | protocol=6 | dir=in | name=dameware mini remote control service |
"{899D6CED-26C1-415F-830E-5BF785CD9D8F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{9C9296A9-957A-4B6B-A64E-519BF3759919}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A81A1D31-5522-43C1-A63E-2132EE2BF8D8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B9BC0CD0-4A17-4DDB-9DEA-D96AA2B7845C}" = lport=2701 | protocol=6 | dir=in | app=c:\windows\ccm\remctrl\cmrcservice.exe |
"{BDFC1E28-7ABB-4124-8D73-981B3BDCE6FB}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C4D96ED2-F478-4969-8831-99C20AC2F8D0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D12F8974-1CEF-4167-8DAC-BE55B51FDC44}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DD353AEC-C2C5-4491-A34A-DA05CEBEB708}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03770006-AB29-43FC-AE5B-E9F7BFF5E3EE}" = protocol=17 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\tbservice.exe |
"{0EFB0269-2194-4D2B-9920-0D48CEA592E7}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\12.1.1101.401.105\bin64\snac64.exe |
"{26D3404C-1193-4A81-874E-A658D834F2EE}" = protocol=6 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\tbservice.exe |
"{38446680-86DB-4424-BB3C-CC52B6DE1B06}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{516E433F-1A17-48C1-88BC-2FA1A2552401}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\12.1.1101.401.105\bin64\smc.exe |
"{56593BBF-18ED-4299-AAE4-88D9520E7078}" = protocol=6 | dir=in | app=c:\windows\tiremote\tiremoteservice.exe |
"{5EDF767F-7780-4367-A20B-8A99B3282EF7}" = protocol=6 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\tbconsoleui.exe |
"{67871E96-B2A9-4BCA-BDE0-6CE479613132}" = protocol=6 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\agent.exe |
"{69A38363-7B5F-4178-93EF-AC1FC913A504}" = protocol=17 | dir=in | app=c:\program files (x86)\cisco systems\unified personal communicator\cupc.exe |
"{7EE5D1A5-63E6-4E69-BC25-2D7500764A19}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\12.1.1101.401.105\bin64\smc.exe |
"{84E26FFD-3644-4D08-887E-063886642942}" = protocol=17 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\tbconsoleui.exe |
"{8F74DF19-EF30-459C-B41C-3140F3A01159}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{8FED4EA5-8699-4FF3-B6A2-76C190DCF990}" = protocol=17 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\agent.exe |
"{9C4B02DC-E499-402E-93FB-C6A5FEB0B2BE}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\cisco systems\client services framework\cucsf.exe |
"{9DBED4D3-3EFC-439C-B89C-0834B435AFA1}" = protocol=6 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\agent.exe |
"{A3BDC87F-0089-4E0E-86CA-D4963B92BC44}" = protocol=17 | dir=in | app=c:\windows\tiremote\tiremoteservice.exe |
"{A8A20975-5B5D-43CB-9649-E404A89FA645}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{AD73D972-56DB-4F4A-A6C2-BEDB0919A89B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B7AE0454-3F5D-4FF0-BBDB-F08C73108AA4}" = protocol=17 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\agent.exe |
"{CBAC4106-A9EB-40A2-B039-972809A599C9}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\cisco systems\client services framework\cucsf.exe |
"{CCFBD220-8BF0-43D4-ABD0-1608988D4A44}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\12.1.1101.401.105\bin64\snac64.exe |
"{D7C0AE85-D82E-457A-8329-C6AEB42D203C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DF169A9E-7F66-4931-A127-815F04048E32}" = protocol=6 | dir=in | app=c:\program files (x86)\cisco systems\unified personal communicator\cupc.exe |
"{EA8707FF-EA26-40D4-A9C8-3ECD6A21F44F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{376CBB7C-A86E-400D-8702-ABA2EFDE35D7}" = Microsoft Policy Platform
"{3D8EDF72-13CC-4E51-AAB6-32A20524D2E0}" = HP Power Assistant
"{422BA615-2133-4DC0-8673-09C8CC7557F2}" = HP ProtectTools Security Manager
"{483D5A49-A26B-4CB8-AA2D-0D1811322061}" = HP DayStarter
"{4ADBF5BE-7CAF-4193-A1F9-DE6820E68569}" = Symantec Endpoint Protection
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{542DDF04-9F91-4F36-B2F4-2638B788A4C8}" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
"{555ECC75-AB3B-6434-8900-2BBA4F91F107}" = ccc-utility64
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{63E42DE7-C468-31B0-E373-173C67C87B88}" = ATI Catalyst Install Manager
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{781F8685-FF55-4D1C-9FC5-797160E418B2}" = Configuration Manager Client
"{7D1C63D1-6520-49DA-B738-958133526E80}" = HP HotKey Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{83DA38AB-1014-41C2-A3CD-E2B93832A71A}" = HP 3D DriveGuard
"{8A0041CD-277C-4C1F-BFE4-7AC508B20B4C}" = Drive Encryption For HP ProtectTools
"{8C5C34C7-BC6B-4831-8B2C-6535FE63E502}" = SpyHunter
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ACA53F68-B003-4D0E-9C3D-0C4EE09D08A8}" = Privacy Manager for HP ProtectTools
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D3A775F2-2674-4452-8D80-1FC1446052EE}" = Face Recognition for HP ProtectTools
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FB06FBC7-3CE3-50D9-1803-CC28E5ADF780}" = WMV9/VC-1 Video Playback
"{FFC3E41D-2C2B-45B7-9AD9-5EA19572DD26}" = Validity Fingerprint Sensor Driver
"CutePDF Writer Installation" = CutePDF Writer 2.8
"HDD Unlock Wizard_is1" = HDD Unlock Wizard v4.2
"HPProtectTools" = HP ProtectTools Security Manager
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03046EBB-CB7C-4B98-BEFB-690EB955DA22}" = HP Setup
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{059FC833-447B-45E8-BA27-0189C4DC2D88}" = Cisco AnyConnect VPN Client
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08F10409-00BB-8843-4813-37FDDD972CB1}" = CCC Help Chinese Standard
"{08FB6F00-7D8D-5474-B70D-607638405BEB}" = CCC Help Korean
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}" = HP Wallpaper
"{12379137-5A34-8311-A00C-4571E468F507}" = CCC Help Polish
"{1392513C-F92A-2893-E263-071E943CB4B8}" = Catalyst Control Center InstallProxy
"{1529490E-DC67-A7DA-E7FE-789B929E67F0}" = CCC Help Norwegian
"{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}" = ArcSoft Webcam Sharing Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20976B1F-E910-404D-9261-C16EE7E12DC8}" = HP QuickWeb
