Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hijack.ControlPanelStyle Infection


  • Please log in to reply

#1
willmon2000

willmon2000

    Member

  • Member
  • PipPipPip
  • 215 posts
I've tried removing the virus with malwarebytes and any registry keys with rouge killer. However, after I remove infections and reboot; malwarebytes still finds the same three infections.
  • 0

Advertisements


#2
willmon2000

willmon2000

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 215 posts
OTL logfile created on: 5/23/2013 11:21:57 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ihale\Desktop
Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.17 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 50.35% Memory free
6.33 Gb Paging File | 5.06 Gb Available in Paging File | 79.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 118.95 Gb Total Space | 79.68 Gb Free Space | 66.99% Space Free | Partition Type: NTFS

Computer Name: SCALAP0099 | User Name: TurnerAdmin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/23 11:21:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ihale\Desktop\OTL.exe
PRC - [2013/04/25 11:19:32 | 000,706,776 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe
PRC - [2013/04/04 14:50:32 | 000,887,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012/12/14 15:26:06 | 000,887,352 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2012/12/14 15:24:56 | 000,383,544 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2012/12/11 11:30:54 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\ihale\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/11/22 19:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/10/04 07:57:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/08/24 09:49:12 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2012/08/24 09:49:10 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2012/08/24 09:49:07 | 001,864,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2012/08/24 09:49:07 | 001,455,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2012/08/24 09:49:05 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2012/02/10 09:28:48 | 000,167,584 | ---- | M] (Bluebeam Software, Inc.) -- C:\Program Files\Common Files\Bluebeam Software\Bluebeam Revu\Brewery\V45\Printer Support\BBPrint.exe
PRC - [2012/01/20 22:03:48 | 000,719,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2011/06/01 06:10:24 | 007,377,784 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer.exe
PRC - [2011/06/01 06:10:24 | 002,345,848 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/21 18:14:56 | 000,054,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2011/02/21 18:14:54 | 000,488,816 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2011/02/21 18:14:54 | 000,054,640 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2011/02/21 18:14:54 | 000,054,640 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2011/02/21 18:14:48 | 000,072,296 | ---- | M] (O2Micro International) -- C:\Windows\System32\drivers\o2flash.exe
PRC - [2010/02/25 06:04:40 | 000,263,536 | ---- | M] (SAP AG) -- C:\Program Files\SAP\SapSetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe
PRC - [2010/02/25 06:04:40 | 000,226,672 | ---- | M] (SAP AG) -- C:\Program Files\SAP\SapSetup\setup\Updater\NwSapSetupUserNotificationTool.exe
PRC - [2009/11/17 10:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009/09/18 02:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CCM\CcmExec.exe


