Jump to content

eileenkho

Members
  • Posts

    1
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I encountered the same problem like what was encountered by Hobbes419, posted in this forum at http://forums.malwar...=0 I have used OTL to generate the report. From the following log, how do i know whether my computer is clean? OTL logfile created on: 2/13/2012 3:39:03 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Downloads 64bit- Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.92 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 13.23% Memory free 25.27 Gb Paging File | 1.91 Gb Available in Paging File | 7.57% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 232.49 Gb Total Space | 28.55 Gb Free Space | 12.28% Space Free | Partition Type: NTFS Drive D: | 4.08 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS Drive G: | 931.48 Gb Total Space | 269.91 Gb Free Space | 28.98% Space Free | Partition Type: NTFS Computer Name: W7-EILEENKHO | User Name: eileen.kho | NOT logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/02/13 15:28:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Downloads\OTL.exe PRC - [2012/01/05 16:13:48 | 000,059,904 | ---- | M] (Nenad Hrg (SoftwareOK.com)) -- C:\Downloads\DontSleep\DontSleep.exe PRC - [2011/11/16 02:55:34 | 012,065,056 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Lync\communicator.exe PRC - [2011/08/23 21:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2011/08/17 23:52:05 | 008,090,496 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe PRC - [2011/08/17 23:52:05 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2011/08/15 13:23:16 | 003,022,624 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Downloads\ProcessMonitor\Procmon.exe PRC - [2010/10/22 02:24:52 | 000,596,744 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Lync\UcMapi.exe PRC - [2010/07/20 15:21:34 | 000,129,400 | ---- | M] () -- C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe PRC - [2010/04/28 23:28:18 | 003,727,411 | ---- | M] (FreeDownloadManager.ORG) -- C:\Program Files (x86)\Free Download Manager\fdm.exe PRC - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\CCM\CcmExec.exe PRC - [2009/07/14 09:14:47 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe PRC - [2008/11/13 05:25:48 | 001,273,856 | ---- | M] () -- C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe PRC - [2008/10/07 19:38:58 | 003,348,008 | ---- | M] (Kontiki Inc.) -- C:\Program Files (x86)\Kontiki\KService.exe ========== Modules (No Company Name) ========== MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2010/12/21 01:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll MOD - [2010/07/20 15:21:34 | 000,129,400 | ---- | M] () -- C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe MOD - [2008/12/30 02:03:26 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Free Download Manager\iefdm2.dll MOD - [2007/12/06 05:50:44 | 000,401,408 | ---- | M] () -- C:\Program Files (x86)\Free Download Manager\FUM\fumcore.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010/11/11 14:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv) SRV:64bit: - [2010/11/11 14:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2010/08/25 09:07:24 | 000,517,488 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc) SRV:64bit: - [2010/07/22 18:19:24 | 000,263,168 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV) SRV:64bit: - [2010/03/30 05:00:58 | 002,363,240 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService) SRV:64bit: - [2010/03/24 16:07:58 | 001,039,776 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service) SRV:64bit: - [2010/03/24 16:07:58 | 000,031,136 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage) SRV:64bit: - [2010/02/04 09:53:54 | 001,558,016 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService) SRV:64bit: - [2009/07/14 09:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/14 09:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2009/07/14 09:39:56 | 000,010,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\WMSvc.exe -- (WMSVC) SRV:64bit: - [2009/07/14 09:39:13 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\inetinfo.exe -- (IISADMIN) SRV:64bit: - [2009/03/03 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters) SRV - [2011/08/17 23:52:05 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2010/07/29 23:40:30 | 000,018,432 | ---- | M] (Avanade) [Auto | Running] -- C:\Program Files (x86)\Avanade\Mobile Media Reminder\MobileMediaReminderService.exe -- (MobileMediaReminderService) SRV - [2010/04/01 08:45:32 | 000,013,600 | ---- | M] (Avanade) [Auto | Stopped] -- C:\Program Files (x86)\Avanade Inc\Avanade Inventory Tool 2.0\InventoryService.exe -- (Avanade Inventory Service) SRV - [2010/03/19 05:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\CCM\CcmExec.exe -- (CcmExec) SRV - [2009/09/18 04:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysWOW64\CCM\TSManager.exe -- (smstsmgr) SRV - [2009/07/14 09:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS) SRV - [2009/07/14 09:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC) SRV - [2009/07/14 09:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008/11/13 05:25:48 | 001,273,856 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe) SRV - [2008/10/07 19:38:58 | 003,348,008 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files (x86)\Kontiki\KService.exe -- (KService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/02/04 16:00:20 | 000,294,248 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\VMM.sys -- (vmm) DRV:64bit: - [2011/08/02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011/08/02 17:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl) DRV:64bit: - [2011/02/17 17:21:12 | 000,156,080 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2010/10/24 21:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2010/07/22 18:19:24 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2010/07/20 14:49:32 | 000,123,648 | ---- | M] (D-Link Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HSPADataCardusbser.sys -- (HSPADataCardusbser) DRV:64bit: - [2010/07/20 14:49:28 | 000,123,648 | ---- | M] (D-Link Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HSPADataCardusbnmea.sys -- (HSPADataCardusbnmea) DRV:64bit: - [2010/07/20 14:49:16 | 000,123,648 | ---- | M] (D-Link Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HSPADataCardusbmdm.sys -- (HSPADataCardusbmdm) DRV:64bit: - [2010/07/14 20:42:58 | 007,821,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel® DRV:64bit: - [2010/07/10 22:02:58 | 000,011,776 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter) DRV:64bit: - [2010/06/22 14:07:24 | 000,304,760 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2010/04/14 01:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt) DRV:64bit: - [2010/04/06 16:37:42 | 000,301,232 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) Intel® DRV:64bit: - [2010/04/03 10:30:40 | 000,313,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0150.sys -- (RsFx0150) DRV:64bit: - [2010/04/01 13:47:10 | 010,322,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010/03/20 08:39:58 | 000,081,920 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie) DRV:64bit: - [2010/02/27 14:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010/02/04 04:38:32 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel® DRV:64bit: - [2009/11/04 09:40:44 | 000,038,440 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv) DRV:64bit: - [2009/10/10 10:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2009/07/23 06:20:23 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2009/07/23 06:20:23 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2009/07/14 09:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009/07/14 09:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 09:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/14 08:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009/07/14 07:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009/07/07 00:19:59 | 000,041,232 | ---- | M] (F5 Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\covpnv64.sys -- (urvpndrv) DRV:64bit: - [2009/07/07 00:19:56 | 000,018,448 | ---- | M] (F5 Networks) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urfltv64.sys -- (f5ipfw) DRV:64bit: - [2009/06/11 04:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel® DRV:64bit: - [2009/06/11 04:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) Intel® DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/06/10 10:09:52 | 000,116,864 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2009/06/10 10:09:52 | 000,116,224 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbfake.sys -- (hwusbfake) DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009/03/02 19:41:47 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2009/02/18 01:11:25 | 000,031,400 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2008/09/19 08:03:00 | 000,315,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\OA001Vid.sys -- (OA001Vid) DRV:64bit: - [2008/06/05 06:14:00 | 000,032,240 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PBADRV.SYS -- (PBADRV) DRV:64bit: - [2008/06/04 00:30:38 | 000,168,864 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\OA001Ufd.sys -- (OA001Ufd) DRV:64bit: - [2008/02/05 01:50:42 | 000,079,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMNetSrv.sys -- (VPCNetS2) DRV - [2009/09/18 04:00:00 | 000,026,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\CCM\PrepDrv.sys -- (prepdrvr) DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/ IE - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ IE - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BA 36 E5 97 80 35 CA 01 [binary data] IE - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-4061639142-1263874316-3586741189-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchtronic.net/?i=61 IE - HKU\S-1-5-21-4061639142-1263874316-3586741189-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ IE - HKU\S-1-5-21-4061639142-1263874316-3586741189-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKU\S-1-5-21-4061639142-1263874316-3586741189-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BA 36 E5 97 80 35 CA 01 [binary data] IE - HKU\S-1-5-21-4061639142-1263874316-3586741189-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Butterscotch Web Search" FF - prefs.js..browser.search.selectedEngine: "Butterscotch Web Search" FF - prefs.js..browser.startup.homepage: "http://www.searchtronic.net/?i=61" FF - prefs.js..keyword.URL: "http://searchtronic....=61&tp=ab=" FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll () FF - HKLM\Software\MozillaPlugins\@skyhookwireless.com/LokiPlugin: C:\Program Files (x86)\Skyhook Wireless\Loki Browser Plugin\versions\3.4.2.20\nploki.dll (Skyhook Wireless) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webcomponent@globalenglish.com: C:\Program Files (x86)\GlobalEnglish\Firefox\Version3\webcomponent@globalenglish.com [2011/04/17 19:10:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/03/23 19:40:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/28 22:44:55 | 000,000,000 | ---D | M] [2011/03/23 19:08:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eileen.kho\AppData\Roaming\mozilla\Extensions [2011/03/23 19:08:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions File not found (No name found) -- C:\PROGRAM FILES (X86)\BUTTERSCOTCHTOOLBAR\FIREFOX\BUTTERSCOTCH@IGEARED [2011/04/17 19:10:35 | 000,000,000 | ---D | M] (GlobalEnglish Learning Technology (f3.5)) -- C:\PROGRAM FILES (X86)\GLOBALENGLISH\FIREFOX\VERSION3\WEBCOMPONENT@GLOBALENGLISH.COM [2011/03/19 01:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011/11/16 02:52:22 | 000,032,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2010/01/01 16:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011/11/23 23:19:16 | 000,001,463 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\butterscotch_igeared.xml O1 HOSTS File: ([2012/02/11 11:03:57 | 000,002,149 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 10.229.41.249 devesb1 O1 - Hosts: 10.229.41.246 devdbs8 O1 - Hosts: 10.229.41.248 devcrm1v O1 - Hosts: 10.229.41.172 qascrm3v O1 - Hosts: 10.229.42.74 qasdbs8 O1 - Hosts: 10.229.61.192 REMQAS2DBS O1 - Hosts: 10.229.41.250 qasesb1 O1 - Hosts: 10.229.61.25 remqas2web O1 - Hosts: 10.229.61.25 remqas2web.jtc.gov.sg O1 - Hosts: 10.229.41.198 remqasweb1 O1 - Hosts: 10.229.41.198 remqasweb O1 - Hosts: 10.229.41.198 