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2C43790E-8470-1027-82D3-DF319F3C410F}" = Intel(R) Identity Protection Technology 1.0.71.0
"{2E07A6AE-C2EC-05DB-8344-B562E5D9E341}" = CCC Help Swedish
"{344A1AA2-AC8E-4741-BDB0-65B68FDA883C}" = HP SoftPaq Download Manager
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{39B3184E-0BFB-40FA-ADDC-E7E2D535CDA9}" = Controle ActiveX do Windows Live Mesh para Conexões Remotas
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E918CE9-BDA6-282D-0E19-E11DF8004ABE}" = CCC Help Thai
"{4114A073-7385-4742-8A5E-A5788FAC838F}" = ArcSoft TotalMedia
"{4441B01C-0AF2-6EE7-CDB3-AD0DB41E7147}" = CCC Help Hungarian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B21E4B2-89B8-499D-803A-34ABF929401E}" = HP Connection Manager
"{531000B3-DBEE-4115-BBF3-DA48B67C053F}" = HP Software Setup
"{54C65FE7-83BD-4A5B-A9B4-41F793C5F241}" = HP System Default Settings
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{668643A5-48DD-B0E9-62E1-1FDA18D54F66}" = CCC Help Finnish
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{69EA3784-E961-76A2-6C11-7B83AA50E56A}" = CCC Help Czech
"{6A9C9BE1-14A3-42ED-A388-42E30A1412E9}" = HP Documentation
"{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}" = File Sanitizer For HP ProtectTools
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71543470-E3F8-6A06-08C8-783CD286D2BA}" = CCC Help German
"{7170F93F-6B61-4DC1-A664-0E222744CEC7}" = Citrix online plug-in (DV)
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{737DCE46-824C-40BA-8776-81D9D1DB04AB}" = Catalyst Control Center - Branding
"{76BAC71B-00A7-BBFA-5DAE-EEB0DF9F4098}" = CCC Help English
"{76C064E2-BB99-4453-8FDA-42BC01AD0734}" = Control ActiveX del Windows Live Mesh per a connexions remotes
"{7BA6DF02-B094-45D7-A3C9-BE3684253922}" = Urruneko konexioetarako Windows Live Mesh ActiveX kontrola
"{7CF1347C-61F6-C495-127C-912FD6CB432D}" = CCC Help Japanese
"{80C45B94-2BA0-8E23-95A7-8A9FCD836EFD}" = PX Profile Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85BE1D9F-FC67-E84E-F73A-BC7125E3B717}" = CCC Help Portuguese
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DC069E7-893C-41E1-9442-DE89FEC33371}" = Xobni Core
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95140000-007A-0403-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007A-042D-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1EFCBD2-B171-E24D-FAD2-4E711A312DEF}" = CCC Help Danish
"{A7FE99B6-E077-4F52-BC6A-E24C338F3C23}" = Crystal Reports XI Release 2 .NET 2005 Server
"{AB9F8790-4ECB-1BFA-1B80-21DCD40664C3}" = CCC Help Greek
"{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro
"{AC76BA86-1033-0000-7760-000000000004}{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.5)
"{ADC70B7A-530B-46E3-8384-48D22681A41E}" = Theft Recovery for HP ProtectTools
"{AE66F944-596A-4D09-9A1C-DAF3DE836991}" = Citrix online plug-in (HDX)
"{AE6BF609-EF6A-8764-85EE-6CC65602D88E}" = CCC Help Chinese Traditional
"{B26B64E8-DB83-7904-2DF9-F92A7ABC14D9}" = Catalyst Control Center Localization All
"{B3E31950-C92F-BCD9-963D-A520887A262A}" = CCC Help Turkish
"{B7F60A16-7A7B-41FB-9AE3-DE9E324FBA06}" = HP Software Framework
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{BE211EBE-AC92-515C-D122-A9DD0BC9FFA9}" = Catalyst Control Center
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C6CD49BC-E6A5-F247-0489-F3188F300A8E}" = Catalyst Control Center Profiles Mobile
"{C7C60D93-E5B7-82D7-44A4-E3EE404B56A3}" = CCC Help Dutch
"{CBD548E9-E421-7B51-5732-2F63B37589E2}" = CCC Help French
"{CFC1988A-F492-4BC5-B6F7-683A95718AE9}" = HP ESU for Microsoft Windows 7
"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"{D641760F-FE66-4655-99B9-59A451F2FFAB}" = Citrix online plug-in (USB)
"{D7922D23-642E-0649-A3C9-38F9E0FA263E}" = CCC Help Russian
"{DF2035BE-5820-4965-BD97-7FAF8D4A7879}" = Microsoft_VC90_CRT_x86
"{DF63FA79-75AE-45D6-715E-81E92F134702}" = CCC Help Italian
"{E02FBF01-0DE3-4BCB-89E8-D300FEFC3289}" = HP Support Assistant
"{E2531547-0789-690E-9F12-3EDBDBC64DA8}" = CCC Help Spanish
"{E2F7F731-1A21-4AFE-8B8B-1B6FAD3ACDAE}" = Cisco Unified Personal Communicator
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{EA98753C-CB1C-4216-AC09-7EC3D3F62BAF}" = DameWare NT Utilities
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F07E6C5F-6AE1-72B3-8659-08E2ABB86DF8}" = Catalyst Control Center Graphics Previews Common
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.2
"{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver
"{F9F0C5D5-AAE5-45FA-95C2-CA1EE0FA067A}" = Citrix online plug-in (Web)
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ArcSoft TotalMedia" = ArcSoft TotalMedia
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"EASEUS Partition Master Technician Edition_is1" = EASEUS Partition Master 9.1.0 Technician Edition
"EMCO Remote Desktop Professional_is1" = EMCO Remote Desktop Professional
"ESET Online Scanner" = ESET Online Scanner v3
"ExamView Player" = ExamView Player
"ExamView Pro" = ExamView Assessment Suite
"FUSION WOL_is1" = FUSION WOL v1.0
"ImgBurn" = ImgBurn
"InstallShield_{ADC70B7A-530B-46E3-8384-48D22681A41E}" = Theft Recovery for HP ProtectTools
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"McGraw-Hill EZ Test" = McGraw-Hill EZ Test
"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"My HP Game Console" = HP Game Console
"Notepad++" = Notepad++
"Numara Track-It! Agent" = Numara Track-It! 10.5 Agent
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PDF Complete" = PDF Complete Special Edition
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"SMS Admin UI" = Microsoft System Center Configuration Manager 2007 Console
"VIP Access SDK" = VIP Access SDK x64(1.0.0.50)
"WildTangent hp Master Uninstall" = HP Games
"WT087330" = Bounce Symphony
"WT087361" = FATE
"WT087380" = John Deere Drive Green
"WT087394" = Penguins!
"WT087396" = Polar Bowler
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087480" = Insaniquarium Deluxe
"WT087485" = Jewel Quest II
"WT087490" = Jewel Quest Solitaire
"WT087501" = Plants vs. Zombies
"WT087510" = Slingo Deluxe
"WT087513" = Virtual Villagers - The Secret City
"WT087519" = Wedding Dash
"WT087533" = Zuma Deluxe
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089303" = Build-a-Lot - The Elizabethan Era
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"XobniMain" = Xobni