========== Modules (No Company Name) ==========

MOD - [2011/04/10 08:40:40 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll
MOD - [2011/03/16 22:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 13:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV - [2013/04/25 11:19:32 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012/08/24 09:49:12 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2012/08/24 09:49:12 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2012/08/24 09:49:07 | 001,864,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2012/08/24 09:49:07 | 000,341,320 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2012/08/24 09:49:05 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2011/06/01 06:10:24 | 002,345,848 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/02/21 18:14:48 | 000,072,296 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\System32\drivers\o2flash.exe -- (O2FLASH)
SRV - [2010/02/25 06:04:40 | 000,263,536 | ---- | M] (SAP AG) [Auto | Running] -- C:\Program Files\SAP\SapSetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe -- (NWSAPAutoWorkstationUpdateSvc)
SRV - [2009/11/17 10:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009/09/18 02:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2009/09/18 02:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\CCM\TSManager.exe -- (smstsmgr)
SRV - [2009/07/13 18:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/06/30 14:36:35 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - [2013/05/23 10:26:46 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013/05/21 01:00:00 | 001,611,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20130523.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/05/21 01:00:00 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20130523.003\NAVENG.SYS -- (NAVENG)
DRV - [2012/08/24 09:49:37 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/08/24 09:49:13 | 000,320,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2012/08/24 09:49:13 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2012/08/24 09:49:12 | 000,281,648 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2012/08/24 09:48:57 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2012/08/15 12:26:06 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/08/15 12:26:06 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/05/01 14:32:08 | 007,513,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32)
DRV - [2011/02/21 18:15:06 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2011/02/21 18:15:00 | 000,012,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tcm.sys -- (tcm)
DRV - [2011/02/21 18:14:54 | 000,284,792 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2011/02/21 18:14:54 | 000,033,832 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV - [2011/02/21 18:14:52 | 000,396,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Mbm3DevMt.sys -- (Mbm3DevMt)
DRV - [2011/02/21 18:14:52 | 000,361,032 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Mbm3CBus.sys -- (Mbm3CBus)
DRV - [2011/02/21 18:14:52 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwdelser2.sys -- (NWDellPort2)
DRV - [2011/02/21 18:14:52 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwdelser.sys -- (NWDellPort)
DRV - [2011/02/21 18:14:52 | 000,026,152 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wwanussf.sys -- (ecnssndisfltr)
DRV - [2011/02/21 18:14:52 | 000,023,592 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wwanuss.sys -- (ecnssndis)
DRV - [2011/02/21 18:14:50 | 000,191,488 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwdelserial.sys -- (nwdelserial)
DRV - [2011/02/21 18:14:50 | 000,087,592 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\d554gps.sys -- (d554gps)
DRV - [2011/02/21 18:14:50 | 000,027,264 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwdelgobi3kfilter.sys -- (nwdelgobi3kfilter)
DRV - [2011/02/21 18:14:48 | 000,141,568 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2011/02/21 18:14:48 | 000,063,848 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sdjw7.sys -- (O2SDJRDR)
DRV - [2011/02/21 18:14:48 | 000,062,440 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\O2MDRw7.sys -- (O2MDRRDR)
DRV - [2011/02/21 18:14:48 | 000,062,208 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2011/02/21 18:14:48 | 000,060,904 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2mdfw7.sys -- (O2MDFRDR)
DRV - [2011/02/21 18:14:48 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HECI.sys -- (MEI)
DRV - [2011/02/21 18:14:44 | 000,043,888 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelern.sys -- (Acceler)
DRV - [2010/11/20 14:29:34 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 14:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 14:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 14:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010/11/20 14:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010/11/20 14:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 14:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 14:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 14:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 14:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 14:29:03 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)
DRV - [2010/11/20 14:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 14:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/28 05:41:02 | 000,238,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1c6232.sys -- (e1cexpress)
DRV - [2010/08/20 09:04:38 | 000,017,648 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\stdcfltn.sys -- (stdcfltn)
DRV - [2009/11/17 10:07:06 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009/09/18 02:00:00 | 000,020,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2009/07/13 16:45:20 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acpials.sys -- (acpials)
DRV - [2009/07/13 16:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/13 15:02:52 | 000,214,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress)
DRV - [2008/11/16 16:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008/05/06 14:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/01/18 18:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B9 E4 50 57 D7 57 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)