remqasweb.jtc.gov.sg O1 - Hosts: 10.229.61.24 remqas2csp O1 - Hosts: 10.229.61.24 remqas2csp.jtc.gov.sg O1 - Hosts: 10.229.41.195 qasweb5 O1 - Hosts: 10.229.41.97 jtctfs1 O1 - Hosts: 127.0.0.1 SiteCoreTraining O1 - Hosts: 203.194.87.42 connect.avanade.com #ADDED BY F5 NETWORKS SSL TUNNEL - ORIGINAL RECORD# O1 - Hosts: 127.0.0.1 SiteCoreTraining2 O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 10.178.148.51 EIMPUATWEB01 O1 - Hosts: 10.178.148.52 EIMPUATAPP01 O1 - Hosts: 10.178.148.53 EIMPUATDBS01 O1 - Hosts: 10.178.148.14 EMAESXSVRDR04.ema.gov.sg O1 - Hosts: 10.178.148.13 EMAESXSVRDR03.ema.gov.sg O1 - Hosts: 11 more lines... O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation) O2 - BHO: (LocationFinder Class) - {BC0E8AD7-13AA-4694-8EDD-0246BC47A35F} - C:\Program Files (x86)\Skyhook Wireless\Loki ActiveX Component\versions\3.4.2.20\loki.dll (Skyhook Wireless) O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll () O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (no name) - {AF3D7884-B142-414E-943D-75D8D54E1FFF} - No CLSID value found. O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\..\Toolbar\WebBrowser: (no name) - {AF3D7884-B142-414E-943D-75D8D54E1FFF} - No CLSID value found. O3 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-4061639142-1263874316-3586741189-1003\..\Toolbar\WebBrowser: (no name) - {AF3D7884-B142-414E-943D-75D8D54E1FFF} - No CLSID value found. O3 - HKU\S-1-5-21-4061639142-1263874316-3586741189-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4:64bit: - HKLM..\Run: [uSCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Avanade Mobile Media Reminder] C:\Program Files (x86)\Avanade\Mobile Media Reminder\AvanadeMobileMediaReminderClient.exe (Avanade) O4 - HKLM..\Run: [Communicator] C:\Program Files (x86)\Microsoft Lync\communicator.exe (Microsoft Corporation) O4 - HKLM..\Run: [kdx] C:\Program Files (x86)\Kontiki\KHost.exe (Kontiki Inc.) O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716..\Run: [DontSleep] C:\Downloads\DontSleep\DontSleep.exe (Nenad Hrg (SoftwareOK.com)) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-4061639142-1263874316-3586741189-1003..\RunOnce: [FlashPlayerUpdate] C:\windows\SysWow64\Macromed\Flash\FlashUtil10b.exe File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Avanade Enterprise Search O7 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = https://go.avanade.c...Sol,Pws,Lms,Ava O7 - HKU\S-1-5-21-4061639142-1263874316-3586741189-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4061639142-1263874316-3586741189-1003\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-21-4061639142-1263874316-3586741189-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-4061639142-1263874316-3586741189-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Avanade Enterprise Search O7 - HKU\S-1-5-21-4061639142-1263874316-3586741189-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = https://go.avanade.c...Sol,Pws,Lms,Ava O8:64bit: - Extra context menu item: &Download using SharpBITS - C:\Users\eileen.kho\Downloads\SharpBITS\SharpBITS\iecontext.htm File not found O8:64bit: - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm () O8:64bit: - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm () O8:64bit: - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O8:64bit: - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm () O8 - Extra context menu item: &Download using SharpBITS - C:\Users\eileen.kho\Downloads\SharpBITS\SharpBITS\iecontext.htm File not found O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm () O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm () O9 - Extra Button: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15:64bit: - ..Trusted Domains: avanade.com ([]https in Trusted sites) O15:64bit: - ..Trusted Domains: avanade.com ([*.dcs] http in Local intranet) O15:64bit: - ..Trusted Domains: avanade.com ([*.dcs] https in Local intranet) O15:64bit: - ..Trusted Domains: avanade.com ([*.solutions] http in Local intranet) O15:64bit: - ..Trusted Domains: avanade.com ([*.solutions] https in Local intranet) O15:64bit: - ..Trusted Domains: avanade.com ([at] http in Local intranet) O15:64bit: - ..Trusted Domains: avanade.com ([at] https in Local intranet) O15:64bit: - ..Trusted Domains: avanade.com ([bach.emea] https in Trusted sites) O15:64bit: - ..Trusted Domains: avanade.com ([connect] https in Trusted sites) O15:64bit: - ..Trusted Domains: avanade.com ([go] http in Local intranet) O15:64bit: - ..Trusted Domains: avanade.com ([go] https in Local intranet) O15:64bit: - ..Trusted Domains: avanade.com ([olympic.amer] https in Trusted sites) O15:64bit: - ..Trusted Domains: avanade.com ([people] http in Local intranet) O15:64bit: - ..Trusted Domains: avanade.com ([people] https in Local intranet) O15:64bit: - ..Trusted Domains: avanade.com ([quickload] http in Local intranet) O15:64bit: - ..Trusted Domains: avanade.com ([quickload] https in Local intranet) O15:64bit: - ..Trusted Domains: avanade.com ([rm] https in Local intranet) O15:64bit: - ..Trusted Domains: avanade.com ([search] http in Local intranet) O15:64bit: - ..Trusted Domains: avanade.com ([search] https in Local intranet) O15:64bit: - ..Trusted Domains: avanade.com ([solutions] http in Local intranet) O15:64bit: - ..Trusted Domains: avanade.com ([solutions] https in Local intranet) O15:64bit: - ..Trusted Domains: avanade.com ([srs.corp] https in Trusted sites) O15:64bit: - ..Trusted Domains: avanade.com ([typhoon.apac] https in Trusted sites) O15:64bit: - ..Trusted Domains: avanade.com ([workspace] http in Local intranet) O15:64bit: - ..Trusted Domains: avanade.com ([workspace] https in Local intranet) O15:64bit: - ..Trusted Domains: avanade.org ([]* in Local intranet) O15:64bit: - ..Trusted Domains: avanade.org ([]http in Local intranet) O15:64bit: - ..Trusted Domains: avanade.org ([]https in Local intranet) O15:64bit: - ..Trusted Domains: crmweb1 ([]http in Trusted sites) O15:64bit: - ..Trusted Domains: crmweb1v ([]http in Trusted sites) O15:64bit: - ..Trusted Domains: crmweb2 ([]http in Trusted sites) O15:64bit: - ..Trusted Domains: crmweb2v ([]http in Trusted sites) O15:64bit: - ..Trusted Domains: crmweb3 ([]http in Trusted sites) O15:64bit: - ..Trusted Domains: crmweb3v ([]http in