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-131294493-1449412943-965413785-16775\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"889bab5aedeb1341" = Numara Track-It! Technician Client
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/18/2013 11:12:30 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16455 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 12a0 Start
Time: 01cdf5f2937a5636 Termination Time: 10 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id:

[ Cisco AnyConnect VPN Client Events ]
Error - 1/18/2013 3:58:25 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = vpnagent | ID = 67108866
Description = Function: CHttpSessionAsync::OnTransportInitiateComplete File: .\IP\HttpSessionAsync.cpp
Line:
1002 Invoked Function: ISocketTransportCB::OnTransportInitiateComplete Return Code:
-31522804 (0xFE1F000C) Description: SOCKETTRANSPORT_ERROR_CONNECT

Error - 1/18/2013 3:58:25 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = vpnagent | ID = 67108866
Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp
Line:
254 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31522804
(0xFE1F000C) Description: SOCKETTRANSPORT_ERROR_CONNECT

Error - 1/18/2013 3:58:25 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = vpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
1236 Invoked Function: CSocketTransport::postConnectProcessing Return Code: -31522804
(0xFE1F000C) Description: SOCKETTRANSPORT_ERROR_CONNECT

Error - 1/18/2013 3:58:26 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = vpnagent | ID = 67108866
Description = Function: CSocketTransport::postConnectProcessing File: .\IPC\SocketTransport.cpp
Line:
1337 Invoked Function: ::WSAConnect Return Code: 10061 (0x0000274D) Description: No
connection could be made because the target machine actively refused it.

Error - 1/18/2013 3:58:26 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = vpnagent | ID = 67108866
Description = Function: CHttpSessionAsync::OnTransportInitiateComplete File: .\IP\HttpSessionAsync.cpp
Line:
1002 Invoked Function: ISocketTransportCB::OnTransportInitiateComplete Return Code:
-31522804 (0xFE1F000C) Description: SOCKETTRANSPORT_ERROR_CONNECT

Error - 1/18/2013 3:58:26 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = vpnagent | ID = 67108866
Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp
Line:
254 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31522804
(0xFE1F000C) Description: SOCKETTRANSPORT_ERROR_CONNECT

Error - 1/18/2013 3:58:26 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = vpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
1236 Invoked Function: CSocketTransport::postConnectProcessing Return Code: -31522804
(0xFE1F000C) Description: SOCKETTRANSPORT_ERROR_CONNECT

Error - 1/18/2013 3:58:26 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestAccessToSG File: .\NetEnvironment.cpp
Line:
1020 Invoked Function: CNetEnvironment::analyzeHttpResponse Return Code: -28901363
(0xFE47000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could
not contact target

Error - 1/18/2013 3:58:26 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
856 Invoked Function: CNetEnvironment::IsSGAccessible Return Code: -28901363 (0xFE47000D)
Description:
NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target

Error - 1/18/2013 3:58:26 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line:
190 Invoked Function: CNetEnvironment::testNetwork Return Code: -28901363 (0xFE47000D)
Description:
NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target

[ Hewlett-Packard Events ]
Error - 3/22/2012 10:11:14 AM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\031222091111.xml
File not created by asset agent

Error - 4/4/2012 6:35:52 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\041204053549.xml
File not created by asset agent

Error - 8/16/2012 10:14:24 AM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\081216091421.xml
File not created by asset agent

Error - 11/14/2012 7:13:37 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\111214051334.xml
File not created by asset agent

Error - 11/14/2012 7:13:39 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\111214051337.xml
File not created by asset agent

Error - 11/29/2012 12:23:36 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = Hewlett-Packard | ID = 0
Description = en-US Object reference not set to an instance of an object. Configurator

at Configurator.ConfiguratorClass.loadXML() at Configurator.ConfiguratorClass..ctor(Boolean
loadxml) at HPSFConfigReader.ConfigHelper..ctor() at HPAssistant.csSettings.loadApplicationResources(Boolean
isOnAppLoad)

Error - 12/6/2012 11:02:28 AM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\121206090225.xml
File not created by asset agent

[ HP Connection Manager Events ]
Error - 9/20/2012 6:59:13 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = hpMobile | ID = 5
Description = 2012/09/20 17:59:13.254|00000B50|Error |[HP.Mobile]Lan::.ctor{}|Value
cannot be null. Parameter name: o

Error - 9/20/2012 9:07:08 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = hpCMSrv | ID = 5
Description = 2012/09/20 20:07:08.121|00001F1C|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 9/20/2012 9:07:08 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = hpCMSrv | ID = 5
Description = 2012/09/20 20:07:08.121|00001F1C|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 9/20/2012 9:07:08 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = hpCMSrv | ID = 5
Description = 2012/09/20 20:07:08.121|00001F1C|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 9/20/2012 9:07:08 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = hpCMSrv | ID = 5
Description = 2012/09/20 20:07:08.121|00001F1C|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 9/20/2012 9:07:08 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = hpCMSrv | ID = 5
Description = 2012/09/20 20:07:08.121|00001F1C|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 9/20/2012 9:07:08 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = hpCMSrv | ID = 5
Description = 2012/09/20 20:07:08.121|00001F1C|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 9/20/2012 9:07:08 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = hpCMSrv | ID = 5
Description = 2012/09/20 20:07:08.121|00001F1C|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 9/20/2012 9:07:08 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = hpCMSrv | ID = 5
Description = 2012/09/20 20:07:08.121|00001F1C|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 9/20/2012 9:07:08 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = hpCMSrv | ID = 5
Description = 2012/09/20 20:07:08.121|00001F1C|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

[ HP Power Assistant Events ]
Error - 11/15/2012 8:33:40 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = HP PA Service | ID = 1006
Description = The Power Assistant service has crashed due to an unhandled exception.
Please
restart HP Power Assistant application. Additional details may be available in the
Details section. DETAILS Exception has been thrown by the target of an invocation.ServiceWorkerMethod
ABORTED! -

Error - 11/15/2012 8:33:40 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = HP PA Application | ID = 1001
Description = An error occurred in HP Power Assistant application. Please restart
HP Power Assistant application. Additional details may be available in the Details
section. DETAILS The remote procedure call failed and did not execute.

Error - 11/15/2012 8:34:04 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = HP PA Service | ID = 1027
Description = An error occured in HP Power Assistant application, module [HPPA_Service].
Please
restart HP Power Assistant application. Additional details may be available in the
Details section. DETAILS The type initializer for 'hpCasl.Command' threw an exception.

Error - 11/15/2012 8:34:04 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = HP PA Service | ID = 1027
Description = An error occured in HP Power Assistant application, module [HPPA_Service].
Please
restart HP Power Assistant application. Additional details may be available in the
Details section. DETAILS The type initializer for 'hpCasl.Command' threw an exception.

Error - 11/15/2012 8:34:04 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = HP PA Service | ID = 1006
Description = The Power Assistant service has crashed due to an unhandled exception.
Please
restart HP Power Assistant application. Additional details may be available in the
Details section. DETAILS Exception has been thrown by the target of an invocation.ServiceWorkerMethod
ABORTED! -

Error - 1/10/2013 11:34:16 AM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = HP PA Application | ID = 1001
Description = An error occurred in HP Power Assistant application. Please restart
HP Power Assistant application. Additional details may be available in the Details
section. DETAILS The handle is invalid.