O1 HOSTS File: ([2013/05/23 11:12:58 | 000,000,841 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BbInstallUser] C:\Program Files\Bluebeam Software\Bluebeam Revu\Pushbutton PDF\Bluebeam Admin User.exe (Bluebeam Software, Inc.)
O4 - HKLM..\Run: [BbPrintMonitor] C:\Program Files\Common Files\Bluebeam Software\Bluebeam Revu\Brewery\V45\Printer Support\BBPrint.exe (Bluebeam Software, Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [GoToMeetingInstall1132] C:\Program Files\Citrix\GoToMeeting\1132\G2MInstaller.exe (Citrix Online, a division of Citrix Systems, Inc.)
O4 - HKLM..\Run: [SAP_WUS_UNT] C:\Program Files\SAP\SAPsetup\setup\Updater\NwSapSetupUserNotificationTool.exe (SAP AG)
O4 - HKCU..\Run: [GoToMeeting] C:\Program Files\Citrix\GoToMeeting\1132\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\New Windows present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\SQM present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 4
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFECAFE-0013-0001-0026-ABCDEFABCDEF} Reg Error: Value error. (JInitiator 1.3.1.26)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.18.90.13 172.18.2.74 172.18.2.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tcco.org
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B105ED49-0D38-47DE-8837-24A4289EE9A7}: DhcpNameServer = 172.18.90.13 172.18.2.74 172.18.2.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C26FC5FB-9720-44CF-A4AC-F632778123E3}: DhcpNameServer = 172.18.90.13 172.18.2.74 172.18.2.75
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Citrix\ICACLI~1\RSHook.dll) - C:\Program Files\Citrix\ICA Client\RSHook.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\WINDOWS\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/23 10:12:43 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/05/23 10:12:42 | 000,000,000 | ---D | C] -- C:\Users\TurnerAdmin.SCALAP0099\AppData\Roaming\Malwarebytes
[2013/05/23 10:12:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/05/23 10:12:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/05/23 10:12:32 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/05/23 10:12:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/05/23 10:12:22 | 000,000,000 | ---D | C] -- C:\Users\TurnerAdmin.SCALAP0099\AppData\Local\Programs
[2013/05/23 10:02:44 | 000,000,000 | ---D | C] -- C:\Users\TurnerAdmin.SCALAP0099\AppData\Roaming\Adobe
[2013/05/23 10:01:46 | 000,000,000 | ---D | C] -- C:\Users\TurnerAdmin.SCALAP0099\Documents\New folder
[2013/05/23 10:01:26 | 000,000,000 | ---D | C] -- C:\Users\TurnerAdmin.SCALAP0099\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix
[2013/05/23 10:01:24 | 000,000,000 | ---D | C] -- C:\Users\TurnerAdmin.SCALAP0099\AppData\Roaming\ICAClient
[2013/05/23 10:01:20 | 000,000,000 | ---D | C] -- C:\Users\TurnerAdmin.SCALAP0099\AppData\Local\Symantec
[2013/05/23 10:01:19 | 000,000,000 | -HSD | C] -- C:\Users\TurnerAdmin.SCALAP0099\AppData\Local\Temporary Internet Files
[2013/05/23 10:01:19 | 000,000,000 | -HSD | C] -- C:\Users\TurnerAdmin.SCALAP0099\Templates
[2013/05/23 10:01:19 | 000,000,000 | -HSD | C] -- C:\Users\TurnerAdmin.SCALAP0099\Start Menu
[2013/05/23 10:01:19 | 000,000,000 | -HSD | C] -- C:\Users\TurnerAdmin.SCALAP0099\SendTo
[2013/05/23 10:01:19 | 000,000,000 | -HSD | C] -- C:\Users\TurnerAdmin.SCALAP0099\Recent
[2013/05/23 10:01:19 | 000,000,000 | -HSD | C] -- C:\Users\TurnerAdmin.SCALAP0099\PrintHood
[2013/05/23 10:01:19 | 000,000,000 | -HSD | C] -- C:\Users\TurnerAdmin.SCALAP0099\NetHood
[2013/05/23 10:01:19 | 000,000,000 | -HSD | C] -- C:\Users\TurnerAdmin.SCALAP0099\Documents\My Videos
[2013/05/23 10:01:19 | 000,000,000 | -HSD | C] -- C:\Users\TurnerAdmin.SCALAP0099\Documents\My Pictures
[2013/05/23 10:01:19 | 000,000,000 | -HSD | C] -- C:\Users\TurnerAdmin.SCALAP0099\Documents\My Music
[2013/05/23 10:01:19 | 000,000,000 | -HSD | C] -- C:\Users\TurnerAdmin.SCALAP0099\My Documents
[2013/05/23 10:01:19 | 000,000,000 | -HSD | C] -- C:\Users\TurnerAdmin.SCALAP0099\Local Settings