Trusted sites) O15:64bit: - ..Trusted Domains: gov.sg ([*.jtc] * in Local intranet) O15:64bit: - ..Trusted Domains: jtc.gov.sg ([platinum] http in Local intranet) O15 - HKU\.DEFAULT\..Trusted Domains: avanade.com ([projects] http in Local intranet) O15 - HKU\.DEFAULT\..Trusted Domains: avanade.com ([projects] https in Local intranet) O15 - HKU\S-1-5-18\..Trusted Domains: avanade.com ([projects] http in Local intranet) O15 - HKU\S-1-5-18\..Trusted Domains: avanade.com ([projects] https in Local intranet) O15 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\..Trusted Domains: avanade.com ([]https in Trusted sites) O15 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\..Trusted Domains: avanade.com ([*.dcs] http in Local intranet) O15 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\..Trusted Domains: avanade.com ([*.dcs] https in Local intranet) O15 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\..Trusted Domains: avanade.com ([*.solutions] http in Local intranet) O15 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\..Trusted Domains: avanade.com ([*.solutions] https in Local intranet) O15 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\..Trusted Domains: avanade.com ([at] http in Local intranet) O15 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\..Trusted Domains: avanade.com ([at] https in Local intranet) O15 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\..Trusted Domains: avanade.com ([bach.emea] https in Trusted sites) O15 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\..Trusted Domains: avanade.com ([connect] https in Trusted sites) O15 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\..Trusted Domains: avanade.com ([go] http in Local intranet) O15 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\..Trusted Domains: avanade.com ([go] https in Local intranet) O15 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\..Trusted Domains: avanade.com ([olympic.amer] https in Trusted sites) O15 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\..Trusted Domains: avanade.com ([people] http in Local intranet) O15 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\..Trusted Domains: avanade.com ([people] https in Local intranet) O15 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\..Trusted Domains: avanade.com ([projects] http in Local intranet) O15 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\..Trusted Domains: avanade.com ([projects] https in Local intranet) O15 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\..Trusted Domains: avanade.com ([quickload] http in Local intranet) O15 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\..Trusted Domains: avanade.com ([quickload] https in Local intranet) O15 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\..Trusted Domains: avanade.com ([rm] https in Local intranet) O15 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\..Trusted Domains: avanade.com ([search] http in Local intranet) O15 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\..Trusted Domains: avanade.com ([search] https in Local intranet) O15 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\..Trusted Domains: avanade.com ([solutions] http in Local intranet) O15 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\..Trusted Domains: avanade.com ([solutions] https in Local intranet) O15 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\..Trusted Domains: avanade.com ([srs.corp] https in Trusted sites) O15 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\..Trusted Domains: avanade.com ([typhoon.apac] https in Trusted sites) O15 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\..Trusted Domains: avanade.com ([workspace] http in Local intranet) O15 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\..Trusted Domains: avanade.com ([workspace] https in Local intranet) O15 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\..Trusted Domains: avanade.org ([]* in Local intranet) O15 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\..Trusted Domains: avanade.org ([]http in Local intranet) O15 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\..Trusted Domains: avanade.org ([]https in Local intranet) O15 - HKU\S-1-5-21-1482476501-2139871995-682003330-164716\..Trusted Domains: sitecoretraining ([]http in Trusted sites) O15 - HKU\S-1-5-21-4061639142-1263874316-3586741189-1003\..Trusted Domains: avanade.com ([connect.apac] https in Trusted sites) O15 - HKU\S-1-5-21-4061639142-1263874316-3586741189-1003\..Trusted Domains: avanade.com ([go] http in Local intranet) O15 - HKU\S-1-5-21-4061639142-1263874316-3586741189-1003\..Trusted Domains: avanade.com ([go] https in Local intranet) O15 - HKU\S-1-5-21-4061639142-1263874316-3586741189-1003\..Trusted Domains: avanade.com ([quickload] http in Local intranet) O15 - HKU\S-1-5-21-4061639142-1263874316-3586741189-1003\..Trusted Domains: avanade.com ([quickload] https in Local intranet) O16 - DPF: {00627E89-A19D-4A2B-938B-059CB7B1B493} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5certchk.cab (F5 Networks Certificate Checker) O16 - DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} C:\Users\admin\AppData\Local\Temp\f5tmp\f5opswati.cab (OPSWAT AntiViruses Class) O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} file://C:/Program Files (x86)/F5 VPN/F5_TMP/cachecleaner.cab (F5 Networks CacheCleaner) O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} file://C:/Program Files (x86)/F5 VPN/F5_TMP/urxvpn.cab (F5 Networks VPN Manager) O16 - DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} C:\Users\admin\AppData\Local\Temp\f5tmp\f5opswati.cab (OPSWAT FireWalls Class) O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} https://connect.apac...0,2009,626,1841 (F5 Networks Dynamic Application Tunnel Control) O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} file://C:/Program Files (x86)/F5 VPN/F5_TMP/InstallerControl.cab (F5 Networks Auto Update) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.6.0.cab (DLM Control) O16 - DPF: {49EC7987-E331-44E3-B170-748B58A268B9} C:\Users\admin\AppData\Local\Temp\f5tmp\f5opswati.cab (OPSWAT ProcessesScanner Class) O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5InspectionHost.cab (F5 Networks Policy Agent Host