Error - 1/16/2013 1:50:39 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = HP PA Service | ID = 1027
Description = An error occured in HP Power Assistant application, module [HPPA_Service].
Please
restart HP Power Assistant application. Additional details may be available in the
Details section. DETAILS The type initializer for 'hpCasl.Command' threw an exception.

Error - 1/16/2013 1:50:39 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = HP PA Service | ID = 1027
Description = An error occured in HP Power Assistant application, module [HPPA_Service].
Please
restart HP Power Assistant application. Additional details may be available in the
Details section. DETAILS The type initializer for 'hpCasl.Command' threw an exception.

Error - 1/16/2013 1:50:40 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = HP PA Service | ID = 1006
Description = The Power Assistant service has crashed due to an unhandled exception.
Please
restart HP Power Assistant application. Additional details may be available in the
Details section. DETAILS Exception has been thrown by the target of an invocation.ServiceWorkerMethod
ABORTED! -

Error - 1/16/2013 1:50:42 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = HP PA Application | ID = 1001
Description = An error occurred in HP Power Assistant application. Please restart
HP Power Assistant application. Additional details may be available in the Details
section. DETAILS The handle is invalid.

[ Symantec Endpoint Protection Client Events ]
Error - 11/12/2012 3:46:16 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = Symantec Endpoint Protection Client | ID = 16711731
Description = Security Risk Found!CainAbel in File: c:\program files (x86)\cain\winrtgen\lm_all-space#1-7_0_2400x40000000_oxid#000.rt
by: Scheduled scan. Action: Quarantine succeeded. Action Description: The file
was quarantined successfully.

Error - 11/12/2012 5:18:19 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = Symantec Endpoint Protection Client | ID = 16711731
Description = Security Risk Found!Hosts File Change in File: c:\windows\system32\svchost.exe
by: SONAR scan. Action: . Action Description: Access Denied

Error - 11/13/2012 1:52:09 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = Symantec Endpoint Protection Client | ID = 16711731
Description = Security Risk Found!Hosts File Change in File: c:\windows\system32\svchost.exe
by: SONAR scan. Action: . Action Description: Access Denied

Error - 11/13/2012 6:08:41 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = Symantec Endpoint Protection Client | ID = 16711731
Description = Security Risk Found!Hosts File Change in File: c:\windows\system32\svchost.exe
by: SONAR scan. Action: . Action Description: Access Denied

Error - 11/14/2012 10:56:35 AM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = Symantec Endpoint Protection Client | ID = 16711731
Description = Security Risk Found!Hosts File Change in File: c:\windows\system32\svchost.exe
by: SONAR scan. Action: . Action Description: Access Denied

Error - 1/18/2013 12:01:49 AM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = Symantec Endpoint Protection Client | ID = 16711753
Description = SONAR has generated an error: code 1: description: Heuristic Scan
or Load Failure

Error - 1/18/2013 1:43:26 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = Symantec Endpoint Protection Client | ID = 16711731
Description = Security Risk Found!SecurityRisk.Downldr in File: C:\Users\moradm\AppData\Local\Updater21804\Updater21804.exe
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 1/18/2013 3:07:01 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = Symantec Endpoint Protection Client | ID = 16711731
Description = Security Risk Found!SecurityRisk.Downldr in File: C:\Users\moradm\AppData\Local\Updater21804\Updater21804.exe
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 1/18/2013 10:56:34 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = Symantec Endpoint Protection Client | ID = 16711731
Description = Security Risk Found!WS.Reputation.1 in File: C:\Users\moradm\Desktop\JRT.exe
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.


< End of report >
 
OTL logfile created on: 1/18/2013 9:15:51 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\moradm\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.94 Gb Total Physical Memory | 5.40 Gb Available Physical Memory | 68.03% Memory free
15.87 Gb Paging File | 12.67 Gb Available in Paging File | 79.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.48 Gb Total Space | 479.32 Gb Free Space | 80.36% Space Free | Partition Type: NTFS
Drive E: | 16.87 Gb Total Space | 2.55 Gb Free Space | 15.15% Space Free | Partition Type: NTFS
Drive F: | 4.98 Gb Total Space | 2.13 Gb Free Space | 42.68% Space Free | Partition Type: FAT32
Drive H: | 80.00 Gb Total Space | 77.82 Gb Free Space | 97.28% Space Free | Partition Type: NTFS