[2013/05/23 10:01:19 | 000,000,000 | -HSD | C] -- C:\Users\TurnerAdmin.SCALAP0099\AppData\Local\History
[2013/05/23 10:01:19 | 000,000,000 | -HSD | C] -- C:\Users\TurnerAdmin.SCALAP0099\Cookies
[2013/05/23 10:01:19 | 000,000,000 | -HSD | C] -- C:\Users\TurnerAdmin.SCALAP0099\Application Data
[2013/05/23 10:01:19 | 000,000,000 | -HSD | C] -- C:\Users\TurnerAdmin.SCALAP0099\AppData\Local\Application Data
[2013/05/23 10:01:18 | 000,000,000 | --SD | C] -- C:\Users\TurnerAdmin.SCALAP0099\AppData\Roaming\Microsoft
[2013/05/23 10:01:18 | 000,000,000 | R--D | C] -- C:\Users\TurnerAdmin.SCALAP0099\Videos
[2013/05/23 10:01:18 | 000,000,000 | R--D | C] -- C:\Users\TurnerAdmin.SCALAP0099\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/05/23 10:01:18 | 000,000,000 | R--D | C] -- C:\Users\TurnerAdmin.SCALAP0099\Searches
[2013/05/23 10:01:18 | 000,000,000 | R--D | C] -- C:\Users\TurnerAdmin.SCALAP0099\Saved Games
[2013/05/23 10:01:18 | 000,000,000 | R--D | C] -- C:\Users\TurnerAdmin.SCALAP0099\Pictures
[2013/05/23 10:01:18 | 000,000,000 | R--D | C] -- C:\Users\TurnerAdmin.SCALAP0099\Music
[2013/05/23 10:01:18 | 000,000,000 | R--D | C] -- C:\Users\TurnerAdmin.SCALAP0099\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/05/23 10:01:18 | 000,000,000 | R--D | C] -- C:\Users\TurnerAdmin.SCALAP0099\Links
[2013/05/23 10:01:18 | 000,000,000 | R--D | C] -- C:\Users\TurnerAdmin.SCALAP0099\Favorites
[2013/05/23 10:01:18 | 000,000,000 | R--D | C] -- C:\Users\TurnerAdmin.SCALAP0099\Downloads
[2013/05/23 10:01:18 | 000,000,000 | R--D | C] -- C:\Users\TurnerAdmin.SCALAP0099\Documents
[2013/05/23 10:01:18 | 000,000,000 | R--D | C] -- C:\Users\TurnerAdmin.SCALAP0099\Desktop
[2013/05/23 10:01:18 | 000,000,000 | R--D | C] -- C:\Users\TurnerAdmin.SCALAP0099\Contacts
[2013/05/23 10:01:18 | 000,000,000 | R--D | C] -- C:\Users\TurnerAdmin.SCALAP0099\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/05/23 10:01:18 | 000,000,000 | R--D | C] -- C:\Users\TurnerAdmin.SCALAP0099\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/05/23 10:01:18 | 000,000,000 | -H-D | C] -- C:\Users\TurnerAdmin.SCALAP0099\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/05/23 10:01:18 | 000,000,000 | -H-D | C] -- C:\Users\TurnerAdmin.SCALAP0099\AppData
[2013/05/23 10:01:18 | 000,000,000 | ---D | C] -- C:\Users\TurnerAdmin.SCALAP0099\AppData\Local\Temp
[2013/05/23 10:01:18 | 000,000,000 | ---D | C] -- C:\Users\TurnerAdmin.SCALAP0099\AppData\Local\Microsoft Help
[2013/05/23 10:01:18 | 000,000,000 | ---D | C] -- C:\Users\TurnerAdmin.SCALAP0099\AppData\Local\Microsoft
[2013/05/23 10:01:18 | 000,000,000 | ---D | C] -- C:\Users\TurnerAdmin.SCALAP0099\AppData\Roaming\Media Center Programs
[2013/05/23 10:01:18 | 000,000,000 | ---D | C] -- C:\Users\TurnerAdmin.SCALAP0099\AppData\Roaming\Identities
[2013/05/23 10:01:18 | 000,000,000 | ---D | C] -- C:\Users\TurnerAdmin.SCALAP0099\AppData\Local\Apple
[2013/05/23 10:01:18 | 000,000,000 | ---D | C] -- C:\Users\TurnerAdmin.SCALAP0099\AppData\Local\Adobe
[2013/04/25 11:19:32 | 000,693,976 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/04/25 11:19:32 | 000,073,432 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/04/23 15:42:22 | 000,090,112 | ---- | C] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) -- C:\WINDOWS\System32\KOBDrvAPIIF.DLL
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/23 11:15:29 | 000,051,141 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013/05/23 11:15:28 | 000,000,393 | ---- | M] () -- C:\WINDOWS\SMSCFG.INI
[2013/05/23 11:14:57 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/05/23 11:14:50 | 2549,719,040 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/23 11:04:58 | 000,661,540 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/05/23 11:04:58 | 000,121,290 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/05/23 11:03:49 | 000,019,120 | -H-- | M] () -- C:\WINDOWS\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/23 11:03:49 | 000,019,120 | -H-- | M] () -- C:\WINDOWS\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/23 10:32:32 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/05/23 10:26:46 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/05/23 10:12:35 | 000,001,079 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/23 10:01:26 | 000,001,354 | ---- | M] () -- C:\Users\TurnerAdmin.SCALAP0099\Desktop\GoToMeeting.lnk