Class) O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} file://C:/Program Files (x86)/F5 VPN/F5_TMP/urTermProxy.cab (F5 Networks Static Application Tunnel Control) O16 - DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} file://C:/Program Files (x86)/F5 VPN/F5_TMP/vdeskctrl.cab (F5 Virtual Sandbox Class) O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds...ransferCtrl.cab (DLC Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} file://C:/Program Files (x86)/F5 VPN/F5_TMP/urxshost.cab (F5 Networks SuperHost Class) O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} https://connect.apac...0,2009,622,1843 (F5 Networks Host Control) O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5syschk.cab (F5 Networks OS Policy Agent) O16 - DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} C:\Users\admin\AppData\Local\Temp\f5tmp\f5opswati.cab (F5 Networks OPSWAT Helper Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.178.133.12 10.178.133.11 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.avanade.org O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2CCEDD0-6671-4DFE-B62D-1A36A2F29B3D}: DhcpNameServer = 203.116.254.150 203.116.1.94 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7C25879-DCBF-436E-84F5-92655209A865}: DhcpNameServer = 10.178.133.12 10.178.133.11 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27:64bit: - HKLM IFEO\~1.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\~2.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\AdwarePrj.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\agent.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\AlphaAV: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\AlphaAV.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\AntispywarXP2009.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\Anti-Virus Professional.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\AntiVirus_Pro.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\AntivirusPlus: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\AntivirusPlus.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\AntivirusPro_2010.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\AntivirusXP: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\AntivirusXP.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\antivirusxppro2009.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\av360.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\AVCare.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\brastk.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\Cl.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\csc.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\dop.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\frmwrk32.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\gav.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\gbn976rl.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\homeav2010.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\init32.exe : Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\MalwareRemoval.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\ozn695m5.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\pav.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\pc.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\PC_Antispyware2010.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\pctsAuxs.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\pctsGui.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\pctsSvc.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\pctsTray.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\pdfndr.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\PerAvir.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\personalguard: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\personalguard.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\protector.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\qh.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\Quick Heal.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\QuickHealCleaner.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\rwg: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\rwg.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\SafetyKeeper.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\Save.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\SaveArmor.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\SaveDefense.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\SaveKeep.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\Secure Veteran.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\secureveteran.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\Security Center.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\SecurityFighter.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\securitysoldier.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\smart.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\smartprotector.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\smrtdefp.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\SoftSafeness.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\spywarexpguard.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\tapinstall.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\TrustWarrior.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\tsc.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\W3asbas.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\winav.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\windll32.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\windows Police Pro.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\xp_antispyware.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\xpdeluxe.exe: Debugger - C:\windows\SysNative\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\~1.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\~2.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\AdwarePrj.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\agent.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\AlphaAV: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\AlphaAV.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\AntispywarXP2009.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\Anti-Virus Professional.