Hi,
I get download prompts "Do you want to open or save this file ?" like the one shown in attachment with this post.
I did not try to download this still i get this prompt again and again and it is annoying.
I searched on net and read about set path to temporary internet files in 'Internet options' but this didn't work for me.
Is this a kind of virus or malicious software ?
Please help me stop this message.
Thanks a lot
Does this always happen with files that have the ending .png? Your browser should be displaying them as images within the webpage. When did this first start?
Hello new99661 and welcome to the forums
I am currently half way through a malware removal degree so I will be unable to help you with your problem if it is malware. Can you do the following for us please?
Download DDS by sUBs to your desktop.
Your antivirus software might question the file. If it does, turn it off please :)
- Double click DDS.scr to run it and wait for the scan to finish
- When finished DDS.txt will open
- A small while later, a prompt will open. Answer Yes
- DDS will continue scanning
- When done, Attach.txt will open
- Post DDS.txt and attach Attach.txt
This will give us a little more information about your problem :)
Tom
Hi tom982,
Download DDS by sUBs to your desktop.
i turned off my anti virus but still windows security is not allowing to run this software
Hmm, that's odd. Let's give OTL a go then:
OTL
Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Standard Registry box change it to All.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
otl.txt
OTL logfile created on: 10/26/2011 12:27:08 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\otl
Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: mycountry | Language: ENU | Date Format: M/d/yyyy
895.30 Mb Total Physical Memory | 239.88 Mb Available Physical Memory | 26.79% Memory free
1.87 Gb Paging File | 1.19 Gb Available in Paging File | 63.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 5.84 Gb Free Space | 5.23% Space Free | Partition Type: NTFS
Drive E: | 7.53 Gb Total Space | 3.14 Gb Free Space | 41.72% Space Free | Partition Type: FAT32
Computer Name: MySystemName | User Name: UserName | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\otl\OTL.exe (OldTimer Tools)
PRC - C:\Users\UserName\AppData\Roaming\Adobe\pdfclient.exe (Adobe® Systems Incorporated)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - c:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - c:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (Symantec Corporation)
PRC - c:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
PRC - c:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\CCM\CcmExec.exe (Microsoft Corporation)
PRC - C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Windows\System32\kdmquwer.dll ()
========== Win32 Services (SafeList) ==========
SRV - (ONETWO) -- File not found
SRV - (svajnag) -- C:\Windows\System32\drivers\svajnager.exe (Cronosoft)
SRV - (hvdrcuwh) -- C:\Windows\System32\kdmquwer.dll ()
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (vpnagent) -- c:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (ccSetMgr) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (SNAC) -- c:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE (Symantec Corporation)
SRV - (SmcService) -- c:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (Symantec AntiVirus) -- c:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (CcmExec) -- C:\Windows\System32\CCM\CcmExec.exe (Microsoft Corporation)
SRV - (AEADIFilters) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
========== Driver Services (SafeList) ==========
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110901.024\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110901.024\NAVENG.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (hpdskflt) -- C:\Windows\system32\DRIVERS\hpdskflt.sys (Hewlett-Packard Company)
DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV - (ATSwpWDF) -- C:\Windows\System32\drivers\ATSwpWDF.sys (AuthenTec, Inc.)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (prepdrvr) -- C:\Windows\System32\CCM\PrepDrv.sys (Microsoft Corporation)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://securityresponse.symantec.com.../fix_homepage/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://securityresponse.symantec.com.../fix_homepage/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://securityresponse.symantec.com.../fix_homepage/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/enterprise/s...onse/index.jsp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/enterprise/s...onse/index.jsp
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://proxy/proxy.pac
========== FireFox ==========
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.5.0.12
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.19
FF - prefs.js..extensions.enabledItems: {D46E8522-6E86-44b1-A622-58C0668AD78E}:3.6.0
FF - prefs.js..network.proxy.autoconfig_url: "http://proxy/proxy.pac"
FF - prefs.js..network.proxy.backup.ftp: "bngproxy"
FF - prefs.js..network.proxy.backup.ftp_port: 74
FF - prefs.js..network.proxy.backup.gopher: "ausproxy"
FF - prefs.js..network.proxy.backup.gopher_port: 74
FF - prefs.js..network.proxy.backup.socks: "bngproxy"
FF - prefs.js..network.proxy.backup.socks_port: 74
FF - prefs.js..network.proxy.backup.ssl: "bngproxy"
FF - prefs.js..network.proxy.backup.ssl_port: 74
FF - prefs.js..network.proxy.ftp: "bngproxy"
FF - prefs.js..network.proxy.ftp_port: 74
FF - prefs.js..network.proxy.gopher: "bngproxy"