[2013/05/23 10:01:22 | 000,001,419 | ---- | M] () -- C:\Users\TurnerAdmin.SCALAP0099\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/05/23 10:01:20 | 000,000,444 | RHS- | M] () -- C:\Users\TurnerAdmin.SCALAP0099\ntuser.pol
[2013/05/08 08:34:36 | 000,000,302 | ---- | M] () -- C:\WINDOWS\ricdb.ini
[2013/04/25 11:19:32 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/04/25 11:19:32 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/23 10:12:35 | 000,001,079 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/23 10:01:26 | 000,001,354 | ---- | C] () -- C:\Users\TurnerAdmin.SCALAP0099\Desktop\GoToMeeting.lnk
[2013/05/23 10:01:22 | 000,001,419 | ---- | C] () -- C:\Users\TurnerAdmin.SCALAP0099\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/05/23 10:01:18 | 000,001,425 | ---- | C] () -- C:\Users\TurnerAdmin.SCALAP0099\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/05/23 10:01:18 | 000,000,444 | RHS- | C] () -- C:\Users\TurnerAdmin.SCALAP0099\ntuser.pol
[2013/05/23 10:01:18 | 000,000,290 | ---- | C] () -- C:\Users\TurnerAdmin.SCALAP0099\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/05/23 10:01:18 | 000,000,272 | ---- | C] () -- C:\Users\TurnerAdmin.SCALAP0099\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/04/25 11:19:33 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/02/19 15:31:44 | 000,032,768 | ---- | C] ( ) -- C:\WINDOWS\System32\RC00C140.dll
[2013/02/19 15:31:44 | 000,000,302 | ---- | C] () -- C:\WINDOWS\ricdb.ini
[2013/02/19 15:31:44 | 000,000,057 | ---- | C] () -- C:\WINDOWS\System32\RPCS.ini
[2012/08/27 13:27:37 | 000,000,119 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012/08/24 09:41:59 | 001,064,960 | ---- | C] () -- C:\WINDOWS\System32\h5krnl32.dll
[2012/08/24 09:41:59 | 000,188,928 | ---- | C] () -- C:\WINDOWS\System32\h5icon32.dll
[2012/08/24 09:41:59 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\h5menu32.dll
[2012/08/24 09:41:59 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\h5rtf32.dll
[2012/08/24 09:41:59 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\h5tool32.dll
[2012/08/24 09:41:58 | 000,002,344 | ---- | C] () -- C:\WINDOWS\saplogon.ini
[2012/08/24 09:27:57 | 000,004,764 | ---- | C] () -- C:\WINDOWS\System32\CcmFramework.ini
[2012/08/24 09:27:04 | 000,000,393 | ---- | C] () -- C:\WINDOWS\SMSCFG.INI
[2012/08/24 09:17:38 | 000,012,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\tcm.sys
[2012/08/24 09:16:35 | 000,963,116 | ---- | C] () -- C:\WINDOWS\System32\igkrng600.bin
[2012/08/24 09:16:31 | 000,218,304 | ---- | C] () -- C:\WINDOWS\System32\igfcg600m.bin
[2012/08/24 09:16:31 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[2012/08/24 09:16:28 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\igdde32.dll
[2012/08/24 09:16:26 | 000,145,804 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng600.bin
[2012/08/24 09:16:25 | 013,356,032 | ---- | C] () -- C:\WINDOWS\System32\ig4icd32.dll
[2012/08/24 09:16:25 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\IccLibDll.dll
[2012/06/28 10:05:30 | 000,678,912 | R--- | C] () -- C:\WINDOWS\System32\Bluebeam Javascript Library.dll
[2012/06/28 10:04:46 | 000,246,272 | R--- | C] () -- C:\WINDOWS\System32\Bluebeam JPX Library.dll
[2012/06/28 10:04:42 | 012,828,672 | R--- | C] () -- C:\WINDOWS\System32\BGP905A.dll
[2011/06/08 11:10:18 | 000,036,962 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll
[2011/06/08 09:04:31 | 000,000,465 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2011/06/08 09:02:44 | 000,051,141 | RHS- | C] () -- C:\ProgramData\ntuser.pol