Computer Name: KDOLCNU13000JF | User Name: moradm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/18 21:14:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\moradm\Downloads\OTL.exe
PRC - [2012/12/18 08:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/10/08 09:40:08 | 000,137,208 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\ccSvcHst.exe
PRC - [2012/06/15 08:19:52 | 000,070,280 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe
PRC - [2012/05/04 09:21:18 | 000,210,944 | ---- | M] (Numara Software, Inc.) -- C:\Windows\TIREMOTE\TIRemoteService.exe
PRC - [2012/02/20 03:00:00 | 000,636,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\CCM\SCNotification.exe
PRC - [2011/04/25 02:24:16 | 000,726,976 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2011/04/25 02:22:40 | 000,305,088 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2011/04/05 12:13:46 | 001,094,712 | ---- | M] (Hewlett-Packard Development Company L.P.) -- c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
PRC - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/02/10 18:44:28 | 000,076,344 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
PRC - [2011/02/07 12:41:42 | 012,274,688 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
PRC - [2011/02/07 12:41:26 | 000,320,000 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
PRC - [2011/02/01 02:23:10 | 001,127,448 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2011/01/28 16:27:06 | 000,281,656 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
PRC - [2011/01/28 10:41:30 | 000,133,688 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
PRC - [2011/01/26 11:00:32 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/01/26 11:00:00 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/01/18 14:42:48 | 000,070,256 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
PRC - [2011/01/18 14:42:44 | 000,113,264 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2011/01/17 13:42:04 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011/01/17 13:42:02 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011/01/12 12:12:06 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) -- c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
PRC - [2011/01/10 13:05:38 | 000,603,896 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2011/01/06 21:08:38 | 000,138,400 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2010/11/29 13:10:32 | 000,210,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2010/11/20 06:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010/11/11 01:43:00 | 000,502,464 | ---- | M] (ArcSoft, Inc.) -- C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
PRC - [2009/02/04 14:35:00 | 000,078,848 | ---- | M] (DameWare Development) -- C:\Windows\SysWOW64\DWRCST.EXE
PRC - [2009/02/04 14:34:46 | 000,234,496 | ---- | M] (DameWare Development LLC) -- C:\Windows\SysWOW64\DWRCS.EXE
PRC - [2008/06/11 21:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/26 10:06:41 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll
MOD - [2012/11/26 10:06:40 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\6735246d68993bee06abd24deeb32983\IAStorUtil.ni.dll
MOD - [2012/11/26 10:06:40 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\0beca50c12eaf6f0bff6236eb72cc36e\IAStorCommon.ni.dll
MOD - [2012/11/26 09:44:16 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll
MOD - [2012/11/26 09:44:11 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
MOD - [2012/11/26 09:43:52 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012/11/26 09:43:47 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012/11/26 09:43:37 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll
MOD - [2012/11/26 09:43:32 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012/11/26 09:43:30 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012/11/26 09:43:29 | 007,988,736 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012/11/26 09:43:22 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012/11/26 09:32:28 | 000,900,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\SCNotification\381b6da32026b93dea31b34e05fbf0c7\SCNotification.ni.exe
MOD - [2012/11/26 09:32:26 | 000,479,744 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\SCClient.Data\9d9c3a212409e50608eb095ab6eeb324\SCClient.Data.ni.dll
MOD - [2012/11/26 09:32:26 | 000,436,736 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\SCClient.Common\182c99d50f13cdef0e2eebb47bd1e708\SCClient.Common.ni.dll
MOD - [2012/11/26 09:32:22 | 001,218,560 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\5d0dc33658e23a6f960c46a5beab7ecf\System.Management.ni.dll
MOD - [2012/11/26 09:32:21 | 001,838,080 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\da70ab23582f4ebf61a2d551a390afcf\Microsoft.VisualBasic.ni.dll
MOD - [2012/11/26 09:31:53 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\fff1287f12f1ab73c271386342224a3a\System.Runtime.Remoting.ni.dll
MOD - [2012/11/26 09:31:43 | 001,801,728 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\5e3ccfdf88ccd6a9ff4e6ddae7e3fec6\System.Xaml.ni.dll
MOD - [2012/11/26 09:18:16 | 018,002,944 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\c881e2d2ec912499834feb85c4c2e483\PresentationFramework.ni.dll
MOD - [2012/11/26 09:18:05 | 011,451,904 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\58f50a891bafb8fd7149e6eebc2b7b52\PresentationCore.ni.dll
MOD - [2012/11/26 09:17:56 | 003,858,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\05ebffcb5aac31412fea8c38cbac8df8\WindowsBase.ni.dll
MOD - [2012/11/26 09:09:24 | 013,198,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\caffbced23ee85b40b919ad4a122b7aa\System.Windows.Forms.ni.dll
MOD - [2012/11/26 09:09:21 | 007,069,184 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\752225ca2585aa8f1c46b489e172e920\System.Core.ni.dll
MOD - [2012/11/26 09:09:19 | 005,617,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\cb0c00757e89f0b1fe282913ed667212\System.Xml.ni.dll
MOD - [2012/11/26 09:09:16 | 001,666,048 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9422d0c052186760a4645e10995487f5\System.Drawing.ni.dll
MOD - [2012/11/26 09:09:16 | 000,982,528 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ed886fb71addf400705481dcf8de12da\System.Configuration.ni.dll
MOD - [2012/11/26 09:09:14 | 009,093,632 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\811a7bc79f8f0a5be8065292a320819e\System.ni.dll
MOD - [2012/11/26 09:09:08 | 014,412,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\16126cae96ea2422253ae06eeb672abc\mscorlib.ni.dll
MOD - [2011/05/02 13:08:04 | 000,868,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll


========== Services (SafeList) ==========

SRV:64bit: - [2011/12/06 16:22:22 | 000,050,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Policy Platform\policyHost.exe -- (lppsvc)
SRV:64bit: - [2011/12/06 16:22:22 | 000,050,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Policy Platform\policyHost.exe -- (lpasvc)
SRV:64bit: - [2011/03/28 00:44:46 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/02/11 21:07:16 | 000,481,104 | R--- | M] (DigitalPersona, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost)
SRV:64bit: - [2011/02/09 12:28:12 | 001,318,912 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe -- (McAfee Endpoint Encryption Agent)
SRV:64bit: - [2011/01/28 10:41:30 | 000,133,688 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe -- (HPDayStarterService)
SRV:64bit: - [2011/01/27 03:52:00 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/01/26 19:11:48 | 000,131,128 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service)
SRV:64bit: - [2011/01/26 17:01:00 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2011/01/21 20:36:02 | 003,154,224 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/03/03 04:42:00 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2013/01/09 13:20:21 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 08:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/10/08 09:40:10 | 002,601,544 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\Smc.exe -- (SmcService)
SRV - [2012/10/08 09:40:10 | 000,325,040 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\snac64.exe -- (SNAC)
SRV - [2012/10/08 09:40:08 | 000,137,208 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\ccSvcHst.exe -- (SepMasterService)
SRV - [2012/06/15 08:19:52 | 000,070,280 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe -- (EaseUS Agent)
SRV - [2012/06/07 18:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/04 09:21:18 | 000,210,944 | ---- | M] (Numara Software, Inc.) [Auto | Running] -- C:\Windows\TIREMOTE\TIRemoteService.exe -- (TIRmtSvc)
SRV - [2012/05/03 16:52:18 | 000,024,712 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Disabled | Stopped] -- C:\Program Files (x86)\EASEUS\Todo Backup\bin\GuardAgent.exe -- (Guard Agent)
SRV - [2012/03/08 13:04:27 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/03/08 13:03:24 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2012/02/20 03:00:00 | 001,684,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\CCM\CcmExec.exe -- (CcmExec)
SRV - [2012/02/20 03:00:00 | 000,605,040 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\CCM\RemCtrl\CmRcService.exe -- (CmRcService)