FF - prefs.js..network.proxy.gopher_port: 74
FF - prefs.js..network.proxy.http: "bngproxy"
FF - prefs.js..network.proxy.http_port: 74
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "bngproxy"
FF - prefs.js..network.proxy.socks_port: 74
FF - prefs.js..network.proxy.ssl: "bngproxy"
FF - prefs.js..network.proxy.ssl_port: 74
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\UserName\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\UserName\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\UserName\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\UserName\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/06/02 23:17:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/24 22:21:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/28 23:35:42 | 000,000,000 | ---D | M]
[2010/05/11 17:17:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UserName\AppData\Roaming\mozilla\Extensions
[2010/05/11 17:17:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UserName\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/10/16 14:21:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UserName\AppData\Roaming\mozilla\Firefox\Profiles\ym5hn3fu.default\extensions
[2010/10/02 10:12:35 | 000,000,000 | ---D | M] (Picnik) -- C:\Users\UserName\AppData\Roaming\mozilla\Firefox\Profiles\ym5hn3fu.default\extensions\{5b1fdac4-a239-4933-9c52-b65a2a720b75}
[2011/09/25 14:05:29 | 000,000,000 | ---D | M] (Classic Compact) -- C:\Users\UserName\AppData\Roaming\mozilla\Firefox\Profiles\ym5hn3fu.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}
[2011/07/16 15:54:04 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\UserName\AppData\Roaming\mozilla\Firefox\Profiles\ym5hn3fu.default\extensions\engine@condui t.com
[2011/09/25 14:05:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UserName\AppData\Roaming\mozilla\Firefox\Profiles\ym5hn3fu.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}\chrome\mozapps\extensions
[2011/09/25 14:05:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UserName\AppData\Roaming\mozilla\Firefox\Profiles\ym5hn3fu.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}\chrome\mozapps\extensions\in-contentUI
[2011/09/24 12:14:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/24 22:21:08 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/02/06 19:35:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/12 15:10:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/10/24 22:21:07 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/04/10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/11/06 11:37:34 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2010/06/02 23:17:39 | 000,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2010/06/02 23:18:10 | 000,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2010/06/02 23:17:28 | 000,098,304 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2011/10/24 22:21:03 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2011/10/24 22:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/10/24 22:21:03 | 000,001,131 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2011/10/24 22:21:03 | 000,002,364 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2011/10/24 22:21:03 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2011/10/24 22:21:03 | 000,001,096 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml
========== Chrome ==========
Hosts file not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {B8631B48-2603-4CC5-D9A3-22326B93CAD1} - C:\Windows\System32\kdmquwer.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" File not found
O4 - HKLM..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe" File not found
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe File not found
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" File not found
O4 - HKLM..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe File not found
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot File not found
O4 - HKLM..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe File not found
O4 - HKLM..\Run: [Yahoo Messenger] File not found
O4 - HKCU..\Run: [Adobe® PDF Plug-in Update Tool] C:\Users\UserName\AppData\Roaming\Adobe\pdfclient.exe (Adobe® Systems Incorporated)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" File not found
O4 - HKCU..\Run: [Google Update] "C:\Users\UserName\AppData\Local\Google\Update\GoogleUpdate.exe" /c File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: SXC = C:\Windows\Sxc\svchost.exe
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\kerberos\parameters: supportedencryptiontypes = 2147483647
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NofolderOptions = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: mydomain.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: mydomain.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: mydomain.com ([cpg] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mydomain.com ([cpgportal] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mydomain.com ([cpgproject] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mydomain.com ([gcsfm] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mydomain.com ([gisportal] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mydomain.com ([hcldms] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mydomain.com ([mss] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mydomain.com ([mssportal] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mydomain.com ([project] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mydomain.com ([sapcitrix] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mydomain.com ([wrms] https in Local intranet)