========== ZeroAccess Check ==========

[2009/07/13 21:42:31 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/11/20 14:29:11 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 18:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >




Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.23.11

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
ihale :: SCALAP0099 [limited]

5/23/2013 11:15:47 AM
MBAM-log-2013-05-23 (11-25-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 175908
Time elapsed: 2 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Data: 1 -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowCpl|1 (Malware.Trace) -> Data: wuaucpl.cpl -> No action taken.

Registry Data Items Detected: 1
HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel|HomePage (PUM.Hijack.HomePageControl) -> Bad: (1) Good: (0) -> No action taken.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



OTL Extras logfile created on: 5/23/2013 11:21:57 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ihale\Desktop
Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.17 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 50.35% Memory free
6.33 Gb Paging File | 5.06 Gb Available in Paging File | 79.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 118.95 Gb Total Space | 79.68 Gb Free Space | 66.99% Space Free | Partition Type: NTFS

Computer Name: SCALAP0099 | User Name: TurnerAdmin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\WINDOWS\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.scr [@ = DWGTrueViewScriptFile] -- "" "%1"

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications]
"AllowUserPrefMerge" = 1
"Enabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List]
"%programfiles%\Altiris\Aclient\AClntusr.exe" = %programfiles%\Altiris\Aclient\AClntusr.exe
"%programfiles%\Microsoft ActiveSync\WCESCOMM.EXE:*:enabled:Connection Manager" = %programfiles%\Microsoft ActiveSync\WCESCOMM.EXE:*:enabled:Connection Manager
"%programfiles%\Microsoft Office\Office11\OUTLOOK.EXE:*:enabled:Outlook" = %programfiles%\Microsoft Office\Office11\OUTLOOK.EXE:*:enabled:Outlook
"%programfiles%\neoteris\secure application manager\gapsvc.exe:*:enabled:ASM Proxy" = %programfiles%\neoteris\secure application manager\gapsvc.exe:*:enabled:ASM Proxy

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]
"AllowUserPrefMerge" = 1
"Enabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]
"2000:TCP:*:enabled:DA Remote Management" = 2000:TCP:*:enabled:DA Remote Management
"2701:TCP:*:enabled:SCCM Remote Control" = 2701:TCP:*:enabled:SCCM Remote Control
"2702:TCP:*:enabled:SCCM Remote Control" = 2702:TCP:*:enabled:SCCM Remote Control
"2967:TCP:*:enabled:SAV" = 2967:TCP:*:enabled:SAV
"33345:UDP:*:Symantec AntiVirus Corporate Edition" = 33345:UDP:*:Symantec AntiVirus Corporate Edition

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings]
"AllowOutboundDestinationUnreachable" = 0
"AllowOutboundSourceQuench" = 0
"AllowRedirect" = 0
"AllowInboundEchoRequest" = 1
"AllowInboundRouterRequest" = 0
"AllowOutboundTimeExceeded" = 0
"AllowOutboundParameterProblem" = 0
"AllowInboundTimestampRequest" = 0
"AllowInboundMaskRequest" = 0
"AllowOutboundPacketTooBig" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings]
"Enabled" = 1
"RemoteAddresses" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop]
"Enabled" = 1
"RemoteAddresses" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications]
"AllowUserPrefMerge" = 1
"Enabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications\List]
"%programfiles%\Altiris\Aclient\AClntusr.exe" = %programfiles%\Altiris\Aclient\AClntusr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts]
"AllowUserPrefMerge" = 1
"Enabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts\List]
"2000:TCP:*:enabled:DA Remote Management" = 2000:TCP:*:enabled:DA Remote Management
"2967:TCP:*:enabled:SAV" = 2967:TCP:*:enabled:SAV

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\RemoteAdminSettings]
"Enabled" = 1
"RemoteAddresses" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" =