SRV - [2012/02/20 03:00:00 | 000,374,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\CCM\TSManager.exe -- (smstsmgr)
SRV - [2011/04/05 12:13:46 | 001,094,712 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Running] -- c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
SRV - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/03/07 14:48:10 | 000,062,184 | ---- | M] (Xobni Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Xobni\XobniService.exe -- (XobniService)
SRV - [2011/02/07 12:41:26 | 000,320,000 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
SRV - [2011/02/03 16:09:18 | 000,464,480 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- c:\Windows\SysWOW64\flcdlock.exe -- (FLCDLOCK)
SRV - [2011/02/01 02:23:10 | 001,127,448 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2011/01/28 16:27:06 | 000,281,656 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor)
SRV - [2011/01/26 11:00:00 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/01/21 20:24:50 | 002,708,784 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2011/01/18 14:42:44 | 000,113,264 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2011/01/17 13:42:04 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/01/17 13:42:02 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/01/12 12:12:06 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) [On_Demand | Running] -- c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2011/01/10 13:05:38 | 000,603,896 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2011/01/06 21:08:38 | 000,138,400 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011/01/06 21:06:56 | 000,053,920 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2010/11/29 13:10:32 | 000,210,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2010/11/11 01:43:00 | 000,502,464 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe -- (uArcCapture)
SRV - [2010/09/30 15:44:46 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/04 14:34:46 | 000,234,496 | ---- | M] (DameWare Development LLC) [Auto | Running] -- C:\Windows\SysWOW64\DWRCS.EXE -- (DWMRCS)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/08 10:53:05 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/01/08 10:52:21 | 000,119,816 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SysPlant.sys -- (SysPlant)
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/10/08 09:40:12 | 000,932,472 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\SEP\0C01044D\0191.105\x64\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2012/10/08 09:40:12 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C01044D\0191.105\x64\symnets.sys -- (SYMNETS)
DRV:64bit: - [2012/10/08 09:40:11 | 000,678,008 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C01044D\0191.105\x64\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/10/08 09:40:11 | 000,451,192 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SEP\0C01044D\0191.105\x64\SymDS64.sys -- (SymDS)
DRV:64bit: - [2012/10/08 09:40:11 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C01044D\0191.105\x64\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/10/08 09:40:11 | 000,039,032 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C01044D\0191.105\x64\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/10/08 09:40:10 | 000,062,672 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Teefer.sys -- (Teefer2)
DRV:64bit: - [2012/05/03 16:52:02 | 000,189,576 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EuFdDisk.sys -- (EUFDDISK)
DRV:64bit: - [2012/05/03 16:52:00 | 000,048,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EUBKMON.sys -- (EUBKMON)
DRV:64bit: - [2012/05/03 16:51:54 | 000,019,592 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\eudskacs.sys -- (EUDSKACS)
DRV:64bit: - [2012/05/03 16:51:52 | 000,058,504 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\eubakup.sys -- (EUBAKUP)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/16 01:34:38 | 000,392,752 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/08/01 15:59:06 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/08/01 15:59:06 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/07/29 12:54:56 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2011/07/29 12:54:56 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2011/07/14 16:18:52 | 000,157,184 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse)
DRV:64bit: - [2011/04/25 01:49:16 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2011/03/30 01:15:00 | 001,254,464 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AE1200w764.sys -- (Linksys_adapter_H)
DRV:64bit: - [2011/03/28 01:14:48 | 009,319,424 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/03/28 00:09:12 | 000,303,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/24 13:35:36 | 000,019,968 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rzjoystk.sys -- (rzjoystk)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/02 18:17:20 | 000,013,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2011/02/09 12:59:52 | 000,168,008 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\MfeEpePc.sys -- (MfeEpePc)
DRV:64bit: - [2011/02/07 08:50:26 | 000,063,336 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DAMDrv64.sys -- (DAMDrv)
DRV:64bit: - [2011/01/31 04:04:42 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2011/01/27 03:52:00 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/01/26 23:57:12 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2011/01/26 17:01:00 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/01/26 17:01:00 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/01/12 19:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/01/10 12:52:06 | 000,022,752 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2011/01/08 09:16:24 | 002,698,240 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/01/06 21:07:32 | 000,279,200 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011/01/06 21:07:30 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011/01/06 21:07:30 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011/01/06 21:07:30 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011/01/06 21:07:28 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011/01/06 21:07:26 | 000,298,144 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011/01/06 21:07:26 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2010/12/21 11:21:16 | 001,826,048 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2010/12/02 18:02:58 | 000,025,912 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2010/11/30 10:32:38 | 000,406,632 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/20 07:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 07:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 05:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 03:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/11 01:46:00 | 000,032,192 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftVCapture.sys -- (ARCVCAM)
DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/14 14:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/07/07 14:44:10 | 000,136,192 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\archlp.sys -- (archlp)
DRV:64bit: - [2010/02/08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 15:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/11/16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2007/02/15 04:00:00 | 000,030,720 | ---- | M] (DameWare) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dwvkbd64.sys -- (dwvkbd)
DRV - [2013/01/16 12:27:28 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\VirusDefs\20130117.025\ex64.sys -- (NAVEX15)
DRV - [2013/01/16 12:27:27 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\VirusDefs\20130117.025\eng64.sys -- (NAVENG)
DRV - [2012/11/14 12:54:56 | 001,384,608 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\BASHDefs\20130107.011\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/11/13 13:58:43 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\IPSDefs\20130117.011\IDSviA64.sys -- (IDSVia64)
DRV - [2012/10/08 09:40:10 | 000,029,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\SyDvCtrl64.sys -- (SyDvCtrl)
DRV - [2012/10/07 22:46:46 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/10/07 22:46:46 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/02/20 03:00:00 | 000,026,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2011/07/29 12:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2011/07/29 12:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-131294493-1449412943-965413785-16775\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://prod.campuscruiser.com/eicc/
IE - HKU\S-1-5-21-131294493-1449412943-965413785-16775\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKU\S-1-5-21-131294493-1449412943-965413785-16775\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\moradm\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\moradm\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2011/05/02 13:15:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\IPSFFPlgn\ [2013/01/18 20:44:11 | 000,000,000 | ---D | M]

[2013/01/18 11:45:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla FireFox\extensions

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\moradm\AppData\Local\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\moradm\AppData\Local\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\moradm\AppData\Local\Google\Chrome\Application\24.0.1312.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\moradm\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Users\moradm\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\moradm\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\moradm\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Bitdefender QuickScan = C:\Users\moradm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.118_0\
CHR - Extension: Gmail = C:\Users\moradm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013/01/18 20:20:22 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [DameWare MRC Agent] C:\Windows\SysWOW64\DWRCST.EXE (DameWare Development)
O4 - HKLM..\Run: [DTRun] c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPConnectionManager] c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-131294493-1449412943-965413785-16775..\Run: [Adobe Reader Synchronizer] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF 03 [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF 03 [binary data]
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF 03 [binary data]
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-131294493-1449412943-965413785-16775\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-131294493-1449412943-965413785-16775\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-131294493-1449412943-965413785-16775\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInplaceSharing = 0
O7 - HKU\S-1-5-21-131294493-1449412943-965413785-16775\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: C&all - C:\Program Files (x86)\Cisco Systems\Unified Personal Communicator\add-ins\internet-explorer\iecontextmenu-call.htm ()
O8:64bit: - Extra context menu item: Call with &Edit... - C:\Program Files (x86)\Cisco Systems\Unified Personal Communicator\add-ins\internet-explorer\iecontextmenu-edit-and-call.htm ()
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: C&all - C:\Program Files (x86)\Cisco Systems\Unified Personal Communicator\add-ins\internet-explorer\iecontextmenu-call.htm ()
O8 - Extra context menu item: Call with &Edit... - C:\Program Files (x86)\Cisco Systems\Unified Personal Communicator\add-ins\internet-explorer\iecontextmenu-edit-and-call.htm ()
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: eicc.edu ([myeiccd] https in Trusted sites)
O15:64bit: - ..Trusted Domains: eiccd.net ([]* in Local intranet)
O15:64bit: - ..Trusted Domains: eiccd.net ([eiccd-otis] http in Local intranet)
O15:64bit: - ..Trusted Domains: eiccd.net ([www] http in Local intranet)
O15 - HKU\S-1-5-21-131294493-1449412943-965413785-16775\..Trusted Domains: eicc.edu ([myeiccd] https in Trusted sites)
O15 - HKU\S-1-5-21-131294493-1449412943-965413785-16775\..Trusted Domains: eiccd.net ([]* in Local intranet)
O15 - HKU\S-1-5-21-131294493-1449412943-965413785-16775\..Trusted Domains: eiccd.net ([eiccd-otis] http in Local intranet)
O15 - HKU\S-1-5-21-131294493-1449412943-965413785-16775\..Trusted Domains: eiccd.net ([www] http in Local intranet)
O15 - HKU\S-1-5-21-131294493-1449412943-965413785-16775\..Trusted Domains: eiccd-sccm01 ([]http in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://webvpn.eiccd.net/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} http://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab64162.cab (MSN Games – Backgammon)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.183.164 97.64.209.37 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eiccd.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57CE51FB-1D82-40CA-96D9-F8F1BE244E45}: DhcpNameServer = 97.64.183.164 97.64.209.37 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60012E08-59CC-4FB9-94F5-F01FE28B220C}: DhcpNameServer = 192.168.42.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\windows\SysWow64\DeviceNP.dll (Hewlett-Packard Company)
O20 - Winlogon\Notify\SEP: DllName - (C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\WinLogoutNotifier.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/01/17 14:23:56 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/18 20:58:57 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/01/18 20:58:42 | 000,000,000 | ---D | C] -- C:\JRT
[2013/01/18 20:44:36 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/01/18 19:12:36 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2013/01/18 19:10:52 | 000,000,000 | ---D | C] -- C:\Users\moradm\Documents\mbar-1.01.0.1016
[2013/01/18 19:05:04 | 000,000,000 | ---D | C] -- C:\Users\moradm\Desktop\RK_Quarantine
[2013/01/18 16:32:51 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\moradm\Desktop\dds.com
[2013/01/18 15:32:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/01/18 13:07:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013/01/18 13:07:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013/01/18 13:07:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013/01/18 13:07:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/18 13:07:11 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2013/01/18 11:43:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vigator Guardian
[2013/01/18 11:43:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DataSorption
[2013/01/18 11:42:56 | 000,000,000 | ---D | C] -- C:\Users\moradm\AppData\Local\Coupon Companion Plugin
[2013/01/18 11:42:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla FireFox
[2013/01/18 00:28:53 | 000,000,000 | ---D | C] -- C:\Users\moradm\AppData\Roaming\Curiolab
[2013/01/17 17:42:57 | 000,000,000 | ---D | C] -- C:\windows\pss
[2013/01/17 14:21:42 | 000,000,000 | ---D | C] -- C:\Users\moradm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2013/01/17 11:57:01 | 000,000,000 | ---D | C] -- C:\Users\moradm\AppData\Local\Programs
[2013/01/08 13:55:40 | 000,000,000 | ---D | C] -- C:\windows\SysNative\%LOCALAPPDATA%
[2013/01/02 16:31:45 | 000,000,000 | ---D | C] -- C:\Users\moradm\Desktop\Deploy media
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/18 20:51:58 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/18 20:51:58 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/18 20:48:42 | 000,811,050 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/01/18 20:48:42 | 000,684,702 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/01/18 20:48:42 | 000,129,668 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/01/18 20:46:55 | 000,000,582 | ---- | M] () -- C:\windows\SMSCFG.ini
[2013/01/18 20:44:39 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2013/01/18 20:43:49 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/01/18 20:43:36 | 4226,138,111 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/18 20:39:07 | 000,574,677 | ---- | M] () -- C:\Users\moradm\Desktop\adwcleaner.exe
[2013/01/18 20:20:22 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2013/01/18 20:20:05 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/01/18 19:38:19 | 406,851,901 | ---- | M] () -- C:\windows\MEMORY.DMP
[2013/01/18 19:03:17 | 000,764,416 | ---- | M] () -- C:\Users\moradm\Desktop\RogueKiller.exe
[2013/01/18 16:30:42 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\moradm\Desktop\dds.com
[2013/01/17 21:09:54 | 001,240,260 | ---- | M] () -- C:\Users\moradm\AppData\Local\census.cache
[2013/01/17 21:09:48 | 000,147,790 | ---- | M] () -- C:\Users\moradm\AppData\Local\ars.cache
[2013/01/17 14:59:16 | 000,000,065 | -H-- | M] () -- C:\TrackitAudit.id
[2013/01/17 14:23:56 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013/01/17 11:57:20 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/16 15:17:06 | 000,011,607 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013/01/16 13:52:45 | 000,002,006 | -H-- | M] () -- C:\Users\moradm\Documents\Default.rdp
[2013/01/15 14:05:41 | 000,002,375 | ---- | M] () -- C:\Users\moradm\Desktop\Google Chrome.lnk
[2013/01/09 13:20:21 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013/01/09 13:20:21 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/01/08 10:53:05 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/01/08 10:53:05 | 000,007,488 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/01/08 10:53:05 | 000,000,855 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/01/08 10:52:21 | 000,288,176 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\SymVPN.dll
[2013/01/08 10:52:21 | 000,119,816 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\SysPlant.sys
[2013/01/08 10:52:21 | 000,081,840 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\FwsVpn.dll
[2013/01/08 10:52:21 | 000,042,632 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\WGX64.SYS
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/18 20:39:06 | 000,574,677 | ---- | C] () -- C:\Users\moradm\Desktop\adwcleaner.exe
[2013/01/18 19:12:29 | 406,851,901 | ---- | C] () -- C:\windows\MEMORY.DMP
[2013/01/18 19:03:17 | 000,764,416 | ---- | C] () -- C:\Users\moradm\Desktop\RogueKiller.exe
[2013/01/18 13:07:42 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013/01/18 13:07:42 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013/01/18 13:07:42 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013/01/18 13:07:42 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013/01/18 13:07:42 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013/01/17 14:23:56 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013/01/14 16:38:47 | 003,774,076 | ---- | C] () -- C:\Users\moradm\Desktop\Trainers Guide Final.pdf
[2012/11/14 13:00:02 | 000,000,111 | ---- | C] () -- C:\windows\ODBC.INI
[2012/10/25 15:21:12 | 000,000,713 | ---- | C] () -- C:\windows\SysWow64\DWRCCMDError.ini
[2012/09/12 08:13:42 | 000,102,400 | ---- | C] () -- C:\windows\RegBootClean.exe
[2012/09/11 20:18:06 | 001,240,260 | ---- | C] () -- C:\Users\moradm\AppData\Local\census.cache
[2012/09/11 20:17:29 | 000,147,790 | ---- | C] () -- C:\Users\moradm\AppData\Local\ars.cache
[2012/09/11 20:03:31 | 000,000,036 | ---- | C] () -- C:\Users\moradm\AppData\Local\housecall.guid.cache
[2012/08/21 15:29:45 | 000,000,218 | ---- | C] () -- C:\Users\moradm\.recently-used.xbel
[2012/08/21 15:23:03 | 000,019,840 | ---- | C] () -- C:\windows\SysWow64\EuEpmGdi.dll
[2012/08/21 15:23:02 | 002,469,760 | ---- | C] () -- C:\windows\SysWow64\BootMan.exe
[2012/08/21 15:23:02 | 000,086,408 | ---- | C] () -- C:\windows\SysWow64\setupempdrv03.exe
[2012/08/21 15:23:02 | 000,014,216 | ---- | C] () -- C:\windows\SysWow64\epmntdrv.sys
[2012/08/21 15:23:02 | 000,008,456 | ---- | C] () -- C:\windows\SysWow64\EuGdiDrv.sys
[2012/06/14 08:08:08 | 000,094,208 | ---- | C] () -- C:\windows\TIRHService.exe
[2012/03/08 16:08:00 | 000,001,198 | ---- | C] () -- C:\Users\moradm\AppData\Roaming\evmanage.prf
[2012/03/08 13:03:27 | 000,000,000 | ---- | C] () -- C:\windows\eDrawingOfficeAutomator.INI
[2012/02/13 15:56:39 | 000,000,017 | ---- | C] () -- C:\Users\moradm\AppData\Local\resmon.resmoncfg
[2012/01/31 19:12:00 | 000,003,604 | ---- | C] () -- C:\Users\moradm\AppData\Roaming\evpro32.prf
[2012/01/31 19:04:27 | 000,000,074 | ---- | C] () -- C:\Users\moradm\AppData\Roaming\evplay.prf
[2012/01/05 00:17:17 | 000,000,582 | ---- | C] () -- C:\windows\SMSCFG.ini
[2012/01/03 12:07:14 | 000,002,398 | RHS- | C] () -- C:\Users\moradm\ntuser.pol
[2012/01/03 12:05:47 | 000,011,607 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/07/25 02:51:27 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdebged.sys
[2011/07/25 02:40:15 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2011/07/25 02:37:32 | 000,003,914 | ---- | C] () -- C:\windows\SysWow64\atipblup.dat
[2011/07/25 02:36:28 | 000,025,984 | ---- | C] () -- C:\windows\snuvcdsm.exe
[2011/07/25 02:36:28 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2011/05/02 13:37:42 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdebcdf.sys
[2011/05/02 13:21:48 | 000,000,178 | ---- | C] () -- C:\windows\SysWow64\HPPA.ini
[2011/05/02 13:15:57 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdebcch.sys
[2011/05/02 12:48:37 | 000,803,188 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/03/28 13:10:12 | 000,059,904 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll
[2011/03/17 11:05:12 | 000,003,914 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2011/02/25 16:32:12 | 000,012,144 | ---- | C] () -- C:\windows\HPun2430Version.dll
[2011/02/11 21:07:16 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPSCEL.dll.hpsign
[2011/02/11 21:07:16 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPFPApi.dll.hpsign
[2011/02/11 21:07:16 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPClback.dll.hpsign
[2011/02/11 21:04:36 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPLic.dll.hpsign
[2011/02/09 22:03:48 | 000,000,326 | ---- | C] () -- C:\windows\primopdf.ini
[2011/02/03 16:09:24 | 000,366,176 | ---- | C] () -- C:\windows\SysWow64\flcdlmsg.dll
[2011/02/02 21:49:02 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPFPApiUI.dll.hpsign
[2011/02/02 21:47:42 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPPassFilter.dll.hpsign
[2011/02/02 21:47:42 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPCrProv.dll.hpsign
[2011/01/29 17:49:32 | 000,017,232 | ---- | C] () -- C:\windows\SysWow64\CoHpCasl.exe
[2011/01/26 23:55:20 | 000,960,940 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011/01/26 23:55:20 | 000,213,332 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011/01/26 23:55:20 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011/01/22 13:40:54 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\vcsAPIShared.dll.hpsign