O15 - HKLM\..Trusted Domains: mydomain.com ([wrms] https in Trusted sites)
O15 - HKLM\..Trusted Domains: asiaespec ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: ausb3rmwp01 ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: aus-v-cmp ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: aus-v-cmp ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: cdw ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: cdw.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: citrixwebqa ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: conrad.de ([www1.business] http in Trusted sites)
O15 - HKLM\..Trusted Domains: corporateexpress.de ([connect] http in Trusted sites)
O15 - HKLM\..Trusted Domains: cpg ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: cpgportal ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: cpgproject ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: csgpweb2 ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: gisportal ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: hagemeyerce.com ([down] http in Trusted sites)
O15 - HKLM\..Trusted Domains: hcldms ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: hoffmann-gmbh.de ([de] http in Trusted sites)
O15 - HKLM\..Trusted Domains: insight.ca ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: insight.ca ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: insight.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: insight.com ([uk] http in Trusted sites)
O15 - HKLM\..Trusted Domains: insight.com ([uk] https in Trusted sites)
O15 - HKLM\..Trusted Domains: insight.com ([www.corp] http in Trusted sites)
O15 - HKLM\..Trusted Domains: insight.com ([www.marketplace.corp] https in Trusted sites)
O15 - HKLM\..Trusted Domains: kroschke.com ([shop] http in Trusted sites)
O15 - HKLM\..Trusted Domains: metafore.ca ([e-buy] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mrose24.de ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mss ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: mssportal ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: mutiaranet ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: myie6 ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: myithelp ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: myprojects ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: myprojectteams ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: myqs ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: myteams ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: myteamsdrs ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: myteamssgp ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: mywork ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: pngqssts ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: printmedia.de ([vubt001] http in Trusted sites)
O15 - HKLM\..Trusted Domains: project ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: qualitycenter ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: rs-components.com ([order] http in Trusted sites)
O15 - HKLM\..Trusted Domains: sapcitrix ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: schweitzer-online.de ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: shi.com ([roundtrip] http in Trusted sites)
O15 - HKLM\..Trusted Domains: spngmes01 ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: spngweb5 ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: ssgpopt13 ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: storesonline ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: swagelok.com ([b2b-de] http in Trusted sites)
O15 - HKLM\..Trusted Domains: thgeyer.de ([www] https in Trusted sites)
O15 - HKLM\..Trusted Domains: vwr.com ([de] http in Trusted sites)
O15 - HKCU\..Trusted Domains: mydomain.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mydomain.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: mydomain.com ([cpg] http in Trusted sites)
O15 - HKCU\..Trusted Domains: mydomain.com ([cpgportal] http in Trusted sites)
O15 - HKCU\..Trusted Domains: mydomain.com ([cpgproject] http in Trusted sites)
O15 - HKCU\..Trusted Domains: mydomain.com ([gcsfm] http in Trusted sites)
O15 - HKCU\..Trusted Domains: mydomain.com ([gisportal] http in Trusted sites)
O15 - HKCU\..Trusted Domains: mydomain.com ([hcldms] http in Trusted sites)
O15 - HKCU\..Trusted Domains: mydomain.com ([mss] http in Trusted sites)
O15 - HKCU\..Trusted Domains: mydomain.com ([mssportal] http in Trusted sites)
O15 - HKCU\..Trusted Domains: mydomain.com ([myemail] http in Trusted sites)
O15 - HKCU\..Trusted Domains: mydomain.com ([MyHR] http in Trusted sites)
O15 - HKCU\..Trusted Domains: mydomain.com ([myprojects] http in Trusted sites)
O15 - HKCU\..Trusted Domains: mydomain.com ([myprojectteams] http in Trusted sites)
O15 - HKCU\..Trusted Domains: mydomain.com ([myteams] http in Trusted sites)
O15 - HKCU\..Trusted Domains: mydomain.com ([mywork] http in Trusted sites)
O15 - HKCU\..Trusted Domains: mydomain.com ([project] http in Trusted sites)
O15 - HKCU\..Trusted Domains: mydomain.com ([sapcitrix] http in Trusted sites)
O15 - HKCU\..Trusted Domains: mydomain.com ([wrms] https in Local intranet)
O15 - HKCU\..Trusted Domains: mydomain.com ([wrms] https in Trusted sites)
O15 - HKCU\..Trusted Domains: asiaespec ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: ausb3rmwp01 ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: aus-v-cmp ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: aus-v-cmp ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: cdw ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: cdw.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: citrixwebqa ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: conrad.de ([www1.business] http in Trusted sites)
O15 - HKCU\..Trusted Domains: corporateexpress.de ([connect] http in Trusted sites)
O15 - HKCU\..Trusted Domains: cpg ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: cpgportal ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: cpgproject ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: csgpweb2 ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: gisportal ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: hagemeyerce.com ([down] http in Trusted sites)
O15 - HKCU\..Trusted Domains: hcldms ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: hoffmann-gmbh.de ([de] http in Trusted sites)
O15 - HKCU\..Trusted Domains: insight.ca ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: insight.ca ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: insight.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: insight.com ([uk] http in Trusted sites)
O15 - HKCU\..Trusted Domains: insight.com ([uk] https in Trusted sites)
O15 - HKCU\..Trusted Domains: insight.com ([www.corp] http in Trusted sites)
O15 - HKCU\..Trusted Domains: insight.com ([www.marketplace.corp] https in Trusted sites)
O15 - HKCU\..Trusted Domains: kroschke.com ([shop] http in Trusted sites)
O15 - HKCU\..Trusted Domains: metafore.ca ([e-buy] http in Trusted sites)
O15 - HKCU\..Trusted Domains: mrose24.de ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: mss ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mssportal ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mutiaranet ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: MyHR ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: myie6 ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: myithelp ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: myprojects ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: myprojectteams ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: myqs ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: myteams ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: myteamsdrs ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: myteamssgp ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mywork ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: pngqssts ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: printmedia.de ([vubt001] http in Trusted sites)
O15 - HKCU\..Trusted Domains: project ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: qualitycenter ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: rs-components.com ([order] http in Trusted sites)
O15 - HKCU\..Trusted Domains: sapcitrix ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: schweitzer-online.de ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: shi.com ([roundtrip] http in Trusted sites)
O15 - HKCU\..Trusted Domains: spngmes01 ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: spngweb5 ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: ssgpopt13 ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: storesonline ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: swagelok.com ([b2b-de] http in Trusted sites)
O15 - HKCU\..Trusted Domains: thgeyer.de ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: vwr.com ([de] http in Trusted sites)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mydomain.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{27AF38D6-A523-483B-A856-1DF85D6888CA}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (svdhalp.exe) - File not found
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29 - HKLM SecurityProviders - (credssp.dll) -C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) -C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) -C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) -C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) -C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) -C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) -C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) -C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{117afa50-06d5-11e0-9cfd-00059a3c7800}\Shell - "" = AutoRun
O33 - MountPoints2\{117afa50-06d5-11e0-9cfd-00059a3c7800}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{14dbb83f-07a1-11e0-b99e-c1205c4e4be6}\Shell - "" = AutoRun
O33 - MountPoints2\{14dbb83f-07a1-11e0-b99e-c1205c4e4be6}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{14dbb85d-07a1-11e0-b99e-c1205c4e4be6}\Shell - "" = AutoRun
O33 - MountPoints2\{14dbb85d-07a1-11e0-b99e-c1205c4e4be6}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{14dbb9c8-07a1-11e0-b99e-c1205c4e4be6}\Shell - "" = AutoRun
O33 - MountPoints2\{14dbb9c8-07a1-11e0-b99e-c1205c4e4be6}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{85bdfbdc-0508-11e0-b513-001a6b8777bd}\Shell - "" = AutoRun
O33 - MountPoints2\{85bdfbdc-0508-11e0-b513-001a6b8777bd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{85bdfbe0-0508-11e0-b513-001a6b8777bd}\Shell - "" = AutoRun
O33 - MountPoints2\{85bdfbe0-0508-11e0-b513-001a6b8777bd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{aa2b4246-0798-11e0-a5c2-fbcfb439f3cd}\Shell - "" = AutoRun
O33 - MountPoints2\{aa2b4246-0798-11e0-a5c2-fbcfb439f3cd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{aa2b42bb-0798-11e0-a5c2-a5ff187664c5}\Shell - "" = AutoRun
O33 - MountPoints2\{aa2b42bb-0798-11e0-a5c2-a5ff187664c5}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/10/26 12:20:59 | 000,000,000 | ---D | C] -- C:\otl
[2011/10/26 10:43:07 | 000,000,000 | -HSD | C] -- C:\Windows\Sxc
[2011/10/24 09:46:29 | 000,199,168 | ---- | C] (Cronosoft) -- C:\Windows\System32\drivers\svajnager.exe
[2011/10/22 11:34:51 | 000,000,000 | ---D | C] -- C:\Users\UserName\AppData\Local\New folder
[2011/09/29 20:41:39 | 000,000,000 | ---D | C] -- C:\shimoga
[2011/01/22 18:46:48 | 000,099,840 | ---- | C] ( ) -- C:\Windows\System32\Zipdll.dll
[2011/01/22 18:46:48 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\Unzdll.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/10/26 12:24:05 | 000,619,986 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/26 12:24:05 | 000,105,122 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/26 12:18:44 | 000,000,390 | ---- | M] () -- C:\Windows\SMSCFG.ini
[2011/10/26 12:17:47 | 000,000,436 | ---- | M] () -- C:\Windows\tasks\At16.job
[2011/10/26 12:16:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/26 12:15:07 | 704,094,208 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/26 12:13:34 | 000,012,288 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/26 12:13:34 | 000,012,288 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/26 12:10:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-249263827-1212357926-315576832-159881UA.job
[2011/10/24 23:10:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-249263827-1212357926-315576832-159881Core.job
[2011/10/24 22:42:05 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\At5.job
[2011/10/24 22:42:03 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\At15.job
[2011/10/24 22:42:03 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\At10.job
[2011/10/24 22:30:20 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\At7.job
[2011/10/24 22:30:04 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\At2.job
[2011/10/24 22:30:04 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\At12.job
[2011/10/24 22:30:03 | 000,000,000 | -HS- | M] () -- C:\Windows\citect32.exe
[2011/10/24 09:46:30 | 000,199,168 | ---- | M] (Cronosoft) -- C:\Windows\System32\drivers\svajnager.exe
[2011/10/24 09:46:30 | 000,000,017 | ---- | M] () -- C:\Windows\keys.ini
[2011/10/23 12:00:27 | 223,071,453 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/10/21 10:55:42 | 000,000,001 | ---- | M] () -- C:\ProgramData\Sxw2hhnV.exe_.b
[2011/10/21 10:55:42 | 000,000,001 | ---- | M] () -- C:\ProgramData\Sxw2hhnV.exe.b
[2011/10/21 10:11:47 | 000,000,112 | ---- | M] () -- C:\ProgramData\7FI4Parbi.dat
[2011/10/15 12:43:35 | 000,001,996 | -H-- | M] () -- C:\Users\UserName\Documents\Default.rdp
[2011/10/10 09:39:17 | 000,000,000 | ---- | M] () -- C:\t1bo.1
[2011/10/01 15:42:19 | 000,001,053 | ---- | M] () -- C:\Users\UserName\Desktop\RSA SecurID Token.lnk
[2011/10/01 15:41:57 | 000,002,617 | ---- | M] () -- C:\Users\UserName\Desktop\VPN Client.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/10/24 09:46:30 | 000,000,017 | ---- | C] () -- C:\Windows\keys.ini
[2011/10/21 10:55:42 | 000,000,001 | ---- | C] () -- C:\ProgramData\Sxw2hhnV.exe_.b
[2011/10/21 10:55:42 | 000,000,001 | ---- | C] () -- C:\ProgramData\Sxw2hhnV.exe.b
[2011/10/21 10:03:06 | 000,000,112 | ---- | C] () -- C:\ProgramData\7FI4Parbi.dat
[2011/10/10 09:39:17 | 000,000,000 | ---- | C] () -- C:\t1bo.1
[2011/10/01 15:42:19 | 000,001,053 | ---- | C] () -- C:\Users\UserName\Desktop\RSA SecurID Token.lnk
[2011/10/01 15:41:57 | 000,002,617 | ---- | C] () -- C:\Users\UserName\Desktop\VPN Client.lnk
[2011/09/02 13:52:55 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/08/06 19:42:02 | 000,810,496 | ---- | C] () -- C:\Windows\System32\kdmquwer.dll
[2011/07/24 22:30:01 | 000,000,000 | -HS- | C] () -- C:\Windows\citect32.exe
[2011/07/22 22:34:25 | 000,000,000 | -HS- | C] () -- C:\Windows\clntsvc.exe
[2011/07/21 22:42:58 | 000,000,017 | ---- | C] () -- C:\Windows\syskey2i.drv
[2011/07/21 22:38:40 | 000,000,000 | -HS- | C] () -- C:\Windows\bbi8024.exe
[2011/07/21 22:26:02 | 000,000,000 | -HS- | C] () -- C:\Windows\bdl14108.exe
[2011/01/22 18:46:48 | 000,230,912 | ---- | C] () -- C:\Windows\System32\Zipit.dll
[2011/01/22 18:46:47 | 000,314,880 | ---- | C] () -- C:\Windows\System32\Tx32.dll
[2010/11/04 00:14:05 | 000,000,006 | ---- | C] () -- C:\Users\UserName\AppData\Roaming\start
[2010/11/04 00:13:25 | 000,000,006 | ---- | C] () -- C:\Users\UserName\AppData\Roaming\completescan
[2010/11/04 00:07:01 | 000,000,010 | ---- | C] () -- C:\Users\UserName\AppData\Roaming\install
[2010/10/19 00:04:39 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/07/04 12:30:23 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini
[2010/05/11 17:17:43 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/05/10 16:36:47 | 000,000,018 | ---- | C] () -- C:\Windows\Winzip32.ini
[2010/05/10 15:57:44 | 000,000,390 | ---- | C] () -- C:\Windows\SMSCFG.ini
[2010/05/10 15:34:01 | 000,017,730 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/12/15 13:38:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/12/15 13:32:17 | 000,000,051 | ---- | C] () -- C:\Windows\smsts.ini
[2009/12/02 19:39:02 | 020,317,504 | ---- | C] () -- C:\Windows\System32\TrueSuiteCoInst02020000.dll
[2009/11/17 12:08:34 | 000,197,424 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2009/08/04 02:37:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/04 02:37:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/14 10:27:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 10:03:53 | 000,409,784 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 07:35:48 | 000,619,986 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 07:35:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 07:35:48 | 000,105,122 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 07:35:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 07:35:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 07:34:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 05:49:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/14 05:25:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 05:21:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 05:12:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/14 04:41:12 | 000,365,824 | ---- | C] () -- C:\Windows\System32\exfynxdy.dat
[2009/07/14 04:41:12 | 000,154,368 | ---- | C] () -- C:\Windows\System32\kiaotjjr.dat
[2009/07/14 04:41:12 | 000,138,496 | ---- | C] () -- C:\Windows\System32\rlygcujx.dat
[2009/07/14 04:41:12 | 000,111,360 | ---- | C] () -- C:\Windows\System32\ebdobgat.dat
[2009/07/14 04:41:12 | 000,058,112 | ---- | C] () -- C:\Windows\System32\sggskwur.dat
[2009/07/14 04:41:12 | 000,055,040 | ---- | C] () -- C:\Windows\System32\yyeecfjy.dat
[2009/07/14 04:41:12 | 000,040,704 | ---- | C] () -- C:\Windows\System32\npxitxcz.dat
[2009/07/14 04:41:12 | 000,034,048 | ---- | C] () -- C:\Windows\System32\zaicrvbt.dat
[2009/06/11 02:56:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008/12/01 20:46:12 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/10/30 14:45:42 | 000,180,720 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/06/03 14:32:02 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/03/06 12:08:44 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
========== LOP Check ==========
[2011/01/09 23:13:01 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\Catalyst
[2011/04/12 10:36:31 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\Dev-Cpp
[2010/08/12 22:19:01 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\GrabPro
[2010/06/07 22:05:43 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\Helios
[2009/12/15 14:43:00 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\ICAClient
[2010/09/01 20:25:40 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\NCH Swift Sound
[2010/06/04 19:38:23 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\Nokia
[2011/09/17 10:36:13 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\Opera
[2010/08/12 22:22:53 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\Orbit
[2010/06/04 19:37:37 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\PC Suite
[2010/08/12 22:21:07 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\ProgSense
[2010/12/18 13:25:46 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\TheSage
[2010/10/12 22:59:56 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\WmiModules
[2010/12/14 22:40:30 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\ZTEEVDO
[2010/12/14 22:16:19 | 000,000,000 | ---D | M] -- C:\Users\UserName\AppData\Roaming\ZTEMTUI
[2011/10/24 22:42:03 | 000,000,324 | ---- | M] () -- C:\Windows\Tasks\At10.job
[2011/10/24 22:30:04 | 000,000,324 | ---- | M] () -- C:\Windows\Tasks\At12.job
[2011/10/24 22:42:03 | 000,000,324 | ---- | M] () -- C:\Windows\Tasks\At15.job
[2011/10/26 12:17:47 | 000,000,436 | ---- | M] () -- C:\Windows\Tasks\At16.job
[2011/10/24 22:30:04 | 000,000,324 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2011/10/24 22:42:05 | 000,000,324 | ---- | M] () -- C:\Windows\Tasks\At5.job
[2011/10/24 22:30:20 | 000,000,324 | ---- | M] () -- C:\Windows\Tasks\At7.job
[2011/10/26 10:32:51 | 000,032,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
extras.txt
OTL Extras logfile created on: 10/26/2011 12:27:08 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\otl
Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: mycountry | Language: ENU | Date Format: M/d/yyyy
895.30 Mb Total Physical Memory | 239.88 Mb Available Physical Memory | 26.79% Memory free
1.87 Gb Paging File | 1.19 Gb Available in Paging File | 63.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 5.84 Gb Free Space | 5.23% Space Free | Partition Type: NTFS
Drive E: | 7.53 Gb Total Space | 3.14 Gb Free Space | 41.72% Space Free | Partition Type: FAT32
Computer Name: MySystemName | User Name: UserName | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
"PolicyVersion" = 522
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]
"Enabled" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]
"4445:TCP:*:enabled:EnstartPortException" = 4445:TCP:*:enabled:EnstartPortException
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules]
"3c1e2616-5dc7-4d45-99c4-0f61c8496868" = v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Winnt\enstart.exe|Name=Enstart Inbound Rule Allow App|Desc=Enstart is a program used by mydomain security|
"{9190A726-D6A1-4001-8AE4-18A172516375}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=4445|Name=Enstart Inbound Rule Allow Port|
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"SXC" = C:\Windows\Sxc\svchost.exe:*:Enabled:ArmageddoN
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{14BF164E-80A4-422E-BE43-39FB759666C2}_is1" = Avi to Mpeg 3.2
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}" = Cisco Systems VPN Client 5.0.06.0160
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 24
"{2A6355EB-273D-4368-9DB6-FB99EBA9FABD}" = Cisco AnyConnect VPN Client
"{2EFCC193-D915-4CCB-9201-31773A27BC06}" = Symantec Endpoint Protection
"{32A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java(TM) SE Development Kit 6 Update 23
"{388C130B-0079-46B4-A0D5-DC2DD7A89A7B}" = Citrix XenApp Plugin for Hosted Apps
"{3E8BE5D1-6223-4147-8A9D-1ADEAEA3DA04}" = Symantec Enterprise Vault Outlook Add-In
"{4800D75D-4697-4D6B-9B3B-0BF36245B95C}" = RSA SecurID Token for Windows Desktops
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A39A27F-005B-407E-8CF5-F4D8065658E4}" = SMS Advanced Client
"{669A032D-4E28-3D11-BB26-8AD5D51EFE87}" = Google Talk Plugin
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{6E4D4E0B-02F6-46C1-BAE5-1B6B2E486A7B}" = Microsoft Office Live Meeting 2007
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1033}" = Nero 8
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{95120000-0052-0409-0000-0000000FF1CE}" = Microsoft Office Visio Viewer 2007
"{9FEAC0B9-289F-4BB8-A5FA-7A5D20D794C7}" = Microsoft Conferencing Add-in for Microsoft Office Outlook
"{AC2C1BDB-1E91-4F94-B99C-E716FE2E9C75}_is1" = MinGW-Get version 0.2-alpha-2
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{C50EF365-2898-489A-B6C7-30DAA466E9A2}" = Nokia Connectivity Cable Driver
"{E5BA0430-919F-46DD-B656-0796F8A5ADFF}" = Microsoft Office Communicator 2007
"{E6C44758-FF49-47D1-8182-65E3818ACE23}" = AuthenTec TrueSuite
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{F20D402D-BBE3-C212-9B9E-07ECAFB4D3C0}" = ATI Catalyst Install Manager
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F8DBB765-ADDA-47F9-9ED4-D4FAF98D0257}" = ViewMail for Outlook 5.0(1)
"{FFB768E4-E427-4553-BC36-A11F5E62A94D}" = Adobe Flash Player 10 ActiveX
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows Driver Package - Nokia Modem (10/05/2009 4.2)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 9.20
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"DFX for Windows Media Player" = DFX for Windows Media Player
"FLV Player2.0.25" = FLV Player
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"ICEOWS" = Iceows V4.20b
"Java Code Export (Beta)_is1" = Java Code Export 1.0 (Beta)
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"Nokia PC Suite" = Nokia PC Suite
"PROPLUS" = Microsoft Office Professional Plus 2007
"RealPlayer 12.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TheSage" = TheSage
"VLC media player" = VLC media player 1.0.3
"WinRAR archiver" = WinRAR archiver
"ZTEWireless-101_is1" = MBlaze UI
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 9/19/2011 7:35:17 AM | Computer Name = MySystemName | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.
Error - 9/19/2011 8:35:35 AM | Computer Name = MySystemName | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.
Error - 9/19/2011 11:35:17 AM | Computer Name = MySystemName | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.
Error - 9/19/2011 12:35:36 PM | Computer Name = MySystemName | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.
Error - 9/21/2011 11:23:37 AM | Computer Name = MySystemName | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .
Error - 9/21/2011 11:27:28 AM | Computer Name = MySystemName | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
time stamp: 0x4d76255d Faulting module name: kdmquwer.dll, version: 0.0.0.0, time
stamp: 0x2a425e19 Exception code: 0xc0000005 Fault offset: 0x0003603c Faulting process
id: 0x1228 Faulting application start time: 0x01cc7872c9a5a24f Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: c:\windows\system32\kdmquwer.dll
Report
Id: 3650c825-e466-11e0-979a-001a6b8777bd
Error - 9/21/2011 11:30:00 AM | Computer Name = MySystemName | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
time stamp: 0x4d76255d Faulting module name: kdmquwer.dll, version: 0.0.0.0, time
stamp: 0x2a425e19 Exception code: 0xc0000005 Fault offset: 0x0003603e Faulting process
id: 0xc48 Faulting application start time: 0x01cc7872d1bfe02b Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: c:\windows\system32\kdmquwer.dll
Report
Id: 913d9673-e466-11e0-979a-001a6b8777bd
Error - 9/21/2011 11:34:42 AM | Computer Name = MySystemName | Source = Software Protection Platform Service | ID = 16385
Description = Failed to schedule Software Protection service for re-start at 2011-09-28T15:24:41Z.
Error Code: 0x80041321.
Error - 9/21/2011 11:39:50 AM | Computer Name = MySystemName | Source = Software Protection Platform Service | ID = 16385
Description = Failed to schedule Software Protection service for re-start at 2011-09-28T15:34:50Z.
Error Code: 0x80041321.
Error - 9/21/2011 12:01:53 PM | Computer Name = MySystemName | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .
[ Cisco AnyConnect VPN Client Events ]
Error - 1/12/2011 9:42:55 AM | Computer Name = MySystemName | Source = vpnagent | ID = 67108866
Description = Function: CVpnMgr::doCrashRecovery File: .\VpnMgr.cpp Line: 633 Invoked
Function: CRouteMgr Return Code: -33161206 (0xFE06000A) Description: ROUTEMGR_ERROR_RTM_REGISTRATION_FAILED
Error - 1/12/2011 9:42:55 AM | Computer Name = MySystemName | Source = vpnagent | ID = 67108866
Description = Function: CVpnMgr::CVpnMgr File: .\VpnMgr.cpp Line: 300 Invoked Function:
CVpnMgr::doCrashRecovery Return Code: -33161206 (0xFE06000A) Description: ROUTEMGR_ERROR_RTM_REGISTRATION_FAILED
Error - 2/25/2011 11:34:55 PM | Computer Name = MySystemName | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::startChangeNotification File: .\RouteMgr.cpp Line:
1198 Invoked Function: NotifyRouteChange2 Return Code: 1753 (0x000006D9) Description:
There are no more endpoints available from the endpoint mapper.
Error - 2/25/2011 11:34:55 PM | Computer Name = MySystemName | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::CRouteMgr File: .\RouteMgr.cpp Line: 302 Invoked
Function: CRouteMgr::startChangeNotification Return Code: -33161206 (0xFE06000A)
Description:
ROUTEMGR_ERROR_RTM_REGISTRATION_FAILED
Error - 2/25/2011 11:34:55 PM | Computer Name = MySystemName | Source = vpnagent | ID = 67108866
Description = Function: CVpnMgr::doCrashRecovery File: .\VpnMgr.cpp Line: 633 Invoked
Function: CRouteMgr Return Code: -33161206 (0xFE06000A) Description: ROUTEMGR_ERROR_RTM_REGISTRATION_FAILED
Error - 2/25/2011 11:34:55 PM | Computer Name = MySystemName | Source = vpnagent | ID = 67108866
Description = Function: CVpnMgr::CVpnMgr File: .\VpnMgr.cpp Line: 300 Invoked Function:
CVpnMgr::doCrashRecovery Return Code: -33161206 (0xFE06000A) Description: ROUTEMGR_ERROR_RTM_REGISTRATION_FAILED
Error - 6/18/2011 10:21:57 AM | Computer Name = MySystemName | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::startChangeNotification File: .\RouteMgr.cpp Line:
1198 Invoked Function: NotifyRouteChange2 Return Code: 1753 (0x000006D9) Description:
There are no more endpoints available from the endpoint mapper.
Error - 6/18/2011 10:21:57 AM | Computer Name = MySystemName | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::CRouteMgr File: .\RouteMgr.cpp Line: 302 Invoked
Function: CRouteMgr::startChangeNotification Return Code: -33161206 (0xFE06000A)
Description:
ROUTEMGR_ERROR_RTM_REGISTRATION_FAILED
Error - 6/18/2011 10:21:57 AM | Computer Name = MySystemName | Source = vpnagent | ID = 67108866
Description = Function: CVpnMgr::doCrashRecovery File: .\VpnMgr.cpp Line: 633 Invoked
Function: CRouteMgr Return Code: -33161206 (0xFE06000A) Description: ROUTEMGR_ERROR_RTM_REGISTRATION_FAILED
Error - 6/18/2011 10:21:57 AM | Computer Name = MySystemName | Source = vpnagent | ID = 67108866
Description = Function: CVpnMgr::CVpnMgr File: .\VpnMgr.cpp Line: 300 Invoked Function:
CVpnMgr::doCrashRecovery Return Code: -33161206 (0xFE06000A) Description: ROUTEMGR_ERROR_RTM_REGISTRATION_FAILED
[ System Events ]
Error - 10/26/2011 2:47:50 AM | Computer Name = MySystemName | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
in domain mydomain due to the following: %%1311 This may lead to authentication problems.
Make sure that this computer is connected to the network. If the problem persists,
please
contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller
for the specified domain, it sets up the secure session to the primary domain controller
emulator in the specified domain. Otherwise, this computer sets up the secure session
to any domain controller in the specified domain.
Error - 10/26/2011 2:47:50 AM | Computer Name = MySystemName | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.
Error - 10/26/2011 2:48:14 AM | Computer Name = MySystemName | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (60000 milliseconds) while waiting for the sv_ajnag
service to connect.
Error - 10/26/2011 2:48:14 AM | Computer Name = MySystemName | Source = Service Control Manager | ID = 7000
Description = The sv_ajnag service failed to start due to the following error: %%1053
Error - 10/26/2011 2:52:18 AM | Computer Name = MySystemName | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.
Error - 10/26/2011 2:52:29 AM | Computer Name = MySystemName | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.
Error - 10/26/2011 2:52:29 AM | Computer Name = MySystemName | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.
Error - 10/26/2011 2:52:30 AM | Computer Name = MySystemName | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.
Error - 10/26/2011 2:52:35 AM | Computer Name = MySystemName | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.
Error - 10/26/2011 2:58:56 AM | Computer Name = MySystemName | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
to a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for several
hours, then contact your administrator.
< End of report >
Hi new99661,
You have an updated version of Java (Version 6u24), please uninstall it by following this tutorial:
Uninstall or change a program
Then replace it with the latest version, found here:
Verify Java Version
I have asked for help regarding your OTL log because there are a few things that I am unsure about :) Please be patient and consider the difference in time zones.
Tom
Hi, new99661.
Tom asked me to look at your log. One or more of the identified infections is a backdoor trojan. This allows hackers to remotely control your computer, steal critical system information and Download and Execute files
I would counsel you to disconnect this PC from the Internet immediately and do a clean install. (Tutorial at Clean Install Windows 7 - Windows 7 Forums)
For more information, you may wish to read one of these excellent articles:
Quote