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BBF7FF1-2DEA-428C-9BE1-C31E1B908095}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{217FA1D1-A905-4A62-AA0C-6F63B517B08A}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{88D9F294-8ACF-4874-9036-ABB71134AE2B}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe |
"{F682C3E4-27C6-428A-BDC1-3E7F254F08C3}" = lport=3389 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D40FC02-BB8A-4264-BCFD-C0CDE1CE2215}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{0E0EAE53-19D1-4A59-B58E-A11D0433731A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{23CC7C74-A926-48D1-A30D-01D1E47460C0}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{26B98818-0522-4589-BF7E-5B1519422465}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{2F02722B-FD72-4514-B3EA-0A1D554C801C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{3F2BEA42-F579-4AB1-AB94-9FBC1B2EA025}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{4424B3C6-9CAB-46BE-B207-233D4903B60A}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{62FF1D97-6FCF-46B3-9226-7D80031575E9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{7B606B8D-CD61-4175-8E1D-C9C859AD6345}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{8863BA9F-A1EE-406D-B640-0DD81905BED6}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{8AA6EC04-AB64-4C6D-8F6E-2EE5E7E32D38}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{AC2AB56E-5D76-48A8-A50D-363FFA60471F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{BCEADE5D-4B37-419B-9790-F074DE1A1583}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{D35E0E2E-B51D-4626-8F31-236B55EF806D}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B713FB6-CB84-48C0-88B9-3C839F4AF967}" = GoToMeeting 5.5.1132 IT Installer
"{1F97432A-7823-4367-90C2-B586246D7BC0}" = Bluebeam Revu 10
"{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}" = Turner VPN Client June 2010
"{2609EDF1-34C4-4B03-B634-55F3B3BC4931}" = Configuration Manager Client
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{27EFA494-3C6A-4DC1-A3C0-B2A4A9B6B6ED}" = BPC
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EFCC193-D915-4CCB-9201-31773A27BC06}" = Symantec Endpoint Protection
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EFE837C-A05E-49EA-81D7-3A167FA8858F}" = Cisco WebEx Meeting Center for Internet Explorer
"{41A01180-D9FD-3428-9FD6-749F4C637CBF}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{41E8192A-115B-473E-8FAA-336F8BC85874}" = RxFilters3D
"{44D66AD9-AE19-4AFD-BE7E-A1B44C856697}" = MSXML4.0 redistributable
"{4E2FDB44-2840-4B09-BAD4-827C465B8226}" = Swiss Fonts
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BF1A952-17D0-4C3A-910D-03C7E13ACEDF}" = Meridian Systems Prolog WebSite 2007 R2 Client
"{6C64AB8C-F78B-45C0-98E3-6DE9702E0225}" = Microsoft Office Live Meeting 2007
"{73A98F4D-0234-4897-A9AE-5AF58950A5C1}" = SAP
"{7BD3DC6D-A2BE-4345-B6EE-D146193DB18F}" = Online Plug-in
"{82965C3C-43ED-4A69-B1D2-FC118197195B}" = Planning and Consolidation Client version for SAP Netweaver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9CC6F291-506D-450F-9895-93C05142DD27}" =
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2010 Primary Interop Assemblies
"{90140000-1146-0000-0000-0000000FF1CE}" = Microsoft Office 2010 Primary Interop Assemblies
"{9223BBDE-693D-4B5F-A1DE-C40C7D2E4C89}" = Adobe Flash Player 11 ActiveX
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A47A9101-6EB5-4314-BDA1-297880FBB908}" = Microsoft redistributable runtime DLLs VS2008 SP1(x86)
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B4157DE8-01D8-485E-9EE0-FFB021CA76BA}" = Meridian Systems Prolog Website 2007 R2 File Management Control
"{B85C9AAB-3F14-4012-82D5-D58E31C3B022}" = Turner Application Updates Dec 2010
"{BEF5B614-5652-49B5-90A0-7F47DABA0E9F}" = LEGATO EmailXtender Shortcut Addin 4.81
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CAFECAFE-0013-0001-0126-ABCDEFABCDEF}" = Oracle JInitiator 1.3.1.26
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CDAA8E70-36AB-451E-9A6C-23118B5185BD}" = SAPLogon.ini 3_14_12
"{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}" = vcredist_x86
"{E293D740-690F-4451-A536-F09AEB78B7D1}" = Prolog Submittal Registers
"{E42BDBF9-6466-41F5-BD88-E1401DE992C5}" = Turner DeepLinks
"{E9459BCF-0982-498B-ABA7-26C34323493F}" = Citrix Presentation Server Client - Web Only
"InstallShield_{1F97432A-7823-4367-90C2-B586246D7BC0}" = Bluebeam Revu 10
"InstallShield_{82965C3C-43ED-4A69-B1D2-FC118197195B}" = Planning and Consolidation Client version for SAP Netweaver
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"RWD Info Pak - Help Launchpad ActiveX" = RWD Info Pak - Help Launchpad ActiveX
"SAP_ECL" = ECL Viewer
"SAP_JNet" = SAP JNet
"SAP_WUS" = SAPSetup Automatic Workstation Update Service
"SAPBI" = SAP Business Explorer
"SAPGUI710" = SAP GUI for Windows 7.20
"TeamViewer 6 Host" = TeamViewer 6 Host
"Turner Screen Saver 2009" = Turner Screen Saver 2009