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
< End of report >
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
O4 - HKLM..\Run: [] File not found
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O15:64bit: - ..Trusted Domains: eicc.edu ([myeiccd] https in Trusted sites)
O15:64bit: - ..Trusted Domains: eiccd.net ([]* in Local intranet)
O15:64bit: - ..Trusted Domains: eiccd.net ([eiccd-otis] http in Local intranet)
O15:64bit: - ..Trusted Domains: eiccd.net ([www] http in Local intranet)
O15 - HKU\S-1-5-21-131294493-1449412943-965413785-16775\..Trusted Domains: eicc.edu ([myeiccd] https in Trusted sites)
O15 - HKU\S-1-5-21-131294493-1449412943-965413785-16775\..Trusted Domains: eiccd.net ([]* in Local intranet)
O15 - HKU\S-1-5-21-131294493-1449412943-965413785-16775\..Trusted Domains: eiccd.net ([eiccd-otis] http in Local intranet)
O15 - HKU\S-1-5-21-131294493-1449412943-965413785-16775\..Trusted Domains: eiccd.net ([www] http in Local intranet)
O15 - HKU\S-1-5-21-131294493-1449412943-965413785-16775\..Trusted Domains: eiccd-sccm01 ([]http in Trusted sites)

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

============================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Ok so bit of a problem with the OTL fix file. My notepad is not working...ie it has a icon on the taskbar and it seems the file is open, but I can not open it. I have been just closing the files and using notepad++ to open and paste to you. But with this one I cannot find it anywhere. should I re-run? or move on with scans?
 
No ...notepad will not open on the PC.
I have been using notepad++ to copy and paste to you.
I can find notepad it will just not work.
I cannot find the last log file for OTL when you had me run the fix.
It restarted the PC and when it came up the notepad icon was on the taskbar but would not maximize or let me peek at it.
I cannot find the log file to open it with notepad++.
 
We have to get Notepad to work.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box and paste it into the main textfield:
    Code: 
    :filefind
notepad.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
 
SystemLook 30.07.11 by jpshortstuff
Log created at 22:19 on 18/01/2013 by moradm
Administrator - Elevation successful

========== filefind ==========

Searching for "notepad.exe"
C:\Windows\notepad.exe--a---- 193536 bytes[23:56 13/07/2009][01:39 14/07/2009] F2C7BB8ACC97F92E987A2D4087D021B1
C:\Windows\System32\notepad.exe--a---- 193536 bytes[23:56 13/07/2009][01:39 14/07/2009] F2C7BB8ACC97F92E987A2D4087D021B1
C:\Windows\SysWOW64\notepad.exe--a---- 179712 bytes[23:41 13/07/2009][01:14 14/07/2009] D378BFFB70923139D6A4F546864AA61C
C:\Windows\winsxs\amd64_microsoft-windows-notepadwin_31bf3856ad364e35_6.1.7600.16385_none_9ebebe8614be1470\notepad.exe--a---- 193536 bytes[23:56 13/07/2009][01:39 14/07/2009] F2C7BB8ACC97F92E987A2D4087D021B1
C:\Windows\winsxs\amd64_microsoft-windows-notepad_31bf3856ad364e35_6.1.7600.16385_none_cb0f7f2289b0c21a\notepad.exe--a---- 193536 bytes[23:56 13/07/2009][01:39 14/07/2009] F2C7BB8ACC97F92E987A2D4087D021B1
C:\Windows\winsxs\wow64_microsoft-windows-notepad_31bf3856ad364e35_6.1.7600.16385_none_d5642974be118415\notepad.exe--a---- 179712 bytes[23:41 13/07/2009][01:14 14/07/2009] D378BFFB70923139D6A4F546864AA61C

-= EOF =-
 
Status
Not open for further replies.

Similar threads

I
  • Locked
Inactive Virus or rootkit on Windows and Linux
Replies
9
Views
2K
Broni
Broni
A
Intel proposes the x86-S architecture for a simpler, more efficient CPU instruction set
Replies
16
Views
825
punctualturn
P
A
DOS_Deck runs PC retro games in a browser and Steam Deck
Replies
3
Views
305
TheBigT42
TheBigT42

Latest posts

Back