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\AntiVirus_Pro.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\AntivirusPlus: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\AntivirusPlus.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\AntivirusPro_2010.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\AntivirusXP: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\AntivirusXP.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\antivirusxppro2009.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\av360.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\AVCare.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\brastk.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\Cl.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\csc.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\dop.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\frmwrk32.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\gav.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\gbn976rl.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\homeav2010.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\init32.exe : Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\MalwareRemoval.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ozn695m5.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\pav.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\pc.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\PC_Antispyware2010.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\pctsAuxs.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\pctsGui.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\pctsSvc.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\pctsTray.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\pdfndr.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\PerAvir.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\personalguard: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\personalguard.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\protector.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\qh.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\Quick Heal.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\QuickHealCleaner.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\rwg: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\rwg.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\SafetyKeeper.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\Save.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\SaveArmor.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\SaveDefense.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\SaveKeep.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\Secure Veteran.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\secureveteran.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\Security Center.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\SecurityFighter.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\securitysoldier.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\smart.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\smartprotector.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\smrtdefp.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\SoftSafeness.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\spywarexpguard.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\tapinstall.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\TrustWarrior.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\tsc.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\W3asbas.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\winav.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\windll32.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\windows Police Pro.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\xp_antispyware.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\xpdeluxe.exe: Debugger - C:\windows\SysWow64\svchost.exe (Microsoft Corporation) O30:64bit: - LSA: Authentication Packages - (wvauth) - C:\windows\SysNative\wvauth.dll (Wave Systems Corp.) O30 - LSA: Authentication Packages - (wvauth) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/03/31 17:21:46 | 000,000,045 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2011/08/12 00:03:53 | 000,000,000 | ---D | M] - G:\AutoCAD 2004 -- [ NTFS ] O33 - MountPoints2\{76764489-39f8-11e1-94f7-ac2c2fdd697e}\Shell - "" = AutoRun O33 - MountPoints2\{76764489-39f8-11e1-94f7-ac2c2fdd697e}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\{916bd787-f03a-11e0-a48d-1c659d037e57}\Shell - "" = AutoRun O33 - MountPoints2\{916bd787-f03a-11e0-a48d-1c659d037e57}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{a4aa4951-2223-11e1-a7a1-b48e98b4e4d3}\Shell - "" = AutoRun O33 - MountPoints2\{a4aa4951-2223-11e1-a7a1-b48e98b4e4d3}\Shell\AutoRun\command - "" = E:\Windows\AutoRun.exe O33 - MountPoints2\{a5fb7ae8-0fee-11e1-a181-1c659d037e57}\Shell - "" = AutoRun O33 - MountPoints2\{a5fb7ae8-0fee-11e1-a181-1c659d037e57}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{d1967553-4fcc-11e0-b4ab-463500000031}\Shell - "" = AutoRun O33 - MountPoints2\{d1967553-4fcc-11e0-b4ab-463500000031}\Shell\AutoRun\command - "" = F:\SERVER2GO.EXE O33 - MountPoints2\{f04ffe32-4d77-11e0-aba4-1c659d037e57}\Shell - "" = AutoRun O33 - MountPoints2\{f04ffe32-4d77-11e0-aba4-1c659d037e57}\Shell\AutoRun\command - "" = D:\setup.exe -- [2010/04/04 02:56:06 | 000,132,448 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Windows\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/02/13 12:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012/02/13 12:16:16 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012/02/11 11:03:58 | 000,000,000 | ---D | C] -- C:\Users\eileen.kho\AppData\Roaming\Smart Anti-Malware Protection [2012/02/11 11:03:56 | 000,000,000 | -HSD | C] -- C:\ProgramData\SAUPMP [2012/02/11 11:03:09 | 000,000,000 | ---D | C] -- C:\ProgramData\d89ac1 [2012/02/10 11:53:35 | 000,000,000 | ---D | C] -- C:\Users\eileen.kho\Desktop\Sample Data File [2012/02/07 18:22:57 | 000,000,000 | ---D | C] -- C:\Users\eileen.kho\Documents\OneNote Notebooks [2012/02/03 14:01:17 | 000,000,000 | --SD | C] -- C:\Users\eileen.kho\Documents\My Shapes [2012/02/03 10:08:12 | 000,000,000 | ---D | C] -- C:\Users\eileen.kho\Documents\My Virtual Machines [2012/02/03 10:06:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Virtual PC [2012/02/02 12:13:01 | 000,000,000 | ---D | C] -- C:\Prod_DB [2012/02/02 11:43:52 | 000,000,000 | ---D | C] -- C:\Users\eileen.kho\AppData\Roaming\VMware [2012/02/02 11:43:52 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware [2012/02/02 11:34:41 | 000,000,000 | ---D | C] -- C:\Users\eileen.kho\AppData\Local\VMware [2012/02/02 11:22:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware [2012/02/02 11:20:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VMware [2012/02/01 12:05:11 | 000,000,000 | ---D | C] -- C:\Users\eileen.kho\Documents\GOMVideoConverter [2012/02/01 12:00:44 | 000,000,000 | ---D | C] -- C:\Users\eileen.kho\Desktop\EMA [2012/02/01 10:41:36 | 000,000,000 | ---D | C] -- C:\Users\eileen.kho\AppData\Local\TechSmith [2012/01/30 14:59:51 | 000,000,000 | ---D | C] -- C:\Users\eileen.kho\Desktop\STB Presentation Slides [2012/01/19 15:15:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CoreAAC [2012/01/19 13:52:28 | 000,000,000 | ---D | C] -- C:\Users\eileen.kho\AppData\Roaming\GRETECH [2012/01/19 13:52:28 | 000,000,000 | ---D | C] -- C:\Users\eileen.kho\Documents\GomPlayer [2012/01/19 13:51:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player [2012/01/19 13:51:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GRETECH [2012/01/19 09:49:40 | 000,000,000 | ---D | C] -- C:\Users\eileen.kho\Lync Recordings [2012/01/16 11:22:28 | 000,000,000 | ---D | C] -- C:\Users\eileen.kho\Desktop\Home [2012/01/15 02:36:32 | 000,000,000 | ---D | C] -- C:\Users\eileen.kho\Desktop\html (workspace for create budget paper) [2012/01/15 02:36:15 | 000,000,000 | ---D | C] -- C:\Users\eileen.kho\Desktop\html(homepage) ========== Files - Modified Within 30 Days ========== [2012/02/13 15:31:36 | 000,271,360 | ---- | M] () -- C:\UpToFeb2012.pst [2012/02/13 15:10:03 | 000,000,906 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012/02/13 15:04:00 | 000,000,234 | ---- | M] () -- C:\windows\tasks\Avanade MMR.job [2012/02/13 15:03:56 | 000,000,240 | ---- | M] () -- C:\windows\tasks\Install SCCM Agent.job [2012/02/13 12:39:29 | 000,161,898 | ---- | M] () -- C:\Users\eileen.kho\Desktop\CurrentSettings-2011-12-19.vssettings [2012/02/13 11:36:13 | 001,223,358 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012/02/13 11:36:13 | 000,960,840 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012/02/13 11:36:13 | 000,253,826 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012/02/13 11:34:18 | 000,018,208 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/02/13 11:34:18 | 000,018,208 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/02/13 11:30:20 | 000,000,463 | ---- | M] () -- C:\windows\SMSCFG.ini [2012/02/13 11:24:15 | 000,000,902 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012/02/13 11:24:13 | 010,747,904 | ---- | M] () -- C:\windows\SysNative\Ikeext.etl [2012/02/13 11:23:02 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/02/13 11:22:26 | 2086,019,071 | -HS- | M] () -- C:\hiberfil.sys [2012/02/11 11:03:57 | 000,002,149 | RHS- | M] () -- C:\windows\SysNative\drivers\etc\hosts [2012/02/07 18:23:03 | 000,001,296 | ---- | M] () -- C:\Users\eileen.kho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2012/02/07 10:51:44 | 000,058,124 | ---- | M] () -- C:\Users\eileen.kho\Desktop\15Jan2012.pdf [2012/02/07 10:48:39 | 000,058,432 | ---- | M] () -- C:\Users\eileen.kho\Desktop\31Jan2012 (2).pdf [2012/02/06 17:17:18 | 000,058,051 | ---- | M] () -- C:\Users\eileen.kho\Desktop\31Jan2012.pdf [2012/02/02 11:22:58 | 000,001,024 | ---- | M] () -- C:\.rnd [2012/02/02 11:22:23 | 000,002,440 | ---- | M] () -- C:\Users\Public\Desktop\VMware vSphere Client.lnk [2012/02/02 10:03:22 | 116,606,862 | ---- | M] () -- C:\Users\eileen.kho\Desktop\VMware-viclient.exe [2012/01/31 23:38:21 | 000,000,132 | ---- | M] () -- C:\Users\eileen.kho\AppData\Roaming\Adobe PNG Format CS5 Prefs [2012/01/28 22:45:15 | 004,042,111 | ---- | M] () -- C:\Users\eileen.kho\Desktop\Release 1.zip [2012/01/28 22:44:56 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012/01/19 13:51:50 | 000,001,183 | ---- | M] () -- C:\Users\eileen.kho\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk [2012/01/19 13:51:50 | 000,001,159 | ---- | M] () -- C:\Users\Public\Desktop\GOM Player.lnk [2012/01/16 12:04:42 | 000,023,367 | ---- | M] () -- C:\anisaisya.png [2012/01/16 12:02:53 | 000,025,011 | ---- | M] () -- C:\Arunath.png [2012/01/16 11:57:33 | 000,021,549 | ---- | M] () -- C:\JordanWong.png [2012/01/15 02:51:05 | 000,003,141 | ---- | M] () -- C:\EricJohnson.jpg [2012/01/15 02:49:08 | 000,010,049 | ---- | M] () -- C:\TimHorton.jpg [2012/01/15 02:48:00 | 000,014,804 | ---- | M] () -- C:\TracyHutton.jpg ========== Files Created - No Company Name ========== [2012/02/13 14:30:08 | 000,161,898 | ---- | C] () -- C:\Users\eileen.kho\Desktop\CurrentSettings-2011-12-19.vssettings [2012/02/07 18:23:03 | 000,001,296 | ---- | C] () -- C:\Users\eileen.kho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2012/02/07 10:51:44 | 000,058,124 | ---- | C] () -- C:\Users\eileen.kho\Desktop\15Jan2012.pdf [2012/02/07 09:31:23 | 000,271,360 | ---- | C] () -- C:\UpToFeb2012.pst [2012/02/06 17:17:18 | 000,058,051 | ---- | C] () -- C:\Users\eileen.kho\Desktop\31Jan2012.pdf [2012/02/03 10:06:08 | 000,001,877 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Virtual PC.lnk [2012/02/02 11:22:56 | 000,001,024 | ---- | C] () -- C:\.rnd [2012/02/02 11:22:23 | 000,002,440 | ---- | C] () -- C:\Users\Public\Desktop\VMware vSphere Client.lnk [2012/02/02 11:03:48 | 116,606,862 | ---- | C] () -- C:\Users\eileen.kho\Desktop\VMware-viclient.exe [2012/01/28 22:44:56 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012/01/28 22:44:55 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk [2012/01/28 22:44:50 | 004,042,111 | ---- | C] () -- C:\Users\eileen.kho\Desktop\Release 1.zip [2012/01/19 13:51:50 | 000,001,183 | ---- | C] () -- C:\Users\eileen.kho\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk [2012/01/19 13:51:50 | 000,001,159 | ---- | C] () -- C:\Users\Public\Desktop\GOM Player.lnk [2012/01/16 12:04:42 | 000,023,367 | ---- | C] () -- C:\anisaisya.png [2012/01/16 12:02:53 | 000,025,011 | ---- | C] () -- C:\Arunath.png [2012/01/16 11:57:33 | 000,021,549 | ---- | C] () -- C:\JordanWong.png [2012/01/15 02:49:55 | 000,003,141 | ---- | C] () -- C:\EricJohnson.jpg [2012/01/15 02:48:39 | 000,010,049 | ---- | C] () -- C:\TimHorton.jpg [2012/01/15 02:46:11 | 000,014,804 | ---- | C] () -- C:\TracyHutton.jpg [2011/12/01 23:03:09 | 000,000,132 | ---- | C] () -- C:\Users\eileen.kho\AppData\Roaming\Adobe PNG Format CS5 Prefs [2011/12/01 22:56:17 | 000,000,132 | ---- | C] () -- C:\Users\eileen.kho\AppData\Roaming\Adobe BMP Format CS5 Prefs [2011/11/25 01:05:30 | 000,004,764 | ---- | C] () -- C:\windows\SysWow64\CcmFramework.ini [2011/11/25 01:04:54 | 000,000,463 | ---- | C] () -- C:\windows\SMSCFG.ini [2011/08/03 08:14:42 | 000,000,031 | ---- | C] () -- C:\windows\mvPCinfo.ini [2011/03/12 17:00:59 | 000,080,368 | ---- | C] () -- C:\windows\SysWow64\pbadrvdll.dll [2010/12/16 13:39:12 | 000,075,893 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010/12/16 13:10:39 | 001,222,324 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2010/12/10 13:37:22 | 000,208,896 | ---- | C] () -- C:\windows\SysWow64\iglhsip32.dll [2010/12/10 13:37:21 | 000,870,560 | ---- | C] () -- C:\windows\SysWow64\igkrng575.bin [2010/12/10 13:37:21 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\iglhcp32.dll [2010/12/10 13:37:20 | 000,104,636 | ---- | C] () -- C:\windows\SysWow64\igfcg575m.bin [2010/12/10 13:37:19 | 000,127,868 | ---- | C] () -- C:\windows\SysWow64\igcompkrng575.bin [2009/11/11 03:20:04 | 000,839,680 | ---- | C] () -- C:\windows\SysWow64\DemoLicense.dll [2009/11/11 03:07:44 | 000,917,504 | ---- | C] () -- C:\windows\SysWow64\lmgr10.dll [2009/09/15 04:32:35 | 000,000,028 | ---- | C] () -- C:\windows\ODBC.INI [2009/07/14 13:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat [2009/07/14 10:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT [2009/07/14 10:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat [2009/07/14 08:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin [2009/07/14 07:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll [2009/07/14 05:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll [2009/06/11 05:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat [2009/06/04 09:14:52 | 000,982,220 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin [2009/06/04 09:14:52 | 000,433,024 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin [2009/06/04 09:14:52 | 000,134,592 | ---- | C] () -- C:\windows\SysWow64\igfcg500.bin [2009/06/04 09:14:52 | 000,092,216 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin [2000/07/15 15:00:00 | 000,030,720 | ---- | C] () -- C:\windows\regtlib.exe ========== LOP Check ========== [2010/12/20 14:03:15 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Avanade [2011/03/13 04:52:00 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Broadcom [2011/12/15 07:56:18 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\SecondLife [2011/03/13 04:52:01 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Wave Systems Corp [2011/12/15 07:56:18 | 000,000,000 | ---D | M] -- C:\Users\Avanade\AppData\Roaming\SecondLife [2011/03/12 17:12:03 | 000,000,000 | ---D | M] -- C:\Users\Avanade\AppData\Roaming\Wave Systems Corp [2010/12/20 14:03:15 | 000,000,000 | ---D | M] -- C:\Users\Classic .NET AppPool\AppData\Roaming\Avanade [2011/12/15 07:56:18 | 000,000,000 | ---D | M] -- C:\Users\Classic .NET AppPool\AppData\Roaming\SecondLife [2010/12/20 14:03:15 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Avanade [2010/12/20 14:03:15 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Avanade [2010/12/20 14:03:15 | 000,000,000 | ---D | M] -- C:\Users\eileen.kho\AppData\Roaming\Avanade [2011/03/13 22:00:07 | 000,000,000 | ---D | M] -- C:\Users\eileen.kho\AppData\Roaming\Broadcom [2011/12/01 21:02:08 | 000,000,000 | ---D | M] -- C:\Users\eileen.kho\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012/02/13 15:50:57 | 000,000,000 | ---D | M] -- C:\Users\eileen.kho\AppData\Roaming\Free Download Manager [2011/03/17 14:07:58 | 000,000,000 | ---D | M] -- C:\Users\eileen.kho\AppData\Roaming\InnerWorkings [2012/01/06 11:20:18 | 000,000,000 | ---D | M] -- C:\Users\eileen.kho\AppData\Roaming\Notepad++ [2011/12/14 22:43:36 | 000,000,000 | ---D | M] -- C:\Users\eileen.kho\AppData\Roaming\SecondLife [2011/12/19 12:57:57 | 000,000,000 | ---D | M] -- C:\Users\eileen.kho\AppData\Roaming\Sitecore [2012/02/11 11:04:07 | 000,000,000 | ---D | M] -- C:\Users\eileen.kho\AppData\Roaming\Smart Anti-Malware Protection [2011/12/01 10:50:01 | 000,000,000 | ---D | M] -- C:\Users\eileen.kho\AppData\Roaming\SumatraPDF [2011/03/24 17:15:38 | 000,000,000 | ---D | M] -- C:\Users\eileen.kho\AppData\Roaming\Usenet.nl [2011/03/13 22:00:07 | 000,000,000 | ---D | M] -- C:\Users\eileen.kho\AppData\Roaming\Wave Systems Corp [2010/12/20 14:03:15 | 000,000,000 | ---D | M] -- C:\Users\khosye\AppData\Roaming\Avanade [2011/03/30 15:00:39 | 000,000,000 | ---D | M] -- C:\Users\khosye\AppData\Roaming\Broadcom [2011/04/19 11:58:22 | 000,000,000 | ---D | M] -- C:\Users\khosye\AppData\Roaming\F5 Networks [2011/04/25 07:56:16 | 000,000,000 | ---D | M] -- C:\Users\khosye\AppData\Roaming\InnerWorkings [2011/10/31 13:38:45 | 000,000,000 | ---D | M] -- C:\Users\khosye\AppData\Roaming\SecondLife [2011/11/14 16:43:31 | 000,000,000 | ---D | M] -- C:\Users\khosye\AppData\Roaming\Sitecore [2011/08/24 12:02:51 | 000,000,000 | ---D | M] -- C:\Users\khosye\AppData\Roaming\TeamViewer [2011/03/30 15:00:39 | 000,000,000 | ---D | M] -- C:\Users\khosye\AppData\Roaming\Wave Systems Corp [2010/12/20 14:03:15 | 000,000,000 | ---D | M] -- C:\Users\supernoel\AppData\Roaming\Avanade [2011/12/15 07:56:14 | 000,000,000 | ---D | M] -- C:\Users\supernoel\AppData\Roaming\SecondLife [2012/02/13 15:04:00 | 000,000,234 | ---- | M] () -- C:\windows\Tasks\Avanade MMR.job [2012/02/13 15:03:56 | 000,000,240 | ---- | M] () -- C:\windows\Tasks\Install SCCM Agent.job [2011/11/01 09:36:54 | 000,032,576 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > 'Extras.Txt' is attached as I am not allowed to post this topic if my message is too long. Extras.Txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.