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/14/2013 11:14:57 AM | Computer Name = SCALAP0099.tcco.org | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

Error - 5/14/2013 12:08:00 PM | Computer Name = SCALAP0099.tcco.org | Source = Application Error | ID = 1000
Description = Faulting application name: EXCEL.EXE, version: 14.0.6024.1000, time
stamp: 0x4d83e607 Faulting module name: EXCEL.EXE, version: 14.0.6024.1000, time
stamp: 0x4d83e607 Exception code: 0xc0000005 Fault offset: 0x0027ff04 Faulting process
id: 0x1070 Faulting application start time: 0x01ce50baf89d90a5 Faulting application
path: C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE Faulting module path: C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE
Report
Id: 723f5671-bcb0-11e2-8754-446d57cca550

Error - 5/14/2013 12:15:16 PM | Computer Name = SCALAP0099.tcco.org | Source = Application Hang | ID = 1002
Description = The program saplogon.exe version 7200.1.2.1051 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 15b0 Start
Time: 01ce50b9e5ec7f39 Termination Time: 32 Application Path: C:\Program Files\SAP\FrontEnd\SAPgui\saplogon.exe

Report
Id: 73b351ac-bcb1-11e2-8754-446d57cca550

Error - 5/15/2013 11:20:44 AM | Computer Name = SCALAP0099.tcco.org | Source = WinMgmt | ID = 10
Description =

Error - 5/16/2013 10:17:28 AM | Computer Name = SCALAP0099.tcco.org | Source = WinMgmt | ID = 10
Description =

Error - 5/16/2013 11:02:03 AM | Computer Name = SCALAP0099.tcco.org | Source = WinMgmt | ID = 10
Description =

Error - 5/16/2013 7:25:53 PM | Computer Name = SCALAP0099.tcco.org | Source = WinMgmt | ID = 10
Description =

Error - 5/17/2013 2:25:16 PM | Computer Name = SCALAP0099.tcco.org | Source = WinMgmt | ID = 10
Description =

Error - 5/20/2013 10:40:26 AM | Computer Name = SCALAP0099.tcco.org | Source = WinMgmt | ID = 10
Description =

Error - 5/20/2013 11:06:19 AM | Computer Name = SCALAP0099.tcco.org | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 3/20/2013 11:21:15 AM | Computer Name = SCALAP0099.tcco.org | Source = DCOM | ID = 10016
Description =

Error - 3/21/2013 11:03:26 AM | Computer Name = SCALAP0099.tcco.org | Source = DCOM | ID = 10016
Description =

Error - 3/21/2013 3:18:26 PM | Computer Name = SCALAP0099.tcco.org | Source = bowser | ID = 8003
Description =

Error - 3/22/2013 11:28:39 AM | Computer Name = SCALAP0099.tcco.org | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
in domain TCCO due to the following: %%1311 This may lead to authentication problems.
Make sure that this computer is connected to the network. If the problem persists,
please
contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller
for the specified domain, it sets up the secure session to the primary domain controller
emulator in the specified domain. Otherwise, this computer sets up the secure session
to any domain controller in the specified domain.

Error - 3/22/2013 11:29:20 AM | Computer Name = SCALAP0099.tcco.org | Source = DCOM | ID = 10016
Description =

Error - 3/22/2013 11:36:52 AM | Computer Name = SCALAP0099.tcco.org | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 3/22/2013 11:36:52 AM | Computer Name = SCALAP0099.tcco.org | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.

Error - 3/22/2013 11:36:52 AM | Computer Name = SCALAP0099.tcco.org | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 3/22/2013 11:36:52 AM | Computer Name = SCALAP0099.tcco.org | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.

Error - 3/22/2013 3:01:19 PM | Computer Name = SCALAP0099.tcco.org | Source = DCOM | ID = 10016
Description =


< End of report >
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP