OTL logfile created on: 6/4/2013 6:56:58 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\pamato\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.16 Gb Total Physical Memory | 1.98 Gb Available Physical Memory | 62.60% Memory free
6.33 Gb Paging File | 4.47 Gb Available in Paging File | 70.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 117.19 Gb Total Space | 52.40 Gb Free Space | 44.72% Space Free | Partition Type: NTFS
Drive E: | 115.70 Gb Total Space | 113.99 Gb Free Space | 98.52% Space Free | Partition Type: NTFS
Computer Name: ENPUSREML0278 | User Name: pamato | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\pamato\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
PRC - C:\Program Files\Nuance\PDF Professional 7\PDFProFiltSrv.exe (Nuance Communications, Inc.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\MANDIANT\MANDIANT Intelligent Response Agent\miragent.exe ()
PRC - c:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe ()
PRC - C:\Program Files\Pointsec\Pointsec for PC\P95tray.exe (Check Point Software Tech Ltd)
PRC - C:\Windows\System32\Prot_srv.exe (Check Point Software Tech Ltd)
PRC - C:\Windows\System32\pstartSr.exe (Check Point Software Tech Ltd)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\LANDesk\LDClient\rcgui.exe (LANDesk Software, Ltd.)
PRC - C:\Program Files\Common Files\Check Point\UIFramework\cptray.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Flexera Software, Inc.)
PRC - C:\ProgramData\FLEXnet\Connect\11\agent.exe (Flexera Software, Inc.)
PRC - C:\Program Files\LANDesk\LDClient\SoftMon.exe (LANDesk Software, Ltd.)
PRC - C:\Program Files\LANDesk\LDClient\tmcsvc.exe (LANDesk Software, Ltd.)
PRC - C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe (LANDesk Software, Ltd.)
PRC - C:\Program Files\LANDesk\LDClient\issuser.exe (LANDesk Software, Ltd.)
PRC - C:\Program Files\LANDesk\LDClient\LocalSch.EXE (LANDesk Software, Ltd.)
PRC - C:\Program Files\LANDesk\LDClient\collector.exe (LANDesk Software, Ltd.)
PRC - C:\Windows\System32\drivers\o2flash.exe (O2Micro International)
PRC - C:\Program Files\LANDesk\Shared Files\residentAgent.exe (LANDesk Software, Ltd.)
PRC - C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
PRC - C:\Windows\System32\regsvr32.exe (Microsoft Corporation)
PRC - C:\Windows\System32\cba\pds.exe (LANDesk Software Ltd.)
========== Modules (No Company Name) ==========
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\4d6518ef6ae8d6f005c49ab1c86de7fe\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ab54c04b3df40416205883b4049fe273\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Windows\System32\IccLibDll.dll ()
========== Services (SafeList) ==========
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (cphs) -- C:\Windows\System32\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (SmcService) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ZeroConfigService) -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel® Corporation)
SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (PDFProFiltSrv) -- C:\Program Files\Nuance\PDF Professional 7\PDFProFiltSrv.exe (Nuance Communications, Inc.)
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Flexera Software, Inc.)
SRV - (IRA) -- C:\Program Files\MANDIANT\MANDIANT Intelligent Response Agent\miragent.exe ()
SRV - (vpnagent) -- c:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (Autodesk Content Service) -- C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe ()
SRV - (Pointsec) -- C:\Windows\System32\Prot_srv.exe (Check Point Software Tech Ltd)
SRV - (Pointsec_start) -- C:\Windows\System32\pstartSr.exe (Check Point Software Tech Ltd)
SRV - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (Softmon) -- C:\Program Files\LANDesk\LDClient\SoftMon.exe (LANDesk Software, Ltd.)
SRV - (Intel Targeted Multicast) -- C:\Program Files\LANDesk\LDClient\tmcsvc.exe (LANDesk Software, Ltd.)
SRV - (LANDesk Policy Invoker) -- C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe (LANDesk Software, Ltd.)
SRV - (ISSUSER) -- C:\Program Files\LANDesk\LDClient\issuser.exe (LANDesk Software, Ltd.)
SRV - (Intel Local Scheduler Service) -- C:\Program Files\LANDesk\LDClient\LocalSch.EXE (LANDesk Software, Ltd.)
SRV - (O2FLASH) -- C:\Windows\System32\drivers\o2flash.exe (O2Micro International)
SRV - (CBA8) -- C:\Program Files\LANDesk\Shared Files\residentAgent.exe (LANDesk Software, Ltd.)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Intel PDS) -- C:\Windows\System32\cba\pds.exe (LANDesk Software Ltd.)
========== Driver Services (SafeList) ==========
DRV - (catchme) -- C:\Users\pamato\AppData\Local\Temp\catchme.sys File not found
DRV - (Acceler) -- system32\DRIVERS\Accelern.sys File not found
DRV - (Mandiant_Tools) -- C:\Program Files\MANDIANT\MANDIANT Intelligent Response Agent\mktools.sys ()
DRV - (gfibto) -- C:\Windows\System32\drivers\gfibto.sys (GFI Software)
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20130604.003\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20130604.003\NAVENG.SYS (Symantec Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LEqdUsb) -- C:\Windows\System32\drivers\LEqdUsb.sys (Logitech, Inc.)
DRV - (LHidEqd) -- C:\Windows\System32\drivers\LHidEqd.sys (Logitech, Inc.)
DRV - (WpsHelper) -- C:\Windows\System32\drivers\wpshelper.sys (Symantec Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (e1cexpress) -- C:\Windows\System32\drivers\e1c6232.sys (Intel Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (Ser2plx86) -- C:\Windows\System32\drivers\ser2pl.sys (Prolific Technology Inc.)
DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SysPlant) -- C:\Windows\System32\drivers\SysPlant.sys (Symantec Corporation)
DRV - (WPS) -- C:\Windows\System32\drivers\WPSDRVnt.sys (Symantec Corporation)
DRV - (Teefer3) -- C:\Windows\System32\drivers\Teefer3.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)
DRV - (IntcDAud) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV - (dc3d) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)
DRV - (NETwNs32) -- C:\Windows\System32\drivers\Netwsn00.sys (Intel Corporation)
DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.)
DRV - (acsock) -- C:\Windows\System32\drivers\acsock.sys (Cisco Systems, Inc.)
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()
DRV - (AX88772) -- C:\Windows\System32\drivers\ax88772.sys (ASIX Electronics Corp.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (O2MDRRDR) -- C:\Windows\System32\drivers\O2MDRw7.sys (O2Micro )
DRV - (NETwNx32) -- C:\Windows\System32\drivers\NETwNx32.sys (Intel Corporation)
DRV - (nusb3xhc) -- C:\Windows\System32\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV - (nusb3hub) -- C:\Windows\System32\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (prot_2k) -- C:\Windows\System32\drivers\prot_2k.sys (Check Point Software Tech Ltd)
DRV - (NewMisc) -- C:\Windows\System32\drivers\newmisc.sys (Panasonic Corporation)
DRV - (MEI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (cvusbdrv) -- C:\Windows\System32\drivers\cvusbdrv.sys (Broadcom Corporation)
DRV - (ldblank) -- C:\Windows\System32\drivers\ldblank.sys (Avocent Corporation)
DRV - (mirrorflt) -- C:\Windows\System32\drivers\mirrorflt.sys (Avocent Corporation)
DRV - (ldmirror) -- C:\Windows\System32\drivers\ldmirror.sys (Avocent Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (HOTKEY) -- C:\Windows\System32\drivers\hotkey.sys (Panasonic Corporation)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV - (avpnnic) -- C:\Windows\System32\drivers\avpnnic.sys (AT&T)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 37 82 64 33 D4 8C CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 169.254.1.1;*.ascopower.*;*.ascoswitch.com;*.enps.com;*.liebert.com;*.emrsn.org;*.learninglogin.com;155.104.*;10.*;192.168.*;*.emerson.*;*.msftncsi.com;*.careermap.net;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = enpusfpkinf01:8080
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files\Nuance\PDF Professional 7\bin\nppdf.dll (Zeon Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\
[email protected]: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013/05/24 08:17:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013/03/20 15:19:51 | 000,000,000 | ---D | M]
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google
riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
http://google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: DocuCom PDF Plus (Enabled) = C:\Program Files\Nuance\PDF Professional 7\bin\nppdf.dll
CHR - plugin: Java(TM) Platform SE 7 U4 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: iTunes Application Detector (Enabled) = E:\Mozilla Plugins\npitunes.dll
CHR - Extension: Google Docs = C:\Users\pamato\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\pamato\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\pamato\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\pamato\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Logitech SetPoint = C:\Users\pamato\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd\6.52.74_0\
CHR - Extension: Lavasoft NewTab = C:\Users\pamato\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole\0.8_0\
CHR - Extension: Ad-Aware Security Add-on = C:\Users\pamato\AppData\Local\Google\Chrome\User Data\Default\Extensions\phegaokedjdajgnfphbnpkcfdgjbidko\1.0.0.6_0\
CHR - Extension: Gmail = C:\Users\pamato\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2013/05/31 17:37:35 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Professional 7\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDF Professional 7\bin\ZeonIEFavClient.dll (Zeon Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (DocuCom PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Professional 7\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Check Point Endpoint Tray Application] C:\Program Files\Common Files\Check Point\UIFramework\cptray.exe (Check Point Software Technologies LTD)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] c:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelPROSet] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe (Flexera Software, Inc.)
O4 - HKLM..\Run: [Nuance PDF Converter Professional 7-reminder] C:\Program Files\Nuance\PDF Professional 7\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Pointsec Tray] C:\Program Files\Pointsec\Pointsec for PC\P95tray.exe (Check Point Software Tech Ltd)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Flexera Software, Inc.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Widcomm] C:\Windows\System32\regsvr32.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DefaultLogonDomain = EMRSN
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\kerberos\parameters: supportedencryptiontypes = 2147483647
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append the content of the link to existing PDF file - C:\Program Files\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append the content of the selected links to existing PDF file - C:\Program Files\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to existing PDF file - C:\Program Files\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Create PDF file - C:\Program Files\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file from the content of the link - C:\Program Files\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF files from the selected links - C:\Program Files\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Open with Nuance PDF Converter 7 - C:\Program Files\Nuance\PDF Professional 7\cnvres_eng.dll (Nuance Communications, Inc.)
O8 - Extra context menu item: Open with PDF Professional 7 - C:\Program Files\Nuance\PDF Professional 7\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5}
http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.48.146.16 10.48.146.81
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = emrsn.org
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE19E7CD-0036-42B8-947B-2A33D51CC9B3}: DhcpNameServer = 10.48.146.16 10.48.146.81
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F39B21CE-17BD-4563-BC8F-26C93DDA032C}: Domain = emrsn.org
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F39B21CE-17BD-4563-BC8F-26C93DDA032C}: NameServer = 10.16.64.11,10.20.64.11
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (pssogina.dll) - File not found
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\615\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/06/04 17:40:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\pamato\Desktop\OTL.exe
[2013/06/04 08:23:51 | 000,000,000 | ---D | C] -- C:\Users\pamato\Desktop\Malwarebytes Anti-Malware Pro v1.75.0.1300 Incl Keygen-BRD [TorDigger]
[2013/06/02 16:15:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/06/02 16:13:15 | 000,000,000 | ---D | C] -- C:\Users\pamato\Desktop\mbar
[2013/05/31 18:04:39 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/05/31 17:37:37 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/05/31 17:29:45 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/05/31 17:18:03 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013/05/31 16:41:09 | 000,000,000 | ---D | C] -- C:\Users\pamato\Desktop\LAX 5-31-13
[2013/05/31 16:39:37 | 000,000,000 | ---D | C] -- C:\Users\pamato\Desktop\Centinela Pics
[2013/05/31 15:32:50 | 000,000,000 | ---D | C] -- C:\Users\pamato\Desktop\Vanguard
[2013/05/31 13:50:56 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\pamato\Desktop\tdsskiller.exe
[2013/05/31 13:48:17 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013/05/31 11:54:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/05/31 11:54:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/05/31 11:54:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/05/31 11:52:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/05/31 11:52:05 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/05/31 10:24:39 | 000,000,000 | ---D | C] -- C:\Users\pamato\Desktop\600 Wilshire
[2013/05/31 10:22:00 | 005,076,038 | R--- | C] (Swearware) -- C:\Users\pamato\Desktop\ComboFix.exe
[2013/05/31 09:02:24 | 000,000,000 | ---D | C] -- C:\found.001
[2013/05/31 08:21:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/05/31 08:21:54 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/05/31 08:21:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/05/31 07:55:26 | 000,000,000 | ---D | C] -- C:\found.000
[2013/05/30 17:50:45 | 000,000,000 | ---D | C] -- C:\Users\pamato\AppData\Local\adawarebp
[2013/05/30 17:50:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2013/05/30 17:07:45 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/05/30 16:46:56 | 000,000,000 | ---D | C] -- C:\Users\pamato\AppData\Roaming\Malwarebytes
[2013/05/30 16:46:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/05/30 16:46:31 | 000,000,000 | ---D | C] -- C:\Users\pamato\AppData\Local\Programs
[2013/05/30 16:37:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\anvisoft
[2013/05/30 16:37:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Anvisoft
[2013/05/30 16:37:43 | 000,000,000 | ---D | C] -- C:\Program Files\Anvisoft
[2013/05/30 14:13:04 | 000,000,000 | ---D | C] -- C:\Users\pamato\AppData\Roaming\wabEventSupport16
[2013/05/30 13:59:41 | 000,000,000 | ---D | C] -- C:\Users\pamato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
[2013/05/29 06:37:50 | 000,000,000 | ---D | C] -- C:\Users\pamato\Desktop\May 2013
[2013/05/25 01:46:17 | 000,000,000 | ---D | C] -- C:\Users\pamato\Desktop\car
[2013/05/23 20:47:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013/05/22 21:06:03 | 000,000,000 | ---D | C] -- C:\Users\pamato\Desktop\IS628
[2013/05/21 23:03:00 | 000,000,000 | ---D | C] -- C:\Users\pamato\AppData\Local\Widcomm
[2013/05/06 00:00:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel Corporation
[2011/12/28 11:34:53 | 054,579,096 | ---- | C] (Dell Inc.) -- C:\Users\pamato\AppData\Roaming\NIC_DRVR_WIN_R292653.EXE
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/06/04 18:53:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/04 18:23:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/04 17:40:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\pamato\Desktop\OTL.exe
[2013/06/04 11:55:40 | 000,663,222 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/06/04 11:55:40 | 000,122,058 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/06/04 11:20:58 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_netaapl_01009.Wdf
[2013/06/04 08:25:08 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/03 18:20:43 | 000,036,656 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/03 18:20:43 | 000,036,656 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/03 18:13:06 | 2548,711,424 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/31 17:37:35 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/05/31 17:02:56 | 000,108,786 | ---- | M] () -- C:\Users\pamato\Desktop\754578-051_C.pdf
[2013/05/31 14:42:32 | 000,066,816 | ---- | M] () -- C:\Users\pamato\Desktop\VA livermore invoice.pdf
[2013/05/31 13:51:06 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\pamato\Desktop\tdsskiller.exe
[2013/05/31 10:22:03 | 005,076,038 | R--- | M] (Swearware) -- C:\Users\pamato\Desktop\ComboFix.exe
[2013/05/31 09:10:24 | 000,632,031 | ---- | M] () -- C:\Users\pamato\Desktop\adwcleaner.exe
[2013/05/30 17:49:43 | 000,044,424 | ---- | M] (GFI Software) -- C:\Windows\System32\sbbd.exe
[2013/05/30 17:49:43 | 000,013,560 | ---- | M] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[2013/05/30 17:17:18 | 000,030,464 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro37.sys
[2013/05/28 10:37:19 | 001,069,415 | ---- | M] () -- C:\Users\pamato\Desktop\617421-036_-.pdf
[2013/05/24 08:17:45 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Standard.lnk
[2013/05/23 17:47:39 | 000,047,402 | RHS- | M] () -- C:\Users\pamato\ntuser.pol
[2013/05/23 17:45:13 | 000,000,198 | ---- | M] () -- C:\adinfo.ldf
[2013/05/23 17:44:59 | 000,038,178 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013/05/16 18:50:50 | 000,008,192 | ---- | M] () -- C:\Users\pamato\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/05/15 15:37:30 | 000,004,096 | -H-- | M] () -- C:\Users\pamato\AppData\Local\keyfile3.drm
[2013/05/14 22:00:51 | 000,487,736 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/06/04 11:20:58 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_netaapl_01009.Wdf
[2013/05/31 17:02:58 | 000,108,786 | ---- | C] () -- C:\Users\pamato\Desktop\754578-051_C.pdf
[2013/05/31 14:42:31 | 000,066,816 | ---- | C] () -- C:\Users\pamato\Desktop\VA livermore invoice.pdf
[2013/05/31 11:54:19 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/05/31 11:54:18 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/05/31 11:54:18 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/05/31 11:54:18 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/05/31 11:54:18 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/05/31 09:10:19 | 000,632,031 | ---- | C] () -- C:\Users\pamato\Desktop\adwcleaner.exe
[2013/05/31 08:21:56 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/30 17:17:18 | 000,030,464 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro37.sys
[2013/05/28 10:37:09 | 001,069,415 | ---- | C] () -- C:\Users\pamato\Desktop\617421-036_-.pdf
[2013/05/24 08:17:45 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat X Standard.lnk
[2013/05/15 15:37:30 | 000,004,096 | -H-- | C] () -- C:\Users\pamato\AppData\Local\keyfile3.drm
[2013/04/04 04:33:39 | 000,272,928 | ---- | C] () -- C:\Windows\System32\igvpkrng600.bin
[2013/04/04 04:33:37 | 000,963,452 | ---- | C] () -- C:\Windows\System32\igcodeckrng600.bin
[2013/04/04 04:33:37 | 000,064,512 | ---- | C] () -- C:\Windows\System32\igdde32.dll
[2013/04/04 04:33:37 | 000,009,728 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2013/04/04 04:33:37 | 000,000,259 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2013/02/13 22:25:17 | 000,000,702 | ---- | C] () -- C:\Users\pamato\.jscreenfix.licence
[2012/10/23 22:36:58 | 000,017,776 | ---- | C] () -- C:\Windows\EvtMessage.dll
[2012/06/27 11:51:10 | 000,008,192 | ---- | C] () -- C:\Users\pamato\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/23 08:04:44 | 000,010,009 | ---- | C] () -- C:\Windows\agnslang.ini
[2011/11/30 00:12:43 | 000,233,612 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/11/17 07:43:45 | 000,094,208 | ---- | C] () -- C:\Windows\System32\ldcred.dll
[2011/11/16 01:14:12 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2011/10/21 19:02:47 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2011/10/21 07:24:20 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2011/10/17 11:11:13 | 000,963,116 | ---- | C] () -- C:\Windows\System32\igkrng600.bin
[2011/10/17 11:11:12 | 000,218,304 | ---- | C] () -- C:\Windows\System32\igfcg600m.bin
[2011/10/17 11:11:11 | 000,145,804 | ---- | C] () -- C:\Windows\System32\igcompkrng600.bin
[2011/10/17 11:11:11 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2011/10/17 10:47:22 | 000,000,017 | -H-- | C] () -- C:\Users\pamato\AppData\Local\resmon.resmoncfg
[2011/10/17 06:44:27 | 000,047,402 | RHS- | C] () -- C:\Users\pamato\ntuser.pol
[2011/10/13 07:06:35 | 000,000,147 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/06/09 09:09:04 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/06/09 08:59:24 | 000,038,178 | RHS- | C] () -- C:\ProgramData\ntuser.pol
========== ZeroAccess Check ==========
[2009/07/13 21:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"" = %SystemRoot%\system32\SHELL32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 18:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012/03/31 21:37:38 | 000,000,000 | ---D | M] -- C:\Users\pamato\AppData\Roaming\Audacity
[2011/10/27 15:34:52 | 000,000,000 | ---D | M] -- C:\Users\pamato\AppData\Roaming\Autodesk
[2012/10/22 20:16:51 | 000,000,000 | ---D | M] -- C:\Users\pamato\AppData\Roaming\foobar2000
[2012/03/02 13:58:07 | 000,000,000 | ---D | M] -- C:\Users\pamato\AppData\Roaming\IrfanView
[2013/03/20 15:20:48 | 000,000,000 | ---D | M] -- C:\Users\pamato\AppData\Roaming\Leadertech
[2012/05/14 13:09:29 | 000,000,000 | ---D | M] -- C:\Users\pamato\AppData\Roaming\Nuance
[2011/12/04 13:27:31 | 000,000,000 | ---D | M] -- C:\Users\pamato\AppData\Roaming\OverDrive
[2012/04/02 08:19:52 | 000,000,000 | ---D | M] -- C:\Users\pamato\AppData\Roaming\TeamViewer
[2013/05/30 14:13:04 | 000,000,000 | ---D | M] -- C:\Users\pamato\AppData\Roaming\wabEventSupport16
[2011/10/19 22:14:13 | 000,000,000 | ---D | M] -- C:\Users\pamato\AppData\Roaming\
www.shadowexplorer.com
[2012/05/09 14:35:45 | 000,000,000 | ---D | M] -- C:\Users\pamato\AppData\Roaming\Zeon
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 242 bytes -> C:\ProgramData\TEMP:0574215C
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP
95ACC7D